package org.iplass.gem.command.auth;

import java.util.Iterator;
import java.util.List;
import org.iplass.gem.command.Constants;
import org.iplass.gem.command.GemResourceBundleUtil;
import org.iplass.gem.command.generic.detail.DetailViewCommand;
import org.iplass.mtp.ManagerLocator;
import org.iplass.mtp.SystemException;
import org.iplass.mtp.auth.AuthContext;
import org.iplass.mtp.auth.AuthManager;
import org.iplass.mtp.auth.login.IdPasswordCredential;
import org.iplass.mtp.command.Command;
import org.iplass.mtp.command.RequestContext;
import org.iplass.mtp.command.annotation.CommandClass;
import org.iplass.mtp.command.annotation.CommandConfig;
import org.iplass.mtp.command.annotation.action.ActionMapping;
import org.iplass.mtp.command.annotation.action.ActionMappings;
import org.iplass.mtp.command.annotation.action.ParamMapping;
import org.iplass.mtp.command.annotation.action.Result;
import org.iplass.mtp.command.annotation.action.TokenCheck;
import org.iplass.mtp.entity.Entity;
import org.iplass.mtp.entity.EntityManager;
import org.iplass.mtp.entity.LoadOption;
import org.iplass.mtp.tenant.Tenant;
import org.iplass.mtp.tenant.TenantAuthInfo;

@ActionMappings({@ActionMapping(name = ResetPasswordCommand.ACTION_NAME, paramMapping = {@ParamMapping(name = Constants.VIEW_NAME, mapFrom = "${0}")}, clientCacheType = ActionMapping.ClientCacheType.NO_CACHE, command = {@CommandConfig(commandClass = DetailViewCommand.class, value = "cmd.detail=false;"), @CommandConfig(commandClass = ResetPasswordCommand.class)}, result = {@Result(status = Constants.CMD_EXEC_SUCCESS, type = Result.Type.JSP, value = Constants.CMD_RSLT_JSP_VIEW, templateName = DetailViewCommand.VIEW_ACTION_NAME, layoutActionName = Constants.LAYOUT_NORMAL_ACTION), @Result(status = Constants.CMD_EXEC_ERROR, type = Result.Type.JSP, value = Constants.CMD_RSLT_JSP_EDIT, templateName = DetailViewCommand.DETAIL_ACTION_NAME, layoutActionName = Constants.LAYOUT_NORMAL_ACTION)}, tokenCheck = @TokenCheck), @ActionMapping(name = ResetPasswordCommand.ACTION_REF_NAME, paramMapping = {@ParamMapping(name = Constants.VIEW_NAME, mapFrom = "${0}")}, clientCacheType = ActionMapping.ClientCacheType.NO_CACHE, command = {@CommandConfig(commandClass = DetailViewCommand.class, value = "cmd.detail=false;"), @CommandConfig(commandClass = ResetPasswordCommand.class)}, result = {@Result(status = Constants.CMD_EXEC_SUCCESS, type = Result.Type.JSP, value = Constants.CMD_RSLT_JSP_REF_VIEW, templateName = DetailViewCommand.REF_VIEW_ACTION_NAME, layoutActionName = Constants.LAYOUT_POPOUT_ACTION), @Result(status = Constants.CMD_EXEC_ERROR, type = Result.Type.JSP, value = Constants.CMD_RSLT_JSP_REF_EDIT, templateName = DetailViewCommand.REF_DETAIL_ACTION_NAME, layoutActionName = Constants.LAYOUT_POPOUT_ACTION)}, tokenCheck = @TokenCheck)})
@CommandClass(name = "gem/auth/ResetPasswordCommand", displayName = "パスワードリセット")
/* loaded from: input_file:org/iplass/gem/command/auth/ResetPasswordCommand.class */
public final class ResetPasswordCommand implements Command, AuthCommandConstants {
    public static final String ACTION_NAME = "gem/auth/password/reset";
    public static final String ACTION_REF_NAME = "gem/auth/password/ref/reset";
    private AuthManager am = ManagerLocator.getInstance().getManager(AuthManager.class);

    public String execute(RequestContext requestContext) {
        String param = requestContext.getParam(Constants.OID);
        if (param == null) {
            throw new SystemException("oid is null");
        }
        Entity load = ManagerLocator.getInstance().getManager(EntityManager.class).load(param, "mtp.auth.User", new LoadOption(false, false));
        String str = null;
        if (load != null) {
            str = (String) load.getValue("accountId");
        }
        if (str == null) {
            throw new SystemException("id is null");
        }
        if (!Constants.EXEC_TYPE_UPDATE.equals(requestContext.getParam(Constants.EXEC_TYPE))) {
            requestContext.setAttribute(Constants.MESSAGE, resourceString("command.auth.ResetPasswordCommand.onlyUpdate", new Object[0]));
            return Constants.CMD_EXEC_ERROR;
        }
        if (!this.am.canResetCredential((String) load.getValue("accountPolicy"))) {
            requestContext.setAttribute(Constants.MESSAGE, resourceString("command.auth.ResetPasswordCommand.notSupport", new Object[0]));
            return Constants.CMD_EXEC_ERROR;
        }
        if (!isUserAdminRole(AuthContext.getCurrentContext().getTenant())) {
            requestContext.setAttribute(Constants.MESSAGE, resourceString("command.auth.ResetPasswordCommand.onlyAdmin", new Object[0]));
            return Constants.CMD_EXEC_ERROR;
        }
        this.am.resetCredential(new IdPasswordCredential(str, (String) null), (String) load.getValue("accountPolicy"));
        return Constants.CMD_EXEC_SUCCESS;
    }

    private boolean isUserAdminRole(Tenant tenant) {
        AuthContext currentContext = AuthContext.getCurrentContext();
        if (currentContext.getUser().isAdmin()) {
            return true;
        }
        List userAdminRoles = tenant.getTenantConfig(TenantAuthInfo.class).getUserAdminRoles();
        if (userAdminRoles == null) {
            return false;
        }
        Iterator it = userAdminRoles.iterator();
        while (it.hasNext()) {
            if (currentContext.userInRole((String) it.next())) {
                return true;
            }
        }
        return false;
    }

    private static String resourceString(String str, Object... objArr) {
        return GemResourceBundleUtil.resourceString(str, objArr);
    }
}
