package org.craftercms.studio.impl.v2.service.security;

import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.collections4.MapUtils;
import org.apache.commons.lang3.StringUtils;
import org.craftercms.commons.crypto.CryptoException;
import org.craftercms.commons.crypto.TextEncryptor;
import org.craftercms.commons.entitlements.exception.EntitlementException;
import org.craftercms.commons.entitlements.model.EntitlementType;
import org.craftercms.commons.entitlements.validator.EntitlementValidator;
import org.craftercms.commons.security.permissions.DefaultPermission;
import org.craftercms.commons.security.permissions.annotations.HasPermission;
import org.craftercms.studio.api.v1.constant.StudioConstants;
import org.craftercms.studio.api.v1.dal.SiteFeed;
import org.craftercms.studio.api.v1.exception.ServiceLayerException;
import org.craftercms.studio.api.v1.exception.SiteNotFoundException;
import org.craftercms.studio.api.v1.exception.security.AuthenticationException;
import org.craftercms.studio.api.v1.exception.security.GroupNotFoundException;
import org.craftercms.studio.api.v1.exception.security.PasswordDoesNotMatchException;
import org.craftercms.studio.api.v1.exception.security.UserAlreadyExistsException;
import org.craftercms.studio.api.v1.exception.security.UserExternallyManagedException;
import org.craftercms.studio.api.v1.exception.security.UserNotFoundException;
import org.craftercms.studio.api.v1.service.GeneralLockService;
import org.craftercms.studio.api.v1.service.security.SecurityService;
import org.craftercms.studio.api.v1.service.site.SiteService;
import org.craftercms.studio.api.v2.dal.AuditLog;
import org.craftercms.studio.api.v2.dal.AuditLogConstants;
import org.craftercms.studio.api.v2.dal.AuditLogParameter;
import org.craftercms.studio.api.v2.dal.Group;
import org.craftercms.studio.api.v2.dal.User;
import org.craftercms.studio.api.v2.exception.security.ActionsDeniedException;
import org.craftercms.studio.api.v2.service.audit.internal.AuditServiceInternal;
import org.craftercms.studio.api.v2.service.config.ConfigurationService;
import org.craftercms.studio.api.v2.service.security.UserService;
import org.craftercms.studio.api.v2.service.security.internal.AccessTokenServiceInternal;
import org.craftercms.studio.api.v2.service.security.internal.GroupServiceInternal;
import org.craftercms.studio.api.v2.service.security.internal.UserServiceInternal;
import org.craftercms.studio.api.v2.service.system.InstanceService;
import org.craftercms.studio.api.v2.utils.StudioConfiguration;
import org.craftercms.studio.impl.v1.repository.git.GitContentRepositoryConstants;
import org.craftercms.studio.impl.v2.security.password.ForgotPasswordTaskFactory;
import org.craftercms.studio.model.AuthenticatedUser;
import org.craftercms.studio.model.Site;
import org.craftercms.studio.model.rest.UserResponse;
import org.craftercms.studio.permissions.StudioPermissionsConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectFactory;
import org.springframework.core.task.TaskExecutor;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.session.SessionRegistry;

/* loaded from: input_file:org/craftercms/studio/impl/v2/service/security/UserServiceImpl.class */
public class UserServiceImpl implements UserService {
    private static final Logger logger = LoggerFactory.getLogger(UserServiceImpl.class);
    private static final String TOKEN_DELIMITER = "|";
    private UserServiceInternal userServiceInternal;
    private ConfigurationService configurationService;
    private GroupServiceInternal groupServiceInternal;
    private SiteService siteService;
    private EntitlementValidator entitlementValidator;
    private GeneralLockService generalLockService;
    private SecurityService securityService;
    private StudioConfiguration studioConfiguration;
    private AuditServiceInternal auditServiceInternal;
    private AccessTokenServiceInternal accessTokenServiceInternal;
    private InstanceService instanceService;
    private TextEncryptor encryptor;
    private org.craftercms.studio.api.v2.service.security.SecurityService securityServiceV2;
    private SessionRegistry sessionRegistry;
    private TaskExecutor taskExecutor;
    private ObjectFactory<ForgotPasswordTaskFactory> forgotPasswordTaskFactory;

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    @HasPermission(type = DefaultPermission.class, action = StudioPermissionsConstants.PERMISSION_READ_USERS)
    public List<UserResponse> getAllUsersForSite(long j, String str, String str2, int i, int i2, String str3) throws ServiceLayerException {
        return (List) this.userServiceInternal.getAllUsersForSite(j, this.groupServiceInternal.getSiteGroups(str), str2, i, i2, str3).stream().map(user -> {
            return new UserResponse(user);
        }).collect(Collectors.toList());
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    @HasPermission(type = DefaultPermission.class, action = StudioPermissionsConstants.PERMISSION_READ_USERS)
    public List<UserResponse> getAllUsers(String str, int i, int i2, String str2) throws ServiceLayerException {
        return (List) this.userServiceInternal.getAllUsers(str, i, i2, str2).stream().map(user -> {
            return new UserResponse(user);
        }).collect(Collectors.toList());
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    @HasPermission(type = DefaultPermission.class, action = StudioPermissionsConstants.PERMISSION_READ_USERS)
    public int getAllUsersForSiteTotal(long j, String str, String str2) throws ServiceLayerException {
        return this.userServiceInternal.getAllUsersForSiteTotal(j, str, str2);
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    @HasPermission(type = DefaultPermission.class, action = StudioPermissionsConstants.PERMISSION_READ_USERS)
    public int getAllUsersTotal(String str) throws ServiceLayerException {
        return this.userServiceInternal.getAllUsersTotal(str);
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    @HasPermission(type = DefaultPermission.class, action = StudioPermissionsConstants.PERMISSION_CREATE_USERS)
    public UserResponse createUser(User user) throws UserAlreadyExistsException, ServiceLayerException, AuthenticationException {
        try {
            this.entitlementValidator.validateEntitlement(EntitlementType.USER, 1);
            User createUser = this.userServiceInternal.createUser(user);
            SiteFeed site = this.siteService.getSite(this.studioConfiguration.getProperty(StudioConfiguration.CONFIGURATION_GLOBAL_SYSTEM_SITE));
            AuditLog createAuditLogEntry = this.auditServiceInternal.createAuditLogEntry();
            createAuditLogEntry.setOperation(AuditLogConstants.OPERATION_CREATE);
            createAuditLogEntry.setSiteId(site.getId());
            createAuditLogEntry.setActorId(getCurrentUser().getUsername());
            createAuditLogEntry.setPrimaryTargetId(user.getUsername());
            createAuditLogEntry.setPrimaryTargetType(AuditLogConstants.TARGET_TYPE_USER);
            createAuditLogEntry.setPrimaryTargetValue(user.getUsername());
            this.auditServiceInternal.insertAuditLog(createAuditLogEntry);
            return new UserResponse(createUser);
        } catch (EntitlementException e) {
            throw new ServiceLayerException("Unable to complete request due to entitlement limits. Please contact your system administrator.", e);
        }
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    @HasPermission(type = DefaultPermission.class, action = StudioPermissionsConstants.PERMISSION_UPDATE_USERS)
    public void updateUser(User user) throws ServiceLayerException, UserNotFoundException, AuthenticationException, UserExternallyManagedException {
        checkExternallyManagedUsers(Arrays.asList(Long.valueOf(user.getId())), Arrays.asList(user.getUsername()));
        this.userServiceInternal.updateUser(user);
        User userByIdOrUsername = this.userServiceInternal.getUserByIdOrUsername(user.getId(), "");
        SiteFeed site = this.siteService.getSite(this.studioConfiguration.getProperty(StudioConfiguration.CONFIGURATION_GLOBAL_SYSTEM_SITE));
        AuditLog createAuditLogEntry = this.auditServiceInternal.createAuditLogEntry();
        createAuditLogEntry.setOperation("UPDATE");
        createAuditLogEntry.setSiteId(site.getId());
        createAuditLogEntry.setActorId(getCurrentUser().getUsername());
        createAuditLogEntry.setPrimaryTargetId(userByIdOrUsername.getUsername());
        createAuditLogEntry.setPrimaryTargetType(AuditLogConstants.TARGET_TYPE_USER);
        createAuditLogEntry.setPrimaryTargetValue(userByIdOrUsername.getUsername());
        this.auditServiceInternal.insertAuditLog(createAuditLogEntry);
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    @HasPermission(type = DefaultPermission.class, action = StudioPermissionsConstants.PERMISSION_DELETE_USERS)
    public void deleteUsers(List<Long> list, List<String> list2) throws ServiceLayerException, AuthenticationException, UserNotFoundException, UserExternallyManagedException {
        AuthenticatedUser currentUser = getCurrentUser();
        checkExternallyManagedUsers(list, list2);
        if (CollectionUtils.containsAny(list, List.of(Long.valueOf(currentUser.getId()))) || CollectionUtils.containsAny(list2, List.of(currentUser.getUsername()))) {
            throw new ServiceLayerException("Cannot delete self.");
        }
        User userByIdOrUsername = this.userServiceInternal.getUserByIdOrUsername(-1L, GitContentRepositoryConstants.GIT_REPO_USER_USERNAME);
        if (CollectionUtils.containsAny(list, List.of(Long.valueOf(userByIdOrUsername.getId()))) || CollectionUtils.containsAny(list2, List.of(userByIdOrUsername.getUsername()))) {
            throw new ServiceLayerException("Cannot delete generic Git Repo User.");
        }
        this.generalLockService.lock(StudioConstants.REMOVE_SYSTEM_ADMIN_MEMBER_LOCK);
        try {
            try {
                List<User> groupMembers = this.groupServiceInternal.getGroupMembers(this.groupServiceInternal.getGroupByName("system_admin").getId(), 0, Integer.MAX_VALUE, "");
                if (CollectionUtils.isNotEmpty(groupMembers)) {
                    LinkedList linkedList = new LinkedList(groupMembers);
                    groupMembers.forEach(user -> {
                        if (CollectionUtils.isNotEmpty(list) && list.contains(Long.valueOf(user.getId()))) {
                            linkedList.remove(user);
                        }
                        if (CollectionUtils.isNotEmpty(list2) && list2.contains(user.getUsername())) {
                            linkedList.remove(user);
                        }
                    });
                    if (CollectionUtils.isEmpty(linkedList)) {
                        throw new ServiceLayerException("Removing all members of the System Admin group is not allowed. We must have at least one system administrator.");
                    }
                }
                List<User> usersByIdOrUsername = this.userServiceInternal.getUsersByIdOrUsername(list, list2);
                this.userServiceInternal.deleteUsers(list, list2);
                logger.debug("Search the current sessions for deleted users '{}'", usersByIdOrUsername);
                ((Set) this.sessionRegistry.getAllPrincipals().stream().map(obj -> {
                    return (AuthenticatedUser) obj;
                }).filter(authenticatedUser -> {
                    return usersByIdOrUsername.stream().anyMatch(user2 -> {
                        return authenticatedUser.getId() == user2.getId();
                    });
                }).collect(Collectors.toSet())).forEach(authenticatedUser2 -> {
                    this.sessionRegistry.getAllSessions(authenticatedUser2, false).forEach(sessionInformation -> {
                        logger.debug("Invalidate the session '{}' for user '{}'", sessionInformation.getSessionId(), authenticatedUser2.getUsername());
                        sessionInformation.expireNow();
                    });
                });
                logger.debug("Remove all tokens for deleted users '{}", usersByIdOrUsername);
                this.accessTokenServiceInternal.deleteUsersTokens(usersByIdOrUsername.stream().map((v0) -> {
                    return v0.getId();
                }).toList());
                SiteFeed site = this.siteService.getSite(this.studioConfiguration.getProperty(StudioConfiguration.CONFIGURATION_GLOBAL_SYSTEM_SITE));
                AuditLog createAuditLogEntry = this.auditServiceInternal.createAuditLogEntry();
                createAuditLogEntry.setOperation("DELETE");
                createAuditLogEntry.setSiteId(site.getId());
                createAuditLogEntry.setActorId(getCurrentUser().getUsername());
                createAuditLogEntry.setPrimaryTargetId(site.getSiteId());
                createAuditLogEntry.setPrimaryTargetType(AuditLogConstants.TARGET_TYPE_USER);
                createAuditLogEntry.setPrimaryTargetValue(site.getName());
                ArrayList arrayList = new ArrayList();
                for (User user2 : usersByIdOrUsername) {
                    AuditLogParameter auditLogParameter = new AuditLogParameter();
                    auditLogParameter.setTargetId(Long.toString(user2.getId()));
                    auditLogParameter.setTargetType(AuditLogConstants.TARGET_TYPE_USER);
                    auditLogParameter.setTargetValue(user2.getUsername());
                    arrayList.add(auditLogParameter);
                }
                createAuditLogEntry.setParameters(arrayList);
                this.auditServiceInternal.insertAuditLog(createAuditLogEntry);
                this.generalLockService.unlock(StudioConstants.REMOVE_SYSTEM_ADMIN_MEMBER_LOCK);
            } catch (GroupNotFoundException e) {
                throw new ServiceLayerException("The System Admin group is not found.", e);
            }
        } catch (Throwable th) {
            this.generalLockService.unlock(StudioConstants.REMOVE_SYSTEM_ADMIN_MEMBER_LOCK);
            throw th;
        }
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    @HasPermission(type = DefaultPermission.class, action = StudioPermissionsConstants.PERMISSION_READ_USERS)
    public User getUserByIdOrUsername(long j, String str) throws ServiceLayerException, UserNotFoundException {
        return this.userServiceInternal.getUserByIdOrUsername(j, str);
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    @HasPermission(type = DefaultPermission.class, action = StudioPermissionsConstants.PERMISSION_UPDATE_USERS)
    public List<UserResponse> enableUsers(List<Long> list, List<String> list2, boolean z) throws ServiceLayerException, UserNotFoundException, AuthenticationException, UserExternallyManagedException {
        checkExternallyManagedUsers(list, list2);
        List<User> enableUsers = this.userServiceInternal.enableUsers(list, list2, z);
        SiteFeed site = this.siteService.getSite(this.studioConfiguration.getProperty(StudioConfiguration.CONFIGURATION_GLOBAL_SYSTEM_SITE));
        AuditLog createAuditLogEntry = this.auditServiceInternal.createAuditLogEntry();
        createAuditLogEntry.setSiteId(site.getId());
        if (z) {
            createAuditLogEntry.setOperation(AuditLogConstants.OPERATION_ENABLE);
        } else {
            createAuditLogEntry.setOperation(AuditLogConstants.OPERATION_DISABLE);
        }
        createAuditLogEntry.setActorId(getCurrentUser().getUsername());
        createAuditLogEntry.setPrimaryTargetId(site.getSiteId());
        createAuditLogEntry.setPrimaryTargetType(AuditLogConstants.TARGET_TYPE_USER);
        createAuditLogEntry.setPrimaryTargetValue(site.getName());
        ArrayList arrayList = new ArrayList();
        for (User user : enableUsers) {
            AuditLogParameter auditLogParameter = new AuditLogParameter();
            auditLogParameter.setTargetId(Long.toString(user.getId()));
            auditLogParameter.setTargetType(AuditLogConstants.TARGET_TYPE_USER);
            auditLogParameter.setTargetValue(user.getUsername());
            arrayList.add(auditLogParameter);
        }
        createAuditLogEntry.setParameters(arrayList);
        this.auditServiceInternal.insertAuditLog(createAuditLogEntry);
        return (List) enableUsers.stream().map(user2 -> {
            return new UserResponse(user2);
        }).collect(Collectors.toList());
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    @HasPermission(type = DefaultPermission.class, action = StudioPermissionsConstants.PERMISSION_READ_USERS)
    public List<Site> getUserSites(long j, String str) throws ServiceLayerException, UserNotFoundException {
        ArrayList arrayList = new ArrayList();
        Set<String> allAvailableSites = this.siteService.getAllAvailableSites();
        List<Group> userGroups = this.userServiceInternal.getUserGroups(j, str);
        boolean isSystemAdmin = this.securityService.isSystemAdmin(str);
        for (String str2 : allAvailableSites) {
            List<String> siteGroups = this.groupServiceInternal.getSiteGroups(str2);
            if (isSystemAdmin || userGroups.stream().anyMatch(group -> {
                return siteGroups.contains(group.getGroupName());
            })) {
                try {
                    SiteFeed site = this.siteService.getSite(str2);
                    Site site2 = new Site();
                    site2.setSiteId(site.getSiteId());
                    site2.setUuid(site.getSiteUuid());
                    site2.setName(site.getName());
                    site2.setDesc(site.getDescription());
                    site2.setState(site.getState());
                    arrayList.add(site2);
                } catch (SiteNotFoundException e) {
                    logger.error("Site '{}' was not found while getting user sites for user '{}'", new Object[]{str2, str, e});
                }
            }
        }
        return arrayList;
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    @HasPermission(type = DefaultPermission.class, action = StudioPermissionsConstants.PERMISSION_READ_USERS)
    public List<String> getUserSiteRoles(long j, String str, String str2) throws ServiceLayerException, UserNotFoundException {
        List<Group> userGroups = this.userServiceInternal.getUserGroups(j, str);
        if (CollectionUtils.isEmpty(userGroups)) {
            return Collections.emptyList();
        }
        Map<String, List<String>> roleMappings = this.configurationService.getRoleMappings(str2);
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        if (MapUtils.isEmpty(roleMappings)) {
            return Collections.emptyList();
        }
        if (this.securityService.isSystemAdmin(str)) {
            Iterator<List<String>> it = roleMappings.values().iterator();
            while (it.hasNext()) {
                linkedHashSet.addAll(it.next());
            }
        } else {
            Iterator<Group> it2 = userGroups.iterator();
            while (it2.hasNext()) {
                List<String> list = roleMappings.get(it2.next().getGroupName());
                if (CollectionUtils.isNotEmpty(list)) {
                    linkedHashSet.addAll(list);
                }
            }
        }
        return new ArrayList(linkedHashSet);
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    public AuthenticatedUser getCurrentUser() throws AuthenticationException {
        return this.userServiceInternal.getCurrentUser();
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    public List<Site> getCurrentUserSites() throws AuthenticationException, ServiceLayerException {
        Authentication authentication = this.securityService.getAuthentication();
        if (authentication == null) {
            throw new AuthenticationException("User should be authenticated");
        }
        try {
            return getUserSites(-1L, authentication.getName());
        } catch (UserNotFoundException e) {
            throw new IllegalStateException(e);
        }
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    public List<String> getCurrentUserSiteRoles(String str) throws AuthenticationException, ServiceLayerException {
        Authentication authentication = this.securityService.getAuthentication();
        if (authentication == null) {
            throw new AuthenticationException("User should be authenticated");
        }
        try {
            return getUserSiteRoles(-1L, authentication.getName(), str);
        } catch (UserNotFoundException e) {
            throw new IllegalStateException(e);
        }
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    public void forgotPassword(String str) {
        try {
            this.taskExecutor.execute(((ForgotPasswordTaskFactory) this.forgotPasswordTaskFactory.getObject()).prepareTask(str));
        } catch (Exception e) {
            logger.error("Failed to get forgot password task for username '{}'", str, e);
        }
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    public String getForgotPasswordToken(String str) {
        long currentTimeMillis = System.currentTimeMillis() + TimeUnit.MINUTES.toMillis(Long.parseLong(this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_FORGOT_PASSWORD_TOKEN_TIMEOUT)));
        return encryptToken(StringUtils.joinWith(TOKEN_DELIMITER, new Object[]{str, this.instanceService.getInstanceId(), Long.valueOf(currentTimeMillis), this.studioConfiguration.getProperty(StudioConfiguration.SECURITY_CIPHER_SALT)}));
    }

    private String encryptToken(String str) {
        try {
            return Base64.getEncoder().encodeToString(this.encryptor.encrypt(str).getBytes(StandardCharsets.UTF_8));
        } catch (CryptoException e) {
            logger.error("Failed to encrypt the forgot password token", e);
            return null;
        }
    }

    protected String decryptToken(String str) {
        try {
            return this.encryptor.decrypt(new String(Base64.getDecoder().decode(str.getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));
        } catch (CryptoException e) {
            logger.error("Failed to decrypt the forgot password token", e);
            return null;
        }
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    public UserResponse changePassword(String str, String str2, String str3) throws PasswordDoesNotMatchException, UserExternallyManagedException, ServiceLayerException, AuthenticationException, UserNotFoundException {
        AuthenticatedUser currentUser = getCurrentUser();
        if (currentUser == null || !StringUtils.equals(str, currentUser.getUsername())) {
            throw new ActionsDeniedException("Cannot change password: current logged in user does not match provided username");
        }
        if (this.userServiceInternal.changePassword(str, str2, str3)) {
            return new UserResponse(this.userServiceInternal.getUserByIdOrUsername(-1L, str));
        }
        throw new ServiceLayerException("Failed to change password");
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    public UserResponse setPassword(String str, String str2) throws UserNotFoundException, UserExternallyManagedException, ServiceLayerException {
        if (!validateToken(str)) {
            return null;
        }
        String usernameFromToken = getUsernameFromToken(str);
        if (!StringUtils.isNotEmpty(usernameFromToken)) {
            throw new UserNotFoundException("User not found");
        }
        User userByIdOrUsername = this.userServiceInternal.getUserByIdOrUsername(-1L, usernameFromToken);
        if (userByIdOrUsername.isEnabled() && this.userServiceInternal.setUserPassword(usernameFromToken, str2)) {
            return new UserResponse(userByIdOrUsername);
        }
        return null;
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    public boolean validateToken(String str) throws UserNotFoundException, UserExternallyManagedException, ServiceLayerException {
        String decryptToken = decryptToken(str);
        if (!StringUtils.isEmpty(decryptToken)) {
            return validateDecryptedToken(decryptToken);
        }
        logger.warn("Failed to validate forgot password token. The decrypted token is empty.");
        return false;
    }

    protected boolean validateDecryptedToken(String str) throws UserNotFoundException, ServiceLayerException, UserExternallyManagedException {
        StringTokenizer stringTokenizer = new StringTokenizer(str, TOKEN_DELIMITER);
        if (stringTokenizer.countTokens() != 4) {
            logger.warn("Failed to validate forgot password token. Found '{}' elements when expecting 4.", Integer.valueOf(stringTokenizer.countTokens()));
            return false;
        }
        String nextToken = stringTokenizer.nextToken();
        User userByIdOrUsername = this.userServiceInternal.getUserByIdOrUsername(-1L, nextToken);
        if (userByIdOrUsername == null) {
            logger.warn("Failed to validate forgot password token. User profile not found for username '{}'", nextToken);
            throw new UserNotFoundException();
        }
        if (userByIdOrUsername.isExternallyManaged()) {
            logger.warn("Failed to validate forgot password token. User '{}' is externally managed and therefore the password is not managed by us.", nextToken);
            throw new UserExternallyManagedException();
        }
        String nextToken2 = stringTokenizer.nextToken();
        if (!StringUtils.equals(nextToken2, this.instanceService.getInstanceId())) {
            logger.warn("Failed to validate forgot password token. Token's Studio instance ID is '{}' and does not match the current value '{}'", nextToken2, this.instanceService.getInstanceId());
            return false;
        }
        long parseLong = Long.parseLong(stringTokenizer.nextToken());
        boolean z = parseLong < System.currentTimeMillis();
        if (z) {
            logger.info("Failed to validate forgot password token. The token timestamp '{}' is in the past.", Long.valueOf(parseLong));
        }
        return !z;
    }

    private String getUsernameFromToken(String str) {
        String str2 = "";
        String decryptToken = decryptToken(str);
        if (StringUtils.isNotEmpty(decryptToken)) {
            StringTokenizer stringTokenizer = new StringTokenizer(decryptToken, TOKEN_DELIMITER);
            if (stringTokenizer.countTokens() == 4) {
                str2 = stringTokenizer.nextToken();
            }
        }
        return str2;
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    @HasPermission(type = DefaultPermission.class, action = StudioPermissionsConstants.PERMISSION_UPDATE_USERS)
    public boolean resetPassword(String str, String str2) throws UserNotFoundException, ServiceLayerException {
        return this.userServiceInternal.setUserPassword(str, str2);
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    public Map<String, Map<String, String>> getUserProperties(String str) throws ServiceLayerException {
        return this.userServiceInternal.getUserProperties(str);
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    public Map<String, String> updateUserProperties(String str, Map<String, String> map) throws ServiceLayerException {
        return this.userServiceInternal.updateUserProperties(str, map);
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    public Map<String, String> deleteUserProperties(String str, List<String> list) throws ServiceLayerException {
        return this.userServiceInternal.deleteUserProperties(str, list);
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    public List<String> getCurrentUserSitePermissions(String str) throws ServiceLayerException, UserNotFoundException, ExecutionException {
        String currentUser = this.securityService.getCurrentUser();
        return this.securityServiceV2.getUserPermission(str, currentUser, getUserSiteRoles(-1L, currentUser, str));
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    public Map<String, Boolean> hasCurrentUserSitePermissions(String str, List<String> list) throws ServiceLayerException, UserNotFoundException, ExecutionException {
        HashMap hashMap = new HashMap();
        List<String> currentUserSitePermissions = getCurrentUserSitePermissions(str);
        list.forEach(str2 -> {
            hashMap.put(str2, Boolean.valueOf(currentUserSitePermissions.contains(str2)));
        });
        return hashMap;
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    public List<String> getCurrentUserGlobalPermissions() throws ServiceLayerException, UserNotFoundException, ExecutionException {
        String currentUser = this.securityService.getCurrentUser();
        return this.securityServiceV2.getUserPermission("", currentUser, this.securityService.getUserGlobalRoles(-1L, currentUser));
    }

    @Override // org.craftercms.studio.api.v2.service.security.UserService
    public Map<String, Boolean> hasCurrentUserGlobalPermissions(List<String> list) throws ServiceLayerException, UserNotFoundException, ExecutionException {
        HashMap hashMap = new HashMap();
        List<String> currentUserGlobalPermissions = getCurrentUserGlobalPermissions();
        list.forEach(str -> {
            hashMap.put(str, Boolean.valueOf(currentUserGlobalPermissions.contains(str)));
        });
        return hashMap;
    }

    private void checkExternallyManagedUsers(List<Long> list, List<String> list2) throws UserNotFoundException, UserExternallyManagedException, ServiceLayerException {
        if (this.userServiceInternal.getUsersByIdOrUsername(list, list2).stream().anyMatch(user -> {
            return user.isExternallyManaged();
        })) {
            throw new UserExternallyManagedException("Cannot update externally managed users.");
        }
    }

    public void setUserServiceInternal(UserServiceInternal userServiceInternal) {
        this.userServiceInternal = userServiceInternal;
    }

    public void setConfigurationService(ConfigurationService configurationService) {
        this.configurationService = configurationService;
    }

    public void setGroupServiceInternal(GroupServiceInternal groupServiceInternal) {
        this.groupServiceInternal = groupServiceInternal;
    }

    public void setSiteService(SiteService siteService) {
        this.siteService = siteService;
    }

    public void setEntitlementValidator(EntitlementValidator entitlementValidator) {
        this.entitlementValidator = entitlementValidator;
    }

    public void setGeneralLockService(GeneralLockService generalLockService) {
        this.generalLockService = generalLockService;
    }

    public void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
    }

    public void setStudioConfiguration(StudioConfiguration studioConfiguration) {
        this.studioConfiguration = studioConfiguration;
    }

    public void setAuditServiceInternal(AuditServiceInternal auditServiceInternal) {
        this.auditServiceInternal = auditServiceInternal;
    }

    public void setAccessTokenServiceInternal(AccessTokenServiceInternal accessTokenServiceInternal) {
        this.accessTokenServiceInternal = accessTokenServiceInternal;
    }

    public void setInstanceService(InstanceService instanceService) {
        this.instanceService = instanceService;
    }

    public void setEncryptor(TextEncryptor textEncryptor) {
        this.encryptor = textEncryptor;
    }

    public void setSecurityServiceV2(org.craftercms.studio.api.v2.service.security.SecurityService securityService) {
        this.securityServiceV2 = securityService;
    }

    public void setSessionRegistry(SessionRegistry sessionRegistry) {
        this.sessionRegistry = sessionRegistry;
    }

    public void setTaskExecutor(TaskExecutor taskExecutor) {
        this.taskExecutor = taskExecutor;
    }

    public void setForgotPasswordTaskFactory(ObjectFactory<ForgotPasswordTaskFactory> objectFactory) {
        this.forgotPasswordTaskFactory = objectFactory;
    }
}
