package com.atlassian.stash.internal.web.users;

import com.atlassian.bitbucket.auth.HttpAuthenticationContext;
import com.atlassian.bitbucket.mail.MailException;
import com.atlassian.bitbucket.mail.MailService;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.user.UserAdminService;
import com.atlassian.bitbucket.user.UserService;
import com.atlassian.stash.internal.crowd.CrowdControl;
import com.atlassian.stash.internal.web.auth.IgnoresXsrf;
import com.atlassian.stash.internal.web.soy.StashSoyResponseBuilder;
import com.google.common.annotations.VisibleForTesting;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.RejectedExecutionException;
import javax.validation.Valid;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Controller;
import org.springframework.validation.Errors;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;

@Controller
/* loaded from: input_file:WEB-INF/classes/com/atlassian/stash/internal/web/users/PasswordResetController.class */
public class PasswordResetController {

    @VisibleForTesting
    static final String RESET_PASSWORD_FORM = "bitbucket.internal.users.passwordReset";

    @VisibleForTesting
    static final String RESET_PASSWORD_ACKNOWLEDGMENT = "bitbucket.internal.users.passwordResetReceived";
    private static final Logger log = LoggerFactory.getLogger((Class<?>) PasswordResetController.class);
    private static final String CONFIRM_RESET_PASSWORD = "bitbucket.internal.users.passwordResetConfirm";
    private static final String CONFIRM_PASSWORD_SET = "bitbucket.internal.users.passwordSet";
    private final CrowdControl crowdControl;
    private final ExecutorService executorService;
    private final MailService mailService;
    private final UserAdminService userAdminService;
    private final UserService userService;

    @Autowired
    public PasswordResetController(CrowdControl crowdControl, @Qualifier("passwordResetExecutorService") ExecutorService executorService, MailService mailService, UserAdminService userAdminService, UserService userService) {
        this.crowdControl = crowdControl;
        this.executorService = executorService;
        this.mailService = mailService;
        this.userAdminService = userAdminService;
        this.userService = userService;
    }

    @RequestMapping(value = {"/passwordreset"}, method = {RequestMethod.GET}, params = {"token"})
    public ModelAndView displayPasswordForm(@RequestParam String str) {
        return new ModelAndView(CONFIRM_RESET_PASSWORD, HttpAuthenticationContext.METHOD_FORM, new ResetPasswordForm(str, this.userAdminService.findUserByPasswordResetToken(str)));
    }

    @RequestMapping(value = {"/passwordreset"}, method = {RequestMethod.GET})
    public ModelAndView displayRequestForm() {
        return buildRequestForm(false);
    }

    @RequestMapping(value = {"/passwordreset"}, method = {RequestMethod.POST}, params = {"token"})
    @IgnoresXsrf
    public ModelAndView resetPassword(@Valid ResetPasswordForm resetPasswordForm, Errors errors) {
        if (errors.hasErrors()) {
            return new StashSoyResponseBuilder(CONFIRM_RESET_PASSWORD).put(HttpAuthenticationContext.METHOD_FORM, resetPasswordForm).putValidationErrors(errors).build();
        }
        try {
            this.userAdminService.resetPassword(resetPasswordForm.getToken(), resetPasswordForm.getPassword());
            return new ModelAndView(CONFIRM_PASSWORD_SET);
        } catch (Exception e) {
            return new StashSoyResponseBuilder(CONFIRM_RESET_PASSWORD).put(HttpAuthenticationContext.METHOD_FORM, resetPasswordForm).putFormErrors(e.getLocalizedMessage()).build();
        }
    }

    @RequestMapping(value = {"/passwordreset"}, method = {RequestMethod.POST})
    @IgnoresXsrf
    public ModelAndView submitRequest(@RequestParam String str) {
        if (StringUtils.isBlank(str)) {
            return buildRequestForm(true);
        }
        try {
            this.executorService.submit(() -> {
                ApplicationUser findUserByNameOrEmail = this.userService.findUserByNameOrEmail(str);
                if (findUserByNameOrEmail == null) {
                    log.info("A password reset was requested for an unknown user " + str);
                    return;
                }
                if (!this.crowdControl.canResetPassword(findUserByNameOrEmail.getName())) {
                    log.info("The authentication backend is unable to reset the password for " + str);
                    return;
                }
                try {
                    this.userAdminService.requestPasswordReset(findUserByNameOrEmail.getName());
                } catch (MailException e) {
                    log.error("A password reset e-mail could not be sent for " + str, (Throwable) e);
                } catch (Exception e2) {
                    log.error("A password reset could not be performed for " + str, (Throwable) e2);
                }
            });
        } catch (RejectedExecutionException e) {
            log.warn("A password reset was rejected for " + str + " because of too many concurrent requests");
        }
        return new ModelAndView(RESET_PASSWORD_ACKNOWLEDGMENT);
    }

    private ModelAndView buildRequestForm(boolean z) {
        return new StashSoyResponseBuilder(RESET_PASSWORD_FORM).put("canSendEmail", Boolean.valueOf(this.mailService.isHostConfigured())).put("submittedEmptyIdentifier", Boolean.valueOf(z)).build();
    }
}
