package org.openvpms.web.security.login;

import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.openvpms.archetype.rules.practice.PracticeService;
import org.openvpms.archetype.rules.user.PasswordValidator;
import org.openvpms.component.business.dao.im.security.IUserDAO;
import org.openvpms.component.model.bean.IMObjectBean;
import org.openvpms.component.model.user.User;
import org.openvpms.component.service.archetype.ArchetypeService;
import org.openvpms.web.security.login.SecurityCodeService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.crypto.password.PasswordEncoder;

/* loaded from: input_file:org/openvpms/web/security/login/PasswordService.class */
public class PasswordService extends SecurityCodeService {
    private final ArchetypeService service;
    private final IUserDAO users;
    private final PasswordEncoder encoder;
    private final PasswordValidator validator;
    private final PasswordMailer mailer;
    private static final Logger log = LoggerFactory.getLogger(PasswordService.class);

    public PasswordService(ArchetypeService archetypeService, IUserDAO iUserDAO, PasswordEncoder passwordEncoder, PasswordValidator passwordValidator, PracticeService practiceService, PasswordMailer passwordMailer) {
        super(archetypeService, practiceService);
        this.service = archetypeService;
        this.users = iUserDAO;
        this.encoder = passwordEncoder;
        this.validator = passwordValidator;
        this.mailer = passwordMailer;
    }

    public String sendResetCode(String str) {
        String str2 = null;
        User user = getUser(str);
        if (user == null) {
            log.error("Cannot send reset code. No active user with username {}", str);
        } else {
            str2 = sendCode(user);
        }
        return str2;
    }

    public SecurityCodeService.Status resetPassword(String str, String str2, String str3) {
        return applyCode(str, str2, l -> {
            SecurityCodeService.Status status;
            if (validate(str3)) {
                User user = (User) this.service.get("security.user", l.longValue(), true);
                if (user != null) {
                    setPassword(user, str3);
                    sendNotification(user);
                    status = SecurityCodeService.Status.SUCCESS;
                } else {
                    log.warn("Cannot reset password for user id={}. No active user exists", l);
                    status = SecurityCodeService.Status.ERROR;
                }
            } else {
                status = SecurityCodeService.Status.ERROR;
            }
            return status;
        });
    }

    public SecurityCodeService.Status changePassword(User user, String str, String str2) {
        SecurityCodeService.Status status;
        if (!this.encoder.matches(str, ((org.openvpms.component.business.domain.im.security.User) user).getPassword())) {
            status = SecurityCodeService.Status.DATA_MISMATCH;
        } else if (str.equals(str2) || !validate(str2)) {
            status = SecurityCodeService.Status.ERROR;
        } else {
            setPassword(user, str2);
            sendNotification(user);
            status = SecurityCodeService.Status.SUCCESS;
        }
        return status;
    }

    @Override // org.openvpms.web.security.login.SecurityCodeService
    protected boolean sendCode(User user, String str, String str2, String str3) {
        boolean z = false;
        try {
            this.mailer.sendResetCode(str2, str3, str);
            z = true;
        } catch (Exception e) {
            log.error("Failed to send reset code to {}: {}", str3, e.getMessage());
        }
        return z;
    }

    private void setPassword(User user, String str) {
        IMObjectBean bean = this.service.getBean(user);
        bean.setValue("password", this.encoder.encode(str));
        bean.setValue("changePassword", false);
        save(user);
        log.warn("Password changed for user id={}, username={}", Long.valueOf(user.getId()), user.getUsername());
    }

    private User getUser(String str) {
        org.openvpms.component.business.domain.im.security.User user = this.users.getUser(str);
        if (user == null || !user.isActive()) {
            return null;
        }
        return user;
    }

    private void sendNotification(User user) {
        String fromAddress = getFromAddress();
        String toAddress = getToAddress(user);
        if (fromAddress == null || toAddress == null) {
            return;
        }
        try {
            this.mailer.sendPasswordChanged(fromAddress, toAddress);
        } catch (Exception e) {
            log.error("Failed to send notification to {}: {}", toAddress, e.getMessage());
        }
    }

    private boolean validate(String str) {
        List validate = this.validator.validate(str);
        if (!validate.isEmpty()) {
            log.error("Password doesn't match policy: {}", StringUtils.join(validate, ","));
        }
        return validate.isEmpty();
    }
}
