package org.openvpms.web.security;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.math.NumberUtils;
import org.openvpms.component.business.domain.im.security.User;
import org.openvpms.component.business.service.security.AuthenticationContext;
import org.openvpms.web.security.PasswordService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:org/openvpms/web/security/ConfirmChangePasswordServlet.class */
public class ConfirmChangePasswordServlet extends HttpServlet {
    private AuthenticationContext authenticationContext;
    private PasswordService passwordResetService;
    private static final String CHANGE_PASSWORD_ATTEMPTS = "_change_password_attempts";
    private static final Logger log = LoggerFactory.getLogger(ConfirmChangePasswordServlet.class);
    private static final int MAX_ATTEMPTS = 5;

    public void init() throws ServletException {
        super.init();
        WebApplicationContext requiredWebApplicationContext = WebApplicationContextUtils.getRequiredWebApplicationContext(getServletContext());
        this.passwordResetService = (PasswordService) requiredWebApplicationContext.getBean(PasswordService.class);
        this.authenticationContext = (AuthenticationContext) requiredWebApplicationContext.getBean(AuthenticationContext.class);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        HttpSession session = httpServletRequest.getSession(false);
        String parameter = httpServletRequest.getParameter("oldPassword");
        String parameter2 = httpServletRequest.getParameter("newPassword");
        User user = (User) this.authenticationContext.getUser();
        int attempts = getAttempts(session);
        if (session == null || user == null || parameter == null || parameter2 == null || attempts >= MAX_ATTEMPTS) {
            login(httpServletResponse, session, LoginStatus.ERROR);
            return;
        }
        PasswordService.Status changePassword = changePassword(user, parameter, parameter2);
        if (changePassword == PasswordService.Status.SUCCESS) {
            login(httpServletResponse, session, null);
        } else {
            if (changePassword != PasswordService.Status.PASSWORD_MISMATCH) {
                login(httpServletResponse, session, LoginStatus.ERROR);
                return;
            }
            httpServletRequest.setAttribute("passwordmismatch", true);
            session.setAttribute(CHANGE_PASSWORD_ATTEMPTS, Integer.valueOf(attempts + 1));
            httpServletRequest.getRequestDispatcher("changepassword").forward(httpServletRequest, httpServletResponse);
        }
    }

    private void login(HttpServletResponse httpServletResponse, HttpSession httpSession, String str) throws IOException {
        String str2;
        if (httpSession != null) {
            httpSession.invalidate();
        }
        str2 = "login";
        httpServletResponse.sendRedirect(str != null ? str2 + "?status=" + str : "login");
    }

    private PasswordService.Status changePassword(User user, String str, String str2) {
        PasswordService.Status status;
        try {
            status = this.passwordResetService.changePassword(user, str, str2);
        } catch (Exception e) {
            log.error("Failed to change password for user {}: {}", new Object[]{user.getUsername(), e.getMessage(), e});
            status = PasswordService.Status.ERROR;
        }
        return status;
    }

    private int getAttempts(HttpSession httpSession) {
        Object attribute;
        int i = 0;
        if (httpSession != null && (attribute = httpSession.getAttribute(CHANGE_PASSWORD_ATTEMPTS)) != null) {
            i = NumberUtils.toInt(attribute.toString(), 0);
        }
        return i;
    }
}
