package org.craftercms.studio.impl.v2.service.security;

import freemarker.template.Template;
import freemarker.template.TemplateException;
import java.io.IOException;
import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.concurrent.TimeUnit;
import javax.mail.MessagingException;
import javax.mail.internet.MimeMessage;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.collections4.MapUtils;
import org.apache.commons.lang3.StringUtils;
import org.craftercms.commons.crypto.CryptoException;
import org.craftercms.commons.crypto.impl.PbkAesTextEncryptor;
import org.craftercms.commons.entitlements.exception.EntitlementException;
import org.craftercms.commons.entitlements.model.EntitlementType;
import org.craftercms.commons.entitlements.validator.EntitlementValidator;
import org.craftercms.commons.http.RequestContext;
import org.craftercms.commons.security.exception.PermissionException;
import org.craftercms.commons.security.permissions.DefaultPermission;
import org.craftercms.commons.security.permissions.annotations.HasPermission;
import org.craftercms.studio.api.v1.constant.StudioConstants;
import org.craftercms.studio.api.v1.dal.SiteFeed;
import org.craftercms.studio.api.v1.exception.ServiceLayerException;
import org.craftercms.studio.api.v1.exception.SiteNotFoundException;
import org.craftercms.studio.api.v1.exception.security.AuthenticationException;
import org.craftercms.studio.api.v1.exception.security.GroupNotFoundException;
import org.craftercms.studio.api.v1.exception.security.PasswordDoesNotMatchException;
import org.craftercms.studio.api.v1.exception.security.UserAlreadyExistsException;
import org.craftercms.studio.api.v1.exception.security.UserExternallyManagedException;
import org.craftercms.studio.api.v1.exception.security.UserNotFoundException;
import org.craftercms.studio.api.v1.log.Logger;
import org.craftercms.studio.api.v1.log.LoggerFactory;
import org.craftercms.studio.api.v1.service.GeneralLockService;
import org.craftercms.studio.api.v1.service.security.SecurityService;
import org.craftercms.studio.api.v1.service.site.SiteService;
import org.craftercms.studio.api.v2.dal.AuditLog;
import org.craftercms.studio.api.v2.dal.AuditLogConstants;
import org.craftercms.studio.api.v2.dal.AuditLogParameter;
import org.craftercms.studio.api.v2.dal.Group;
import org.craftercms.studio.api.v2.dal.User;
import org.craftercms.studio.api.v2.service.audit.internal.AuditServiceInternal;
import org.craftercms.studio.api.v2.service.config.ConfigurationService;
import org.craftercms.studio.api.v2.service.security.UserService;
import org.craftercms.studio.api.v2.service.security.internal.GroupServiceInternal;
import org.craftercms.studio.api.v2.service.security.internal.UserServiceInternal;
import org.craftercms.studio.api.v2.service.system.InstanceService;
import org.craftercms.studio.api.v2.utils.StudioConfiguration;
import org.craftercms.studio.model.AuthenticatedUser;
import org.craftercms.studio.model.Site;
import org.springframework.beans.factory.ObjectFactory;
import org.springframework.mail.javamail.JavaMailSender;
import org.springframework.mail.javamail.MimeMessageHelper;
import org.springframework.web.servlet.view.freemarker.FreeMarkerConfig;

/* loaded from: input_file:org/craftercms/studio/impl/v2/service/security/UserServiceImpl.class */
public class UserServiceImpl implements UserService {
    private static final Logger logger = LoggerFactory.getLogger(UserServiceImpl.class);
    private UserServiceInternal userServiceInternal;
    private ConfigurationService configurationService;
    private GroupServiceInternal groupServiceInternal;
    private SiteService siteService;
    private EntitlementValidator entitlementValidator;
    private GeneralLockService generalLockService;
    private SecurityService securityService;
    private StudioConfiguration studioConfiguration;
    private AuditServiceInternal auditServiceInternal;
    private ObjectFactory<FreeMarkerConfig> freeMarkerConfig;
    private JavaMailSender emailService;
    private JavaMailSender emailServiceNoAuth;
    private InstanceService instanceService;

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    @HasPermission(type = DefaultPermission.class, action = "read_users")
    public List<User> getAllUsersForSite(long j, String str, int i, int i2, String str2) throws ServiceLayerException {
        return this.userServiceInternal.getAllUsersForSite(j, this.groupServiceInternal.getSiteGroups(str), i, i2, str2);
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    @HasPermission(type = DefaultPermission.class, action = "read_users")
    public List<User> getAllUsers(int i, int i2, String str) throws ServiceLayerException {
        return this.userServiceInternal.getAllUsers(i, i2, str);
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    @HasPermission(type = DefaultPermission.class, action = "read_users")
    public int getAllUsersForSiteTotal(long j, String str) throws ServiceLayerException {
        return this.userServiceInternal.getAllUsersForSiteTotal(j, str);
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    @HasPermission(type = DefaultPermission.class, action = "read_users")
    public int getAllUsersTotal() throws ServiceLayerException {
        return this.userServiceInternal.getAllUsersTotal();
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    @HasPermission(type = DefaultPermission.class, action = "create_users")
    public User createUser(User user) throws UserAlreadyExistsException, ServiceLayerException, AuthenticationException {
        try {
            this.entitlementValidator.validateEntitlement(EntitlementType.USER, 1);
            User createUser = this.userServiceInternal.createUser(user);
            SiteFeed site = this.siteService.getSite(this.studioConfiguration.getProperty(StudioConfiguration.CONFIGURATION_GLOBAL_SYSTEM_SITE));
            AuditLog createAuditLogEntry = this.auditServiceInternal.createAuditLogEntry();
            createAuditLogEntry.setOperation(AuditLogConstants.OPERATION_CREATE);
            createAuditLogEntry.setSiteId(site.getId());
            createAuditLogEntry.setActorId(getCurrentUser().getUsername());
            createAuditLogEntry.setPrimaryTargetId(user.getUsername());
            createAuditLogEntry.setPrimaryTargetType(AuditLogConstants.TARGET_TYPE_USER);
            createAuditLogEntry.setPrimaryTargetValue(user.getUsername());
            this.auditServiceInternal.insertAuditLog(createAuditLogEntry);
            return createUser;
        } catch (EntitlementException e) {
            throw new ServiceLayerException("Unable to complete request due to entitlement limits. Please contact your system administrator.", e);
        }
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    @HasPermission(type = DefaultPermission.class, action = "update_users")
    public void updateUser(User user) throws ServiceLayerException, UserNotFoundException, AuthenticationException {
        this.userServiceInternal.updateUser(user);
        SiteFeed site = this.siteService.getSite(this.studioConfiguration.getProperty(StudioConfiguration.CONFIGURATION_GLOBAL_SYSTEM_SITE));
        AuditLog createAuditLogEntry = this.auditServiceInternal.createAuditLogEntry();
        createAuditLogEntry.setOperation("UPDATE");
        createAuditLogEntry.setSiteId(site.getId());
        createAuditLogEntry.setActorId(getCurrentUser().getUsername());
        createAuditLogEntry.setPrimaryTargetId(user.getUsername());
        createAuditLogEntry.setPrimaryTargetType(AuditLogConstants.TARGET_TYPE_USER);
        createAuditLogEntry.setPrimaryTargetValue(user.getUsername());
        this.auditServiceInternal.insertAuditLog(createAuditLogEntry);
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    @HasPermission(type = DefaultPermission.class, action = "delete_users")
    public void deleteUsers(List<Long> list, List<String> list2) throws ServiceLayerException, AuthenticationException, UserNotFoundException {
        AuthenticatedUser currentUser = getCurrentUser();
        if (CollectionUtils.containsAny(list, Arrays.asList(Long.valueOf(currentUser.getId()))) || CollectionUtils.containsAny(list2, Arrays.asList(currentUser.getUsername()))) {
            throw new ServiceLayerException("Cannot delete self.");
        }
        this.generalLockService.lock(StudioConstants.REMOVE_SYSTEM_ADMIN_MEMBER_LOCK);
        try {
            try {
                List<User> groupMembers = this.groupServiceInternal.getGroupMembers(this.groupServiceInternal.getGroupByName(StudioConstants.SYSTEM_ADMIN_GROUP).getId(), 0, Integer.MAX_VALUE, "");
                if (CollectionUtils.isNotEmpty(groupMembers)) {
                    ArrayList arrayList = new ArrayList();
                    arrayList.addAll(groupMembers);
                    groupMembers.forEach(user -> {
                        if (CollectionUtils.isNotEmpty(list) && list.contains(Long.valueOf(user.getId()))) {
                            arrayList.remove(user);
                        }
                        if (CollectionUtils.isNotEmpty(list2) && list2.contains(user.getUsername())) {
                            arrayList.remove(user);
                        }
                    });
                    if (CollectionUtils.isEmpty(arrayList)) {
                        throw new ServiceLayerException("Removing all members of the System Admin group is not allowed. We must have at least one system administrator.");
                    }
                }
                List<User> usersByIdOrUsername = this.userServiceInternal.getUsersByIdOrUsername(list, list2);
                this.userServiceInternal.deleteUsers(list, list2);
                SiteFeed site = this.siteService.getSite(this.studioConfiguration.getProperty(StudioConfiguration.CONFIGURATION_GLOBAL_SYSTEM_SITE));
                AuditLog createAuditLogEntry = this.auditServiceInternal.createAuditLogEntry();
                createAuditLogEntry.setOperation("DELETE");
                createAuditLogEntry.setActorId(getCurrentUser().getUsername());
                createAuditLogEntry.setPrimaryTargetId(site.getSiteId());
                createAuditLogEntry.setPrimaryTargetType(AuditLogConstants.TARGET_TYPE_USER);
                createAuditLogEntry.setPrimaryTargetValue(site.getName());
                ArrayList arrayList2 = new ArrayList();
                for (User user2 : usersByIdOrUsername) {
                    AuditLogParameter auditLogParameter = new AuditLogParameter();
                    auditLogParameter.setTargetId(Long.toString(user2.getId()));
                    auditLogParameter.setTargetType(AuditLogConstants.TARGET_TYPE_USER);
                    auditLogParameter.setTargetValue(user2.getUsername());
                    arrayList2.add(auditLogParameter);
                }
                createAuditLogEntry.setParameters(arrayList2);
                this.auditServiceInternal.insertAuditLog(createAuditLogEntry);
                this.generalLockService.unlock(StudioConstants.REMOVE_SYSTEM_ADMIN_MEMBER_LOCK);
            } catch (GroupNotFoundException e) {
                throw new ServiceLayerException("The System Admin group is not found.", e);
            }
        } catch (Throwable th) {
            this.generalLockService.unlock(StudioConstants.REMOVE_SYSTEM_ADMIN_MEMBER_LOCK);
            throw th;
        }
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    @HasPermission(type = DefaultPermission.class, action = "read_users")
    public User getUserByIdOrUsername(long j, String str) throws ServiceLayerException, UserNotFoundException {
        return this.userServiceInternal.getUserByIdOrUsername(j, str);
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    @HasPermission(type = DefaultPermission.class, action = "update_users")
    public List<User> enableUsers(List<Long> list, List<String> list2, boolean z) throws ServiceLayerException, UserNotFoundException, AuthenticationException {
        List<User> enableUsers = this.userServiceInternal.enableUsers(list, list2, z);
        SiteFeed site = this.siteService.getSite(this.studioConfiguration.getProperty(StudioConfiguration.CONFIGURATION_GLOBAL_SYSTEM_SITE));
        AuditLog createAuditLogEntry = this.auditServiceInternal.createAuditLogEntry();
        createAuditLogEntry.setSiteId(site.getId());
        if (z) {
            createAuditLogEntry.setOperation(AuditLogConstants.OPERATION_ENABLE);
        } else {
            createAuditLogEntry.setOperation(AuditLogConstants.OPERATION_DISABLE);
        }
        createAuditLogEntry.setActorId(getCurrentUser().getUsername());
        createAuditLogEntry.setPrimaryTargetId(site.getSiteId());
        createAuditLogEntry.setPrimaryTargetType(AuditLogConstants.TARGET_TYPE_USER);
        createAuditLogEntry.setPrimaryTargetValue(site.getName());
        ArrayList arrayList = new ArrayList();
        for (User user : enableUsers) {
            AuditLogParameter auditLogParameter = new AuditLogParameter();
            auditLogParameter.setTargetId(Long.toString(user.getId()));
            auditLogParameter.setTargetType(AuditLogConstants.TARGET_TYPE_USER);
            auditLogParameter.setTargetValue(user.getUsername());
            arrayList.add(auditLogParameter);
        }
        createAuditLogEntry.setParameters(arrayList);
        this.auditServiceInternal.insertAuditLog(createAuditLogEntry);
        return enableUsers;
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    @HasPermission(type = DefaultPermission.class, action = "read_users")
    public List<Site> getUserSites(long j, String str) throws ServiceLayerException, UserNotFoundException {
        ArrayList arrayList = new ArrayList();
        Set<String> allAvailableSites = this.siteService.getAllAvailableSites();
        List<Group> userGroups = this.userServiceInternal.getUserGroups(j, str);
        boolean anyMatch = userGroups.stream().anyMatch(group -> {
            return group.getGroupName().equals(StudioConstants.SYSTEM_ADMIN_GROUP);
        });
        for (String str2 : allAvailableSites) {
            List<String> siteGroups = this.groupServiceInternal.getSiteGroups(str2);
            if (anyMatch || userGroups.stream().anyMatch(group2 -> {
                return siteGroups.contains(group2.getGroupName());
            })) {
                try {
                    SiteFeed site = this.siteService.getSite(str2);
                    Site site2 = new Site();
                    site2.setSiteId(site.getSiteId());
                    site2.setDesc(site.getDescription());
                    arrayList.add(site2);
                } catch (SiteNotFoundException e) {
                    logger.error("Site not found: {0}", e, str2);
                }
            }
        }
        return arrayList;
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    @HasPermission(type = DefaultPermission.class, action = "read_users")
    public List<String> getUserSiteRoles(long j, String str, String str2) throws ServiceLayerException, UserNotFoundException {
        List<Group> userGroups = this.userServiceInternal.getUserGroups(j, str);
        if (!CollectionUtils.isNotEmpty(userGroups)) {
            return Collections.emptyList();
        }
        Map<String, List<String>> geRoleMappings = this.configurationService.geRoleMappings(str2);
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        if (MapUtils.isNotEmpty(geRoleMappings)) {
            Iterator<Group> it = userGroups.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String groupName = it.next().getGroupName();
                if (groupName.equals(StudioConstants.SYSTEM_ADMIN_GROUP)) {
                    Iterator<List<String>> it2 = geRoleMappings.values().iterator();
                    while (it2.hasNext()) {
                        linkedHashSet.addAll(it2.next());
                    }
                } else {
                    List<String> list = geRoleMappings.get(groupName);
                    if (CollectionUtils.isNotEmpty(list)) {
                        linkedHashSet.addAll(list);
                    }
                }
            }
        }
        return new ArrayList(linkedHashSet);
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    public AuthenticatedUser getCurrentUser() throws AuthenticationException, ServiceLayerException {
        Authentication authentication = this.securityService.getAuthentication();
        if (authentication == null) {
            throw new AuthenticationException("User should be authenticated");
        }
        String username = authentication.getUsername();
        try {
            User userByIdOrUsername = this.userServiceInternal.getUserByIdOrUsername(0L, username);
            if (userByIdOrUsername == null) {
                throw new ServiceLayerException("Current authenticated user '" + username + "' wasn't found in repository");
            }
            AuthenticatedUser authenticatedUser = new AuthenticatedUser(userByIdOrUsername);
            authenticatedUser.setAuthenticationType(authentication.getAuthenticationType());
            return authenticatedUser;
        } catch (UserNotFoundException e) {
            throw new ServiceLayerException("Current authenticated user '" + username + "' wasn't found in repository", e);
        }
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    public List<Site> getCurrentUserSites() throws AuthenticationException, ServiceLayerException {
        Authentication authentication = this.securityService.getAuthentication();
        if (authentication == null) {
            throw new AuthenticationException("User should be authenticated");
        }
        try {
            return getUserSites(-1L, authentication.getUsername());
        } catch (UserNotFoundException e) {
            throw new IllegalStateException(e);
        }
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    public List<String> getCurrentUserSiteRoles(String str) throws AuthenticationException, ServiceLayerException {
        Authentication authentication = this.securityService.getAuthentication();
        if (authentication == null) {
            throw new AuthenticationException("User should be authenticated");
        }
        try {
            return getUserSiteRoles(-1L, authentication.getUsername(), str);
        } catch (UserNotFoundException e) {
            throw new IllegalStateException(e);
        }
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    public String getCurrentUserSsoLogoutUrl() throws AuthenticationException, ServiceLayerException {
        Authentication authentication = this.securityService.getAuthentication();
        if (authentication != null) {
            return authentication.getSsoLogoutUrl();
        }
        throw new AuthenticationException("User should be authenticated");
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    public boolean forgotPassword(String str) throws ServiceLayerException, UserNotFoundException, UserExternallyManagedException {
        logger.debug("Getting user profile for " + str, new Object[0]);
        User userByIdOrUsername = this.userServiceInternal.getUserByIdOrUsername(-1L, str);
        if (userByIdOrUsername == null) {
            logger.info("User profile not found for " + str, new Object[0]);
            throw new UserNotFoundException();
        }
        if (userByIdOrUsername.isExternallyManaged()) {
            throw new UserExternallyManagedException();
        }
        if (userByIdOrUsername.getEmail() == null) {
            logger.info("User " + str + " does not have assigned email with account", new Object[0]);
            throw new ServiceLayerException("User " + str + " does not have assigned email with account");
        }
        String email = userByIdOrUsername.getEmail();
        logger.debug("Creating security token for forgot password", new Object[0]);
        String encryptToken = encryptToken(str + "|" + this.instanceService.getInstanceId() + "|" + (System.currentTimeMillis() + TimeUnit.MINUTES.toMillis(Long.parseLong(this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_FORGOT_PASSWORD_TOKEN_TIMEOUT)))) + "|" + this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_CIPHER_SALT));
        logger.debug("Sending forgot password email to " + email, new Object[0]);
        try {
            sendForgotPasswordEmail(email, encryptToken);
            return true;
        } catch (MessagingException | IOException | TemplateException e) {
            throw new ServiceLayerException("Error while sending forgot password email", e);
        }
    }

    private String encryptToken(String str) {
        try {
            return Base64.getEncoder().encodeToString(new PbkAesTextEncryptor(this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_CIPHER_KEY), this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_CIPHER_SALT)).encrypt(str).getBytes(StandardCharsets.UTF_8));
        } catch (CryptoException e) {
            logger.error("Error while encrypting forgot password token", e, new Object[0]);
            return null;
        }
    }

    private String decryptToken(String str) {
        try {
            return new PbkAesTextEncryptor(this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_CIPHER_KEY), this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_CIPHER_SALT)).decrypt(new String(Base64.getDecoder().decode(str.getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));
        } catch (CryptoException e) {
            logger.error("Error while decrypting forgot password token", e, new Object[0]);
            return null;
        }
    }

    private void sendForgotPasswordEmail(String str, String str2) throws MessagingException, IOException, TemplateException {
        try {
            Template template = ((FreeMarkerConfig) this.freeMarkerConfig.getObject()).getConfiguration().getTemplate(this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_FORGOT_PASSWORD_EMAIL_TEMPLATE));
            StringWriter stringWriter = new StringWriter();
            HashMap hashMap = new HashMap();
            HttpServletRequest request = RequestContext.getCurrent().getRequest();
            String replace = request.getRequestURL().toString().replace(request.getPathInfo(), "");
            String property = this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_RESET_PASSWORD_SERVICE_URL);
            hashMap.put("authoringUrl", replace);
            hashMap.put("serviceUrl", property);
            hashMap.put("token", str2);
            if (template != null) {
                template.process(hashMap, stringWriter);
            }
            MimeMessage createMimeMessage = this.emailService.createMimeMessage();
            MimeMessageHelper mimeMessageHelper = new MimeMessageHelper(createMimeMessage);
            mimeMessageHelper.setFrom(this.studioConfiguration.getProperty(StudioConfiguration.MAIL_FROM_DEFAULT));
            mimeMessageHelper.setTo(str);
            mimeMessageHelper.setSubject(this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_FORGOT_PASSWORD_MESSAGE_SUBJECT));
            mimeMessageHelper.setText(stringWriter.toString(), true);
            logger.info("Sending password recovery message to " + str, new Object[0]);
            if (isAuthenticatedSMTP()) {
                this.emailService.send(createMimeMessage);
            } else {
                this.emailServiceNoAuth.send(createMimeMessage);
            }
            logger.info("Password recovery message successfully sent to " + str, new Object[0]);
        } catch (MessagingException | IOException | TemplateException e) {
            logger.error("Failed to send password recovery message to " + str, e, new Object[0]);
            throw e;
        }
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    public User changePassword(String str, String str2, String str3) throws PasswordDoesNotMatchException, UserExternallyManagedException, ServiceLayerException, AuthenticationException, UserNotFoundException {
        AuthenticatedUser currentUser = getCurrentUser();
        if (currentUser == null || !StringUtils.equals(str, currentUser.getUsername())) {
            throw new PermissionException();
        }
        if (this.userServiceInternal.changePassword(str, str2, str3)) {
            return this.userServiceInternal.getUserByIdOrUsername(-1L, str);
        }
        throw new ServiceLayerException("Failed to change password");
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    public User setPassword(String str, String str2) throws UserNotFoundException, UserExternallyManagedException, ServiceLayerException {
        if (!validateToken(str)) {
            return null;
        }
        String usernameFromToken = getUsernameFromToken(str);
        if (!StringUtils.isNotEmpty(usernameFromToken)) {
            throw new UserNotFoundException("User not found");
        }
        User userByIdOrUsername = this.userServiceInternal.getUserByIdOrUsername(-1L, usernameFromToken);
        if (userByIdOrUsername == null) {
            throw new UserNotFoundException("User not found");
        }
        if (userByIdOrUsername.isEnabled() && this.userServiceInternal.setUserPassword(usernameFromToken, str2)) {
            return userByIdOrUsername;
        }
        return null;
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    public boolean validateToken(String str) throws UserNotFoundException, UserExternallyManagedException, ServiceLayerException {
        boolean z = false;
        String decryptToken = decryptToken(str);
        if (StringUtils.isNotEmpty(decryptToken)) {
            StringTokenizer stringTokenizer = new StringTokenizer(decryptToken, "|");
            if (stringTokenizer.countTokens() == 4) {
                String nextToken = stringTokenizer.nextToken();
                User userByIdOrUsername = this.userServiceInternal.getUserByIdOrUsername(-1L, nextToken);
                if (userByIdOrUsername == null) {
                    logger.info("User profile not found for " + nextToken, new Object[0]);
                    throw new UserNotFoundException();
                }
                if (userByIdOrUsername.isExternallyManaged()) {
                    throw new UserExternallyManagedException();
                }
                if (StringUtils.equals(stringTokenizer.nextToken(), this.instanceService.getInstanceId())) {
                    z = Long.parseLong(stringTokenizer.nextToken()) >= System.currentTimeMillis();
                }
            }
        }
        return z;
    }

    private String getUsernameFromToken(String str) {
        String str2 = "";
        String decryptToken = decryptToken(str);
        if (StringUtils.isNotEmpty(decryptToken)) {
            StringTokenizer stringTokenizer = new StringTokenizer(decryptToken, "|");
            if (stringTokenizer.countTokens() == 4) {
                str2 = stringTokenizer.nextToken();
            }
        }
        return str2;
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    @HasPermission(type = DefaultPermission.class, action = "update_users")
    public boolean resetPassword(String str, String str2) throws UserNotFoundException, UserExternallyManagedException, ServiceLayerException {
        return this.userServiceInternal.setUserPassword(str, str2);
    }

    private boolean isAuthenticatedSMTP() {
        return Boolean.parseBoolean(this.studioConfiguration.getProperty(StudioConfiguration.MAIL_SMTP_AUTH));
    }

    public UserServiceInternal getUserServiceInternal() {
        return this.userServiceInternal;
    }

    public void setUserServiceInternal(UserServiceInternal userServiceInternal) {
        this.userServiceInternal = userServiceInternal;
    }

    public GroupServiceInternal getGroupServiceInternal() {
        return this.groupServiceInternal;
    }

    public void setGroupServiceInternal(GroupServiceInternal groupServiceInternal) {
        this.groupServiceInternal = groupServiceInternal;
    }

    public ConfigurationService getConfigurationService() {
        return this.configurationService;
    }

    public void setConfigurationService(ConfigurationService configurationService) {
        this.configurationService = configurationService;
    }

    public SiteService getSiteService() {
        return this.siteService;
    }

    public void setSiteService(SiteService siteService) {
        this.siteService = siteService;
    }

    public void setEntitlementValidator(EntitlementValidator entitlementValidator) {
        this.entitlementValidator = entitlementValidator;
    }

    public GeneralLockService getGeneralLockService() {
        return this.generalLockService;
    }

    public void setGeneralLockService(GeneralLockService generalLockService) {
        this.generalLockService = generalLockService;
    }

    public SecurityService getSecurityService() {
        return this.securityService;
    }

    public void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
    }

    public StudioConfiguration getStudioConfiguration() {
        return this.studioConfiguration;
    }

    public void setStudioConfiguration(StudioConfiguration studioConfiguration) {
        this.studioConfiguration = studioConfiguration;
    }

    public AuditServiceInternal getAuditServiceInternal() {
        return this.auditServiceInternal;
    }

    public void setAuditServiceInternal(AuditServiceInternal auditServiceInternal) {
        this.auditServiceInternal = auditServiceInternal;
    }

    public ObjectFactory<FreeMarkerConfig> getFreeMarkerConfig() {
        return this.freeMarkerConfig;
    }

    public void setFreeMarkerConfig(ObjectFactory<FreeMarkerConfig> objectFactory) {
        this.freeMarkerConfig = objectFactory;
    }

    public JavaMailSender getEmailService() {
        return this.emailService;
    }

    public void setEmailService(JavaMailSender javaMailSender) {
        this.emailService = javaMailSender;
    }

    public JavaMailSender getEmailServiceNoAuth() {
        return this.emailServiceNoAuth;
    }

    public void setEmailServiceNoAuth(JavaMailSender javaMailSender) {
        this.emailServiceNoAuth = javaMailSender;
    }

    public InstanceService getInstanceService() {
        return this.instanceService;
    }

    public void setInstanceService(InstanceService instanceService) {
        this.instanceService = instanceService;
    }
}
