package com.atlassian.stash.internal.user;

import com.atlassian.crowd.embedded.api.User;
import com.atlassian.crowd.embedded.api.UserWithAttributes;
import com.atlassian.crowd.search.query.entity.restriction.Property;
import com.atlassian.crowd.search.query.entity.restriction.PropertyUtils;
import com.atlassian.security.random.SecureTokenGenerator;
import com.atlassian.stash.internal.crowd.CrowdControl;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nonnull;
import org.apache.commons.lang3.math.NumberUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Component("passwordResetHelper")
/* loaded from: input_file:WEB-INF/lib/bitbucket-service-impl-6.0.0.jar:com/atlassian/stash/internal/user/CrowdPasswordResetHelper.class */
public class CrowdPasswordResetHelper implements PasswordResetHelper {
    public static final String PASSWORD_RESET_TOKEN_ATTRIBUTE = "passwordResetToken";
    public static final Property<String> PASSWORD_RESET_PROPERTY = PropertyUtils.ofTypeString(PASSWORD_RESET_TOKEN_ATTRIBUTE);
    public static final String PASSWORD_RESET_TOKEN_EXPIRATION_ATTRIBUTE = "passwordResetExpiration";
    private final CrowdControl crowdControl;
    private final SecureTokenGenerator tokenGenerator;
    private final long tokenValidityPeriod;

    @Autowired
    public CrowdPasswordResetHelper(CrowdControl crowdControl, SecureTokenGenerator secureTokenGenerator, @Value("${password.reset.validity.period}") long j) {
        this.crowdControl = crowdControl;
        this.tokenGenerator = secureTokenGenerator;
        this.tokenValidityPeriod = TimeUnit.MINUTES.toMillis(j);
    }

    @Override // com.atlassian.stash.internal.user.PasswordResetHelper
    @Nonnull
    public String addToken(@Nonnull User user) {
        String generateToken = this.tokenGenerator.generateToken();
        this.crowdControl.setUserAttribute(user, PASSWORD_RESET_TOKEN_ATTRIBUTE, generateToken);
        this.crowdControl.setUserAttribute(user, PASSWORD_RESET_TOKEN_EXPIRATION_ATTRIBUTE, Long.valueOf(System.currentTimeMillis() + this.tokenValidityPeriod));
        return generateToken;
    }

    @Override // com.atlassian.stash.internal.user.PasswordResetHelper
    public void clearToken(@Nonnull User user) {
        this.crowdControl.removeUserAttribute(user, PASSWORD_RESET_TOKEN_EXPIRATION_ATTRIBUTE);
        this.crowdControl.removeUserAttribute(user, PASSWORD_RESET_TOKEN_ATTRIBUTE);
    }

    @Override // com.atlassian.stash.internal.user.PasswordResetHelper
    public User findUserByToken(@Nonnull String str) {
        User findUserByProperty = this.crowdControl.findUserByProperty(PASSWORD_RESET_PROPERTY, str);
        if (findUserByProperty == null || !hasValidToken(findUserByProperty)) {
            return null;
        }
        return findUserByProperty;
    }

    @Override // com.atlassian.stash.internal.user.PasswordResetHelper
    @Nonnull
    public String generatePassword() {
        return this.tokenGenerator.generateToken();
    }

    @Override // com.atlassian.stash.internal.user.PasswordResetHelper
    public void resetPassword(@Nonnull User user, String str) {
        this.crowdControl.setPassword(user, str);
        clearToken(user);
    }

    private boolean hasValidToken(User user) {
        UserWithAttributes findUserWithAttributes = this.crowdControl.findUserWithAttributes(user.getName());
        if (findUserWithAttributes == null) {
            return false;
        }
        return findUserWithAttributes.getValue(PASSWORD_RESET_TOKEN_ATTRIBUTE) != null && NumberUtils.toLong(findUserWithAttributes.getValue(PASSWORD_RESET_TOKEN_EXPIRATION_ATTRIBUTE)) >= System.currentTimeMillis();
    }
}
