package org.molgenis.security.account;

import java.net.URI;
import java.util.Objects;
import org.molgenis.data.security.auth.User;
import org.molgenis.data.security.user.InvalidEmailAddressException;
import org.molgenis.data.security.user.UnknownUserException;
import org.molgenis.data.security.user.UserService;
import org.molgenis.security.core.runas.RunAsSystem;
import org.molgenis.security.core.runas.RunAsSystemAspect;
import org.molgenis.security.core.utils.SecurityUtils;
import org.molgenis.settings.AppSettings;
import org.springframework.mail.MailSender;
import org.springframework.mail.SimpleMailMessage;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.servlet.support.ServletUriComponentsBuilder;

@Component
/* loaded from: input_file:org/molgenis/security/account/PasswordResetterImpl.class */
class PasswordResetterImpl implements PasswordResetter {
    private final PasswordResetTokenRepository passwordResetTokenService;
    private final UserService userService;
    private final MailSender mailSender;
    private final AppSettings appSettings;

    PasswordResetterImpl(PasswordResetTokenRepository passwordResetTokenRepository, UserService userService, MailSender mailSender, AppSettings appSettings) {
        this.passwordResetTokenService = (PasswordResetTokenRepository) Objects.requireNonNull(passwordResetTokenRepository);
        this.userService = (UserService) Objects.requireNonNull(userService);
        this.mailSender = (MailSender) Objects.requireNonNull(mailSender);
        this.appSettings = (AppSettings) Objects.requireNonNull(appSettings);
    }

    @Override // org.molgenis.security.account.PasswordResetter
    @RunAsSystem
    @Transactional
    public void resetPassword(String str) {
        User userByEmail = getUserByEmail(str);
        sendPasswordResetMail(userByEmail, this.passwordResetTokenService.createToken(userByEmail));
    }

    @Override // org.molgenis.security.account.PasswordResetter
    @RunAsSystem
    @Transactional(readOnly = true)
    public void validatePasswordResetToken(String str, String str2) {
        this.passwordResetTokenService.validateToken(getUser(str), str2);
    }

    @Override // org.molgenis.security.account.PasswordResetter
    @RunAsSystem
    @Transactional
    public void changePassword(String str, String str2, String str3) {
        User user = getUser(str);
        this.passwordResetTokenService.validateToken(user, str2);
        user.setPassword(str3);
        this.userService.update(user);
        this.passwordResetTokenService.deleteToken(user, str2);
    }

    @Override // org.molgenis.security.account.PasswordResetter
    @Transactional
    public void changePasswordAuthenticatedUser(String str) {
        String currentUsername = SecurityUtils.getCurrentUsername();
        if (currentUsername == null) {
            throw new AuthenticationCredentialsNotFoundException("not authenticated");
        }
        User user = getUser(currentUsername);
        user.setPassword(str);
        user.setChangePassword(false);
        RunAsSystemAspect.runAsSystem(() -> {
            this.userService.update(user);
        });
    }

    private User getUser(String str) {
        User user = this.userService.getUser(str);
        if (user == null) {
            throw new UnknownUserException(str);
        }
        return user;
    }

    private User getUserByEmail(String str) {
        User userByEmail = this.userService.getUserByEmail(str);
        if (userByEmail == null) {
            throw new InvalidEmailAddressException();
        }
        return userByEmail;
    }

    private URI createPasswordResetUri(String str, String str2) {
        ServletUriComponentsBuilder fromCurrentServletMapping = ServletUriComponentsBuilder.fromCurrentServletMapping();
        fromCurrentServletMapping.encode();
        fromCurrentServletMapping.path(AccountController.CHANGE_PASSWORD_URI);
        fromCurrentServletMapping.queryParam("username", new Object[]{str});
        fromCurrentServletMapping.queryParam("token", new Object[]{str2});
        return fromCurrentServletMapping.build().toUri();
    }

    private void sendPasswordResetMail(User user, String str) {
        URI createPasswordResetUri = createPasswordResetUri(user.getUsername(), str);
        SimpleMailMessage simpleMailMessage = new SimpleMailMessage();
        simpleMailMessage.setTo(user.getEmail());
        simpleMailMessage.setSubject(String.format("Password reset on %s", this.appSettings.getTitle()));
        simpleMailMessage.setText("Hello,\n\nYou are receiving this email because we received a password reset request for your account.\n\n" + createPasswordResetUri.toString() + "\n\nIf you did not request a password reset, you can safely ignore this email.");
        this.mailSender.send(simpleMailMessage);
    }
}
