package eu.etaxonomy.cdm.api.service.security;

import eu.etaxonomy.cdm.api.security.IAbstractRequestTokenStore;
import eu.etaxonomy.cdm.api.security.PasswordResetRequest;
import eu.etaxonomy.cdm.model.permission.User;
import java.util.HashMap;
import java.util.Optional;
import javax.mail.internet.AddressException;
import javax.mail.internet.InternetAddress;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.dao.DataAccessException;
import org.springframework.mail.MailException;
import org.springframework.mail.MailPreparationException;
import org.springframework.scheduling.annotation.Async;
import org.springframework.scheduling.annotation.AsyncResult;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;
import org.springframework.util.concurrent.ListenableFuture;

@Transactional(readOnly = false)
@Service
/* loaded from: input_file:lib/cdmlib-services-5.42.0.jar:eu/etaxonomy/cdm/api/service/security/PasswordResetService.class */
public class PasswordResetService extends AccountSelfManagementService implements IPasswordResetService {
    private static final Logger logger = LogManager.getLogger();

    @Autowired
    @Qualifier("passwordResetTokenStore")
    private IAbstractRequestTokenStore<PasswordResetRequest, User> passwordResetTokenStore;

    @Override // eu.etaxonomy.cdm.api.service.security.IPasswordResetService
    @Async
    public ListenableFuture<Boolean> emailResetToken(String str, String str2) throws MailException, EmailAddressNotFoundException {
        User findUser;
        String emailAddress;
        try {
            Thread.sleep(10L);
        } catch (InterruptedException e) {
        }
        if (logger.isTraceEnabled()) {
            logger.trace("emailResetToken trying to aquire from rate limiter [rate: " + this.emailResetToken_rateLimiter.getRate() + ", timeout: " + getRateLimiterTimeout().toMillis() + "ms]");
        }
        if (!this.emailResetToken_rateLimiter.tryAcquire(getRateLimiterTimeout())) {
            logger.trace("blocked by rate limiter");
            return new AsyncResult(false);
        }
        logger.trace("emailResetToken allowed by rate limiter");
        try {
            findUser = findUser(str);
            emailAddress = findUser.getEmailAddress();
        } catch (EmailAddressNotFoundException e2) {
            throw e2;
        } catch (UsernameNotFoundException e3) {
            logger.warn("Password reset request for unknown user, cause: " + e3.getMessage());
        } catch (MailException e4) {
            throw e4;
        }
        if (emailAddress == null) {
            throw new MailPreparationException("no email address found for " + str);
        }
        String format = String.format(str2, this.passwordResetTokenStore.create(emailAddress, findUser).getToken());
        HashMap hashMap = new HashMap();
        hashMap.put("linkUrl", format);
        sendEmail(emailAddress, findUser.getUsername(), UserAccountEmailTemplates.RESET_REQUEST_EMAIL_SUBJECT_TEMPLATE, UserAccountEmailTemplates.REGISTRATION_REQUEST_EMAIL_BODY_TEMPLATE, hashMap);
        logger.info("A password reset request for  " + findUser.getUsername() + " has been send to " + emailAddress);
        return new AsyncResult(true);
    }

    @Override // eu.etaxonomy.cdm.api.service.security.IPasswordResetService
    @Async
    public ListenableFuture<Boolean> resetPassword(String str, String str2) throws AccountSelfManagementException, MailException {
        if (this.resetPassword_rateLimiter.tryAcquire(getRateLimiterTimeout())) {
            Optional<PasswordResetRequest> findRequest = this.passwordResetTokenStore.findRequest(str);
            if (!findRequest.isPresent()) {
                throw new AccountSelfManagementException("Invalid password reset token");
            }
            try {
                UserDetails loadUserByUsername = this.userService.loadUserByUsername(findRequest.get().getUserName());
                Assert.isAssignable(loadUserByUsername.getClass(), User.class);
                this.userService.encodeUserPassword((User) loadUserByUsername, str2);
                this.userDao.saveOrUpdate((User) loadUserByUsername);
                this.passwordResetTokenStore.remove(str);
                sendEmail(findRequest.get().getUserEmail(), findRequest.get().getUserName(), UserAccountEmailTemplates.RESET_SUCCESS_EMAIL_SUBJECT_TEMPLATE, UserAccountEmailTemplates.RESET_SUCCESS_EMAIL_BODY_TEMPLATE, null);
                return new AsyncResult(true);
            } catch (IllegalArgumentException | DataAccessException | UsernameNotFoundException e) {
                logger.error("Failed to change password of User " + findRequest.get().getUserName(), e);
                sendEmail(findRequest.get().getUserEmail(), findRequest.get().getUserName(), UserAccountEmailTemplates.RESET_FAILED_EMAIL_SUBJECT_TEMPLATE, UserAccountEmailTemplates.RESET_FAILED_EMAIL_BODY_TEMPLATE, null);
            }
        }
        return new AsyncResult(false);
    }

    protected User findUser(String str) throws UsernameNotFoundException, EmailAddressNotFoundException {
        User findUserByUsername;
        try {
            new InternetAddress(str).validate();
            findUserByUsername = this.userDao.findByEmailAddress(str);
        } catch (AddressException e) {
            findUserByUsername = this.userDao.findUserByUsername(str);
            if (findUserByUsername == null) {
                throw new UsernameNotFoundException("No user with the user name: '" + str + "' found.");
            }
        }
        if (findUserByUsername == null) {
            throw new EmailAddressNotFoundException("No user with the email address'" + str + "' found.");
        }
        return findUserByUsername;
    }
}
