package com.atlassian.stash.internal.web.users;

import com.atlassian.bitbucket.auth.AuthenticationContext;
import com.atlassian.bitbucket.auth.AuthenticationService;
import com.atlassian.bitbucket.auth.CaptchaRequiredAuthenticationException;
import com.atlassian.bitbucket.auth.IncorrectPasswordAuthenticationException;
import com.atlassian.bitbucket.i18n.I18nService;
import com.atlassian.bitbucket.nav.NavBuilder;
import com.atlassian.bitbucket.ui.PluginFormFragments;
import com.atlassian.bitbucket.ui.PluginFormFragmentsFactory;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.user.DetailedUser;
import com.atlassian.bitbucket.user.UserAdminService;
import com.atlassian.bitbucket.user.UserService;
import com.atlassian.stash.internal.auth.AuthenticationHelper;
import com.atlassian.stash.internal.crowd.CrowdControl;
import com.atlassian.stash.internal.plugin.PluginValidationErrors;
import com.atlassian.stash.internal.web.soy.StashSoyResponseBuilder;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableMap;
import javax.servlet.http.HttpServletRequest;
import javax.validation.Valid;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.LockedException;
import org.springframework.stereotype.Controller;
import org.springframework.validation.Errors;
import org.springframework.validation.beanvalidation.SpringValidatorAdapter;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.view.RedirectView;

@RequestMapping({"/account"})
@Controller
/* loaded from: input_file:WEB-INF/classes/com/atlassian/stash/internal/web/users/UserAccountController.class */
public class UserAccountController {

    @VisibleForTesting
    static final String SETTINGS_VIEW = "bitbucket.internal.page.users.account.account.settings";

    @VisibleForTesting
    static final String PASSWORD_VIEW = "bitbucket.internal.page.users.account.account.password";
    private static final String USER_SETTINGS_FRAGMENT_KEY = "bitbucket.page.user.settings";
    private final AuthenticationService authenticationService;
    private final AuthenticationContext authenticationContext;
    private final CrowdControl crowdControl;
    private final UserAdminService userAdminService;
    private final UserService userService;
    private final I18nService i18nService;
    private final PluginFormFragmentsFactory formFragmentsFactory;
    private final SpringValidatorAdapter validatorAdapter;
    private final NavBuilder navBuilder;
    private final AuthenticationHelper authenticationHelper;

    @Autowired
    public UserAccountController(AuthenticationService authenticationService, CrowdControl crowdControl, I18nService i18nService, PluginFormFragmentsFactory pluginFormFragmentsFactory, SpringValidatorAdapter springValidatorAdapter, AuthenticationContext authenticationContext, UserAdminService userAdminService, UserService userService, NavBuilder navBuilder, AuthenticationHelper authenticationHelper) {
        this.authenticationService = authenticationService;
        this.authenticationContext = authenticationContext;
        this.crowdControl = crowdControl;
        this.formFragmentsFactory = pluginFormFragmentsFactory;
        this.i18nService = i18nService;
        this.userAdminService = userAdminService;
        this.userService = userService;
        this.validatorAdapter = springValidatorAdapter;
        this.navBuilder = navBuilder;
        this.authenticationHelper = authenticationHelper;
    }

    @RequestMapping(method = {RequestMethod.GET})
    public ModelAndView viewSettings() {
        DetailedUser userDetails = this.userAdminService.getUserDetails(getCurrentUserOrThrow());
        return showSettingsPage(SETTINGS_VIEW, userDetails, false, populateFormWithUserDetails(new AccountSettingsForm(), userDetails));
    }

    @RequestMapping(method = {RequestMethod.POST})
    public ModelAndView updateSettings(AccountSettingsForm accountSettingsForm, Errors errors, HttpServletRequest httpServletRequest) {
        ApplicationUser currentUserOrThrow = getCurrentUserOrThrow();
        DetailedUser userDetails = this.userAdminService.getUserDetails(currentUserOrThrow);
        if (userDetails.isMutableDetails()) {
            this.validatorAdapter.validate(accountSettingsForm, errors);
        } else {
            accountSettingsForm = populateFormWithUserDetails(accountSettingsForm, userDetails);
        }
        PluginFormFragments formFragment = getFormFragment(userDetails);
        PluginValidationErrors pluginValidationErrors = new PluginValidationErrors(errors);
        formFragment.validate(httpServletRequest.getParameterMap(), pluginValidationErrors);
        if (errors.hasErrors() || pluginValidationErrors.hasFieldErrors()) {
            return showSettingsPage(SETTINGS_VIEW, userDetails, false, accountSettingsForm, errors, formFragment.getErrorHtml(httpServletRequest.getParameterMap(), pluginValidationErrors.getFieldErrors()));
        }
        if (userDetails.isMutableDetails()) {
            currentUserOrThrow = this.userService.updateUser(accountSettingsForm.getDisplayName(), accountSettingsForm.getEmailAddress());
        }
        formFragment.execute(httpServletRequest.getParameterMap());
        return showSettingsPage(SETTINGS_VIEW, this.userAdminService.getUserDetails(currentUserOrThrow), true, accountSettingsForm);
    }

    private PluginFormFragments getFormFragment(DetailedUser detailedUser) {
        return this.formFragmentsFactory.forKey(USER_SETTINGS_FRAGMENT_KEY, ImmutableMap.of("user", detailedUser));
    }

    private AccountSettingsForm populateFormWithUserDetails(AccountSettingsForm accountSettingsForm, DetailedUser detailedUser) {
        accountSettingsForm.setDisplayName(detailedUser.getDisplayName());
        accountSettingsForm.setEmailAddress(detailedUser.getEmailAddress());
        return accountSettingsForm;
    }

    private ModelAndView showSettingsPage(String str, DetailedUser detailedUser, boolean z, AccountSettingsForm accountSettingsForm) {
        return showSettingsPage(str, detailedUser, z, accountSettingsForm, null, null);
    }

    private ModelAndView showSettingsPage(String str, DetailedUser detailedUser, boolean z, AccountSettingsForm accountSettingsForm, Errors errors, String str2) {
        StashSoyResponseBuilder put = new StashSoyResponseBuilder(str).put("user", detailedUser).put("accountSettingsForm", accountSettingsForm).put("mutableDetails", Boolean.valueOf(detailedUser.isMutableDetails())).put("pluginFieldsContent", str2 != null ? str2 : getFormFragment(detailedUser).getViewHtml()).put("saved", Boolean.valueOf(z));
        if (errors != null) {
            put.putValidationErrors(errors);
        }
        return put.build();
    }

    @RequestMapping(value = {"/password"}, method = {RequestMethod.GET})
    public ModelAndView viewPassword() {
        return showPasswordPage(this.userAdminService.getUserDetails(getCurrentUserOrThrow()), false, null);
    }

    @RequestMapping(value = {"/password"}, method = {RequestMethod.POST})
    public ModelAndView updatePassword(@Valid AccountPasswordForm accountPasswordForm, Errors errors, HttpServletRequest httpServletRequest) {
        DetailedUser userDetails = this.userAdminService.getUserDetails(getCurrentUserOrThrow());
        if (errors.hasErrors()) {
            return showPasswordPage(userDetails, false, errors);
        }
        try {
            this.authenticationService.authenticateWithCaptcha(userDetails.getName(), accountPasswordForm.getCurrentPassword());
            this.userService.updatePassword(accountPasswordForm.getCurrentPassword(), accountPasswordForm.getNewPassword());
            return showPasswordPage(userDetails, true, errors);
        } catch (CaptchaRequiredAuthenticationException e) {
            this.authenticationHelper.setAuthenticationException(httpServletRequest, new LockedException(this.i18nService.createKeyedMessage("bitbucket.service.user.toomanyfailedauthattempts", new Object[0]).getLocalisedMessage()));
            this.authenticationHelper.setCachedUsername(httpServletRequest, userDetails.getName());
            this.authenticationService.clear();
            return showLoginPage(this.navBuilder.account().password().buildAbsolute());
        } catch (IncorrectPasswordAuthenticationException e2) {
            errors.rejectValue("currentPassword", "com.atlassian.stash.validation.password.incorrect.message", this.i18nService.getMessage("bitbucket.web.user.invalidpassword", new Object[0]));
            return showPasswordPage(userDetails, false, errors);
        }
    }

    private ApplicationUser getCurrentUserOrThrow() {
        ApplicationUser currentUser = this.authenticationContext.getCurrentUser();
        if (currentUser == null) {
            throw new AccessDeniedException(this.i18nService.getMessage("bitbucket.web.account.anonymous.error", new Object[0]));
        }
        return currentUser;
    }

    private ModelAndView showPasswordPage(DetailedUser detailedUser, boolean z, Errors errors) {
        StashSoyResponseBuilder put = new StashSoyResponseBuilder(PASSWORD_VIEW).put("user", detailedUser).put("editablePassword", Boolean.valueOf(this.crowdControl.canResetPassword(detailedUser.getName()))).put("saved", Boolean.valueOf(z));
        if (errors != null) {
            put.putValidationErrors(errors);
        }
        return put.build();
    }

    private ModelAndView showLoginPage(String str) {
        ImmutableMap.Builder builder = ImmutableMap.builder();
        builder.put("next", str);
        return new ModelAndView(new RedirectView(this.navBuilder.login().buildConfigured(), true), builder.build());
    }
}
