package com.appiancorp.ag.user.action;

import com.appiancorp.ag.ExtendedUserService;
import com.appiancorp.ag.user.form.SetPasswordForm;
import com.appiancorp.ag.util.PasswordManager;
import com.appiancorp.asi.components.common.Decorators;
import com.appiancorp.common.config.ApplicationContextHolder;
import com.appiancorp.common.monitoring.ProductMetricsAggregatedDataCollector;
import com.appiancorp.common.struts.BaseUpdateAction;
import com.appiancorp.common.struts.MessagingUtil;
import com.appiancorp.common.struts.SupportedHttpMethods;
import com.appiancorp.security.auth.AppianAuthenticationSuccessHandler;
import com.appiancorp.security.auth.ForgotPasswordRequestManager;
import com.appiancorp.security.auth.forgotpassword.ForgotPasswordRequestCache;
import com.appiancorp.security.auth.forgotpassword.PasswordResetAuditLog;
import com.appiancorp.security.auth.forgotpassword.PasswordResetSource;
import com.appiancorp.security.auth.rememberme.AppianPersistentTokenBasedRememberMeServices;
import com.appiancorp.security.auth.rememberme.RememberMeCookie;
import com.appiancorp.security.auth.rememberme.RememberMeScsHandler;
import com.appiancorp.security.auth.rememberme.RememberMeSettings;
import com.appiancorp.security.auth.rememberme.RememberMeToken;
import com.appiancorp.security.auth.rememberme.RememberMeTokenService;
import com.appiancorp.services.ServiceContext;
import com.appiancorp.services.WebServiceContextFactory;
import com.appiancorp.suite.cfg.AdminSecurityConfiguration;
import com.appiancorp.suiteapi.common.ServiceLocator;
import com.appiancorp.suiteapi.common.exceptions.PrivilegeException;
import com.appiancorp.suiteapi.personalization.UserProfile;
import com.appiancorp.suiteapi.security.auth.AppianUserDetails;
import com.appiancorp.suiteapi.security.auth.PasswordStatus;
import com.google.common.annotations.VisibleForTesting;
import java.util.Iterator;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.apache.struts.action.ActionErrors;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.action.ActionMessage;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;

@SupportedHttpMethods({SupportedHttpMethods.Method.GET, SupportedHttpMethods.Method.POST})
/* loaded from: input_file:com/appiancorp/ag/user/action/SetPassword.class */
public class SetPassword extends BaseUpdateAction {
    private static final Logger LOG = Logger.getLogger(SetPassword.class);
    protected static final String FIELD_OLD_PASSWORD = "oldPw";
    protected static final String FIELD_NEW_PASSWORD = "newPw";
    protected static final String FIELD_CONFIRM_NEW_PASSWORD = "confirmNewPw";
    private static final String STATUS_WARNING_TO_CHANGE_PASSWORD = "warning";
    private static final String STATUS_EXPIRED_PASSWORD = "expired";
    private static final String ATTR_STATUS = "status";
    private static final String ATTR_WARN_DURATION = "warnDuration";
    private static final String MSG_BUNDLE_KEY = "ap-app-i18n";
    static final String PASSWORD_RESET_KEY = "forgotPassword.passwordsReset";
    private AdminSecurityConfiguration securityConfiguration;
    private RememberMeTokenService rememberMeTokenService;
    private RememberMeSettings rememberMeSettings;
    private RememberMeScsHandler rememberMeScsHandler;
    private ForgotPasswordRequestManager forgotPasswordRequestManager;
    private ForgotPasswordRequestCache forgotPasswordRequestCache;

    public SetPassword() {
        this.securityConfiguration = (AdminSecurityConfiguration) ApplicationContextHolder.getBean(AdminSecurityConfiguration.class);
        this.rememberMeTokenService = (RememberMeTokenService) ApplicationContextHolder.getBean(RememberMeTokenService.class);
        this.rememberMeSettings = (RememberMeSettings) ApplicationContextHolder.getBean(RememberMeSettings.class);
        this.rememberMeScsHandler = (RememberMeScsHandler) ApplicationContextHolder.getBean(RememberMeScsHandler.class);
        this.forgotPasswordRequestManager = (ForgotPasswordRequestManager) ApplicationContextHolder.getBean(ForgotPasswordRequestManager.class);
        this.forgotPasswordRequestCache = (ForgotPasswordRequestCache) ApplicationContextHolder.getBean(ForgotPasswordRequestCache.class);
    }

    @VisibleForTesting
    public SetPassword(AdminSecurityConfiguration adminSecurityConfiguration, RememberMeTokenService rememberMeTokenService, RememberMeSettings rememberMeSettings, RememberMeScsHandler rememberMeScsHandler, ForgotPasswordRequestManager forgotPasswordRequestManager, ForgotPasswordRequestCache forgotPasswordRequestCache) {
        this.securityConfiguration = adminSecurityConfiguration;
        this.rememberMeTokenService = rememberMeTokenService;
        this.rememberMeSettings = rememberMeSettings;
        this.rememberMeScsHandler = rememberMeScsHandler;
        this.forgotPasswordRequestManager = forgotPasswordRequestManager;
        this.forgotPasswordRequestCache = forgotPasswordRequestCache;
    }

    @Override // com.appiancorp.common.struts.BaseUpdateAction
    protected ActionForward prepare(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Decorators.setDecorator(httpServletRequest, Decorators.Decorator.NONE);
        AppianUserDetails appianUserDetails = (AppianUserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        UserProfile userProfile = appianUserDetails.getUserProfile();
        PasswordStatus passwordStatus = appianUserDetails.getPasswordStatus();
        if (this.forgotPasswordRequestManager.isEnabled()) {
            ((SetPasswordForm) actionForm).setUsername(userProfile.getUsername());
        }
        switch (passwordStatus) {
            case TEMPORARY:
                return actionMapping.findForward("prepare");
            case EXPIRED:
                httpServletRequest.setAttribute("status", "expired");
                return actionMapping.findForward("prepare");
            case EXPIRATION_WARNING:
                int timeRemainingUntilPasswordExpiration = this.securityConfiguration.getTimeRemainingUntilPasswordExpiration(userProfile.getPasswordModified());
                httpServletRequest.setAttribute("status", "warning");
                httpServletRequest.setAttribute(ATTR_WARN_DURATION, Integer.valueOf(timeRemainingUntilPasswordExpiration));
                return actionMapping.findForward("prepare");
            default:
                return actionMapping.findForward("error");
        }
    }

    @Override // com.appiancorp.common.struts.BaseUpdateAction
    public ActionErrors validate(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, String str) {
        SetPasswordForm setPasswordForm = (SetPasswordForm) actionForm;
        String oldPw = setPasswordForm.getOldPw();
        String newPw = setPasswordForm.getNewPw();
        String confirmNewPw = setPasswordForm.getConfirmNewPw();
        String username = ((AppianUserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername();
        ServiceContext serviceContext = WebServiceContextFactory.getServiceContext(httpServletRequest);
        ActionErrors actionErrors = new ActionErrors();
        if (!this.forgotPasswordRequestManager.isEnabled()) {
            PasswordManager.validateOldPassword(username, oldPw, FIELD_OLD_PASSWORD, actionErrors, serviceContext);
        }
        PasswordManager.validateConfirmationPassword(username, newPw, confirmNewPw, FIELD_CONFIRM_NEW_PASSWORD, actionErrors);
        PasswordManager.validateComplexity(username, newPw, FIELD_NEW_PASSWORD, actionErrors, serviceContext);
        Iterator it = actionErrors.get();
        while (it.hasNext()) {
            MessagingUtil.addError(httpServletRequest.getSession(), (ActionMessage) it.next(), MSG_BUNDLE_KEY);
        }
        return actionErrors;
    }

    @Override // com.appiancorp.common.struts.BaseViewAction
    public ActionForward main(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!httpServletRequest.getMethod().equalsIgnoreCase("POST")) {
            return actionMapping.findForward("error");
        }
        String newPw = ((SetPasswordForm) actionForm).getNewPw();
        SecurityContext context = SecurityContextHolder.getContext();
        Authentication authentication = context.getAuthentication();
        AppianUserDetails appianUserDetails = (AppianUserDetails) authentication.getPrincipal();
        String username = appianUserDetails.getUsername();
        ExtendedUserService extendedUserService = (ExtendedUserService) ServiceLocator.getService(WebServiceContextFactory.getServiceContext(httpServletRequest), ExtendedUserService.SERVICE_NAME);
        RememberMeCookie rememberMeCookie = getRememberMeCookie(httpServletRequest);
        try {
            extendedUserService.changeUnhashedUserPassword(username, newPw.toCharArray(), false);
            unlockUserOnforgetPwd(username);
            if (appianUserDetails.getPasswordStatus() != PasswordStatus.NORMAL) {
                appianUserDetails.setPasswordStatus(PasswordStatus.NORMAL);
                httpServletRequest.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context);
            }
            if (this.forgotPasswordRequestManager.isEnabled()) {
                httpServletRequest.setAttribute(ForgotPasswordRequestManager.FORGOT_PASSWORD_REQUEST, true);
                this.forgotPasswordRequestCache.removeUserFromCache(username);
                ProductMetricsAggregatedDataCollector.recordData(PASSWORD_RESET_KEY, 1L);
                PasswordResetAuditLog.log(username, httpServletRequest.getRemoteAddr(), PasswordResetSource.FORGOT_PASSWORD);
                this.forgotPasswordRequestManager.disable();
            }
            if (rememberMeCookie != null) {
                this.rememberMeTokenService.create(username, rememberMeCookie.getSeries(), rememberMeCookie.getToken(), appianUserDetails.isAuthenticatedByAppianInternalProvider());
                this.rememberMeScsHandler.addScsTokenCookieToResponse(appianUserDetails, httpServletRequest, httpServletResponse);
            }
            try {
                ((AppianAuthenticationSuccessHandler) ApplicationContextHolder.getBean(AppianAuthenticationSuccessHandler.class)).onAuthenticationSuccess(httpServletRequest, httpServletResponse, authentication);
                return null;
            } catch (Exception e) {
                LOG.error("Error in password reset redirect", e);
                return actionMapping.findForward("error");
            }
        } catch (PrivilegeException e2) {
            throw new IllegalStateException("An unexpected error occurred while trying to change the password for the user [" + username + "]. The user does not have sufficient privileges to change the password.", e2);
        }
    }

    private RememberMeCookie getRememberMeCookie(HttpServletRequest httpServletRequest) {
        Cookie cookie = null;
        if (this.rememberMeSettings.isEnabledForAppianAuthentication() && httpServletRequest.getCookies() != null) {
            Cookie[] cookies = httpServletRequest.getCookies();
            int length = cookies.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                Cookie cookie2 = cookies[i];
                if (cookie2.getName().equals(AppianPersistentTokenBasedRememberMeServices.REMEMBER_ME_COOKIE_NAME)) {
                    cookie = cookie2;
                    break;
                }
                i++;
            }
        }
        RememberMeCookie rememberMeCookie = null;
        if (cookie != null) {
            rememberMeCookie = new RememberMeCookie(cookie.getValue());
            RememberMeToken bySeries = this.rememberMeTokenService.getBySeries(rememberMeCookie.getSeries());
            if (bySeries == null || !bySeries.getToken().equals(rememberMeCookie.getToken())) {
                return null;
            }
        }
        return rememberMeCookie;
    }

    public void unlockUserOnforgetPwd(String str) {
        try {
            ServiceLocator.getUserService(ServiceLocator.getAdministratorServiceContext()).unlockUser(str);
        } catch (PrivilegeException e) {
            throw new IllegalStateException("An unexpected error occured while trying to reset the password for the user [" + str + "]. The user does not have sufficient privileges to unlock this user.", e);
        }
    }
}
