package com.atlassian.crowd.manager.login;

import com.atlassian.crowd.dao.token.ResetPasswordTokenDao;
import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.embedded.api.OperationType;
import com.atlassian.crowd.embedded.api.PasswordCredential;
import com.atlassian.crowd.event.login.RequestResetPasswordEvent;
import com.atlassian.crowd.event.login.RequestUsernamesEvent;
import com.atlassian.crowd.exception.ApplicationPermissionException;
import com.atlassian.crowd.exception.DirectoryNotFoundException;
import com.atlassian.crowd.exception.InvalidCredentialException;
import com.atlassian.crowd.exception.InvalidEmailAddressException;
import com.atlassian.crowd.exception.ObjectNotFoundException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.manager.application.ApplicationService;
import com.atlassian.crowd.manager.directory.DirectoryManager;
import com.atlassian.crowd.manager.directory.DirectoryPermissionException;
import com.atlassian.crowd.manager.login.exception.InvalidResetPasswordTokenException;
import com.atlassian.crowd.manager.permission.PermissionManager;
import com.atlassian.crowd.model.application.Application;
import com.atlassian.crowd.model.token.ResetPasswordToken;
import com.atlassian.crowd.model.user.User;
import com.atlassian.crowd.search.EntityDescriptor;
import com.atlassian.crowd.search.builder.QueryBuilder;
import com.atlassian.crowd.search.builder.Restriction;
import com.atlassian.crowd.search.query.entity.restriction.constants.UserTermKeys;
import com.atlassian.crowd.service.client.ClientProperties;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.security.random.SecureTokenGenerator;
import com.google.common.base.Function;
import com.google.common.base.Preconditions;
import com.google.common.collect.Lists;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.ConcurrentModificationException;
import java.util.List;
import javax.mail.internet.AddressException;
import javax.mail.internet.InternetAddress;
import org.apache.commons.lang.StringUtils;
import org.joda.time.LocalDateTime;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/crowd/manager/login/ForgottenLoginManagerImpl.class */
public class ForgottenLoginManagerImpl implements ForgottenLoginManager {
    private static final int TOKEN_EXPIRY_HOURS = 24;
    private static final String UTF8_ENCODING = "UTF-8";
    private static final String RESET_PASSWORD_ACTION = "/console/resetpassword.action";
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private final ApplicationService applicationService;
    private final DirectoryManager directoryManager;
    private final PermissionManager permissionManager;
    private final ResetPasswordTokenDao resetPasswordTokenDao;
    private final SecureTokenGenerator tokenGenerator;
    private final ClientProperties clientProperties;
    private final EventPublisher eventPublisher;

    public ForgottenLoginManagerImpl(ApplicationService applicationService, DirectoryManager directoryManager, PermissionManager permissionManager, ResetPasswordTokenDao resetPasswordTokenDao, SecureTokenGenerator secureTokenGenerator, ClientProperties clientProperties, EventPublisher eventPublisher) {
        this.applicationService = (ApplicationService) Preconditions.checkNotNull(applicationService);
        this.directoryManager = (DirectoryManager) Preconditions.checkNotNull(directoryManager);
        this.permissionManager = (PermissionManager) Preconditions.checkNotNull(permissionManager);
        this.resetPasswordTokenDao = (ResetPasswordTokenDao) Preconditions.checkNotNull(resetPasswordTokenDao);
        this.tokenGenerator = (SecureTokenGenerator) Preconditions.checkNotNull(secureTokenGenerator);
        this.clientProperties = (ClientProperties) Preconditions.checkNotNull(clientProperties);
        this.eventPublisher = (EventPublisher) Preconditions.checkNotNull(eventPublisher);
    }

    public void sendResetLink(Application application, String str) throws UserNotFoundException, InvalidEmailAddressException, ApplicationPermissionException {
        User findUserByName = this.applicationService.findUserByName(application, str);
        try {
            Directory findDirectoryById = this.directoryManager.findDirectoryById(findUserByName.getDirectoryId());
            if (!this.permissionManager.hasPermission(application, findDirectoryById, OperationType.UPDATE_USER)) {
                throw new ApplicationPermissionException("Not allowed to update user '" + findUserByName.getName() + "' in directory '" + findDirectoryById.getName() + "'.");
            }
            sendResetLink(findUserByName, findDirectoryById);
        } catch (DirectoryNotFoundException e) {
            throw new ConcurrentModificationException("Directory " + findUserByName.getDirectoryId() + " no longer exists.");
        }
    }

    public boolean sendUsernames(Application application, String str) throws InvalidEmailAddressException {
        List searchUsers = this.applicationService.searchUsers(application, QueryBuilder.queryFor(User.class, EntityDescriptor.user()).with(Restriction.on(UserTermKeys.EMAIL).exactlyMatching(str)).returningAtMost(-1));
        if (searchUsers.isEmpty()) {
            this.logger.info("No usernames found for email address: " + str);
            return false;
        }
        this.eventPublisher.publish(new RequestUsernamesEvent((User) searchUsers.get(0), Lists.transform(searchUsers, new Function<User, String>() { // from class: com.atlassian.crowd.manager.login.ForgottenLoginManagerImpl.1
            public String apply(User user) {
                return user.getName();
            }
        })));
        return true;
    }

    public void sendResetLink(long j, String str) throws DirectoryNotFoundException, InvalidEmailAddressException, UserNotFoundException, OperationFailedException {
        sendResetLink(this.directoryManager.findUserByName(j, str), this.directoryManager.findDirectoryById(j));
    }

    public boolean isValidResetToken(long j, String str, String str2) {
        if (StringUtils.isBlank(str) || StringUtils.isBlank(str2)) {
            return false;
        }
        try {
            ResetPasswordToken findTokenByUsername = this.resetPasswordTokenDao.findTokenByUsername(str);
            LocalDateTime localDateTime = new LocalDateTime();
            if (!findTokenByUsername.getToken().equals(str2) || localDateTime.isAfter(new LocalDateTime(findTokenByUsername.getExpiryDate()))) {
                return false;
            }
            return findTokenByUsername.getDirectoryId() == j;
        } catch (ObjectNotFoundException e) {
            return false;
        }
    }

    public void resetUserCredential(long j, String str, PasswordCredential passwordCredential, String str2) throws DirectoryNotFoundException, UserNotFoundException, InvalidResetPasswordTokenException, OperationFailedException, InvalidCredentialException, DirectoryPermissionException {
        if (!isValidResetToken(j, str, str2)) {
            throw new InvalidResetPasswordTokenException("No valid reset token found for user");
        }
        this.directoryManager.updateUserCredential(j, str, passwordCredential);
        this.resetPasswordTokenDao.removeTokenByUsername(str);
    }

    private void validateUser(User user) throws InvalidEmailAddressException {
        if (StringUtils.isBlank(user.getEmailAddress())) {
            throw new InvalidEmailAddressException("Cannot email a reset password link; user's email address is blank.");
        }
        try {
            new InternetAddress(user.getEmailAddress()).validate();
        } catch (AddressException e) {
            throw new InvalidEmailAddressException(e);
        }
    }

    private ResetPasswordToken createAndStoreResetToken(String str, long j) {
        ResetPasswordToken resetPasswordToken = new ResetPasswordToken(new LocalDateTime().plusHours(TOKEN_EXPIRY_HOURS).toDateTime().getMillis(), this.tokenGenerator.generateToken(), str, j);
        this.resetPasswordTokenDao.addToken(resetPasswordToken);
        return resetPasswordToken;
    }

    private void sendResetLink(User user, Directory directory) throws InvalidEmailAddressException {
        validateUser(user);
        this.logger.info("\"" + user.getName() + "\" in \"" + directory.getName() + "\" is being e-mailed a password reset link.");
        emailResetToken(createAndStoreResetToken(user.getName(), directory.getId().longValue()), user);
    }

    private void emailResetToken(ResetPasswordToken resetPasswordToken, User user) throws InvalidEmailAddressException {
        try {
            this.eventPublisher.publish(new RequestResetPasswordEvent(user, this.clientProperties.getBaseURL() + RESET_PASSWORD_ACTION + "?username=" + URLEncoder.encode(resetPasswordToken.getUsername(), UTF8_ENCODING) + "&directoryId=" + URLEncoder.encode(Long.toString(resetPasswordToken.getDirectoryId()), UTF8_ENCODING) + "&token=" + URLEncoder.encode(resetPasswordToken.getToken(), UTF8_ENCODING)));
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("Could not encode username and token: this Java VM does not support UTF-8", e);
        }
    }
}
