package org.molgenis.security.account;

import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Objects;
import java.util.Optional;
import org.molgenis.data.DataService;
import org.molgenis.data.security.auth.PasswordResetToken;
import org.molgenis.data.security.auth.PasswordResetTokenFactory;
import org.molgenis.data.security.auth.User;
import org.molgenis.security.oidc.model.OidcUserMappingMetadata;
import org.molgenis.security.token.TokenGenerator;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;

@Component
/* loaded from: input_file:org/molgenis/security/account/PasswordResetTokenRepositoryImpl.class */
class PasswordResetTokenRepositoryImpl implements PasswordResetTokenRepository {
    private final PasswordResetTokenFactory passwordResetTokenFactory;
    private final PasswordEncoder passwordEncoder;
    private final DataService dataService;
    private final TokenGenerator tokenGenerator = new TokenGenerator();

    PasswordResetTokenRepositoryImpl(PasswordResetTokenFactory passwordResetTokenFactory, PasswordEncoder passwordEncoder, DataService dataService) {
        this.passwordResetTokenFactory = (PasswordResetTokenFactory) Objects.requireNonNull(passwordResetTokenFactory);
        this.passwordEncoder = (PasswordEncoder) Objects.requireNonNull(passwordEncoder);
        this.dataService = (DataService) Objects.requireNonNull(dataService);
    }

    @Override // org.molgenis.security.account.PasswordResetTokenRepository
    @Transactional
    public String createToken(User user) {
        if (!user.isActive()) {
            throw new PasswordResetTokenCreationException();
        }
        deleteTokenIfExists(user);
        return addPasswordResetToken(user);
    }

    @Override // org.molgenis.security.account.PasswordResetTokenRepository
    @Transactional(readOnly = true)
    public void validateToken(User user, String str) {
        PasswordResetToken passwordResetToken = getPasswordResetToken(user, str);
        if (passwordResetToken.getExpirationDate().isBefore(Instant.now())) {
            throw new ExpiredPasswordResetTokenException(passwordResetToken);
        }
    }

    @Override // org.molgenis.security.account.PasswordResetTokenRepository
    @Transactional
    public void deleteToken(User user, String str) {
        this.dataService.delete("sys_sec_PasswordResetToken", getPasswordResetToken(user, str));
    }

    private void deleteTokenIfExists(User user) {
        getPasswordResetToken(user).ifPresent(passwordResetToken -> {
            this.dataService.delete("sys_sec_PasswordResetToken", passwordResetToken);
        });
    }

    private PasswordResetToken getPasswordResetToken(User user, String str) {
        Optional<PasswordResetToken> passwordResetToken = getPasswordResetToken(user);
        if (!passwordResetToken.isPresent()) {
            throw new UnknownPasswordResetTokenException();
        }
        PasswordResetToken passwordResetToken2 = passwordResetToken.get();
        if (this.passwordEncoder.matches(str, passwordResetToken2.getToken())) {
            return passwordResetToken2;
        }
        throw new InvalidPasswordResetTokenException(passwordResetToken2);
    }

    private Optional<PasswordResetToken> getPasswordResetToken(User user) {
        return Optional.ofNullable(this.dataService.query("sys_sec_PasswordResetToken", PasswordResetToken.class).eq(OidcUserMappingMetadata.USER, user).findOne());
    }

    private String addPasswordResetToken(User user) {
        String generateToken = this.tokenGenerator.generateToken();
        Instant plus = Instant.now().plus(2L, (TemporalUnit) ChronoUnit.HOURS);
        String encode = this.passwordEncoder.encode(generateToken);
        PasswordResetToken create = this.passwordResetTokenFactory.create();
        create.setUser(user);
        create.setToken(encode);
        create.setExpirationDate(plus);
        this.dataService.add("sys_sec_PasswordResetToken", create);
        return generateToken;
    }
}
