package com.techempower.gemini.pyxis.handler;

import com.techempower.gemini.Context;
import com.techempower.gemini.GeminiApplication;
import com.techempower.gemini.email.EmailPackage;
import com.techempower.gemini.email.outbound.EmailTemplater;
import com.techempower.gemini.input.Input;
import com.techempower.gemini.input.ValidatorSet;
import com.techempower.gemini.input.processor.Lowercase;
import com.techempower.gemini.input.validator.LengthValidator;
import com.techempower.gemini.input.validator.PasswordComplexityValidator;
import com.techempower.gemini.input.validator.RepeatValidator;
import com.techempower.gemini.input.validator.RequiredValidator;
import com.techempower.gemini.input.validator.ShortCircuitValidator;
import com.techempower.gemini.path.MethodSegmentHandler;
import com.techempower.gemini.path.annotation.Get;
import com.techempower.gemini.path.annotation.PathDefault;
import com.techempower.gemini.path.annotation.PathSegment;
import com.techempower.gemini.path.annotation.Post;
import com.techempower.gemini.pyxis.BasicUser;
import com.techempower.gemini.pyxis.BasicWebUser;
import com.techempower.gemini.pyxis.PyxisSecurity;
import com.techempower.gemini.pyxis.password.PasswordProposal;
import com.techempower.helper.NetworkHelper;
import com.techempower.helper.StringHelper;
import com.techempower.util.Configurable;
import com.techempower.util.EnhancedProperties;
import java.util.HashMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/techempower/gemini/pyxis/handler/PasswordResetHandler.class */
public class PasswordResetHandler<C extends Context> extends MethodSegmentHandler<C> implements Configurable {
    public static final String DEFAULT_TEMPLATE_PATH = "/auth/";
    public static final int DEFAULT_EXPIRATION_DAYS = 5;
    public static final String TEMPLATE_RESET_REQUEST = "password-reset-request";
    public static final String TEMPLATE_RESET_CONFIRMED = "password-reset-request-confirmed";
    public static final String TEMPLATE_RESET = "password-reset-process";
    public static final String TEMPLATE_RESET_COMPLETE = "password-reset-complete";
    public static final String TEMPLATE_RESET_NOT_FOUND = "password-reset-not-found";
    public static final String EMAIL_TEMPLATE_NAME = "E-PasswordResetAuthorization";
    private final PyxisSecurity security;
    private String fromAddress;
    private int expirationDays;
    private Logger log;
    private final ValidatorSet standardResetRequestValidatorSet;

    public PasswordResetHandler(GeminiApplication geminiApplication) {
        super(geminiApplication);
        this.fromAddress = "";
        this.expirationDays = 5;
        this.log = LoggerFactory.getLogger(getClass());
        this.standardResetRequestValidatorSet = new ValidatorSet(new Lowercase("un"), new LengthValidator("un", BasicUser.USERNAME_LENGTH, false).message("Please provide a valid username."));
        this.security = geminiApplication.getSecurity();
        geminiApplication.getEmailTemplater().addTemplateToLoad(getEmailTemplateName());
        geminiApplication.getConfigurator().addConfigurable(this);
    }

    @Override // com.techempower.util.Configurable
    public void configure(EnhancedProperties enhancedProperties) {
        EnhancedProperties.Focus focus = enhancedProperties.focus("PasswordReset.");
        this.fromAddress = focus.get("FromAddress", this.fromAddress);
        this.expirationDays = focus.getInt("ExpirationDays", 5);
        setBaseTemplatePath(focus.get("TemplateRelativePath", "/auth/"));
    }

    protected ValidatorSet getResetRequestValidatorSet() {
        return this.standardResetRequestValidatorSet;
    }

    protected ValidatorSet getPasswordResetValidatorSet() {
        return new ValidatorSet(new RequiredValidator("newpw").message("A new password is required."), new RepeatValidator("newpw", "confirmpw").message("New password and confirmation do not match."), new ShortCircuitValidator.Wrapper(new PasswordComplexityValidator("newpw", this.security)));
    }

    @Get
    @PathDefault
    public boolean getResetRequest(Context context) {
        template(TEMPLATE_RESET_REQUEST);
        return render();
    }

    @PathDefault
    @Post
    public boolean resetRequest(Context context) {
        template(TEMPLATE_RESET_REQUEST);
        Input process = getResetRequestValidatorSet().process(context);
        if (!process.passed()) {
            return validationFailure(process);
        }
        BasicWebUser basicWebUser = (BasicWebUser) this.security.findUser(process.values().get("un"));
        if (basicWebUser == null) {
            return handleResetRequestInvalid();
        }
        String generateNewPasswordResetTicket = basicWebUser.generateNewPasswordResetTicket(this.expirationDays);
        saveUser(basicWebUser);
        sendAuthorizationEmail(context, basicWebUser, generateNewPasswordResetTicket);
        return handleResetRequestSuccess();
    }

    protected boolean handleResetRequestSuccess() {
        template(TEMPLATE_RESET_CONFIRMED);
        delivery().status("ticket-mailed");
        return message("A password reset ticket has been e-mailed.");
    }

    protected boolean handleResetRequestInvalid() {
        delivery().message("User not found.");
        return badRequest("invalid");
    }

    protected void sendAuthorizationEmail(Context context, BasicWebUser basicWebUser, String str) {
        EmailTemplater emailTemplater = app().getEmailTemplater();
        HashMap hashMap = new HashMap(10);
        hashMap.put("$UN", basicWebUser.getUserUsername());
        hashMap.put("$UUN", NetworkHelper.encodeUrl(basicWebUser.getUserUsername()));
        hashMap.put("$FN", basicWebUser.getUserFirstname());
        hashMap.put("$LN", basicWebUser.getUserLastname());
        hashMap.put("$EM", basicWebUser.getUserEmail());
        hashMap.put("$VT", str);
        hashMap.put("$SD", app().getInfrastructure().getStandardDomain());
        hashMap.put("$SSD", app().getInfrastructure().getSecureDomain());
        hashMap.put("$ED", this.expirationDays);
        hashMap.put("$URL", getAuthorizationUrl(basicWebUser, str));
        EmailPackage process = emailTemplater.process(getEmailTemplateName(), hashMap, getFromAddress(), basicWebUser.getUserEmail());
        if (process != null) {
            app().getEmailServicer().sendMail(process);
        } else {
            this.log.info("Email could not be fetched from EmailTemplater.");
        }
    }

    protected String getFromAddress() {
        if (!StringHelper.isEmpty(this.fromAddress)) {
            return this.fromAddress;
        }
        this.log.trace("Using administrator e-mail address for sending password-reset email: {}", app().getAdministratorEmail());
        return app().getAdministratorEmail();
    }

    protected String getAuthorizationUrl(BasicWebUser basicWebUser, String str) {
        StringBuilder sb = new StringBuilder(500);
        sb.append(app().getInfrastructure().getSecureUrl());
        if (app().getInfrastructure().getSecureUrl().endsWith("/")) {
            sb.append(getBaseUri().substring(1));
        } else {
            sb.append(getBaseUri());
        }
        sb.append("/auth?un=").append(NetworkHelper.encodeUrl(basicWebUser.getUserUsername()));
        sb.append("&vt=").append(str);
        return sb.toString();
    }

    protected void saveUser(BasicWebUser basicWebUser) {
        store().put(basicWebUser);
    }

    @PathSegment({"auth"})
    @Get
    @Post
    public boolean authorize(Context context) {
        String str = query().get("un", "");
        String str2 = query().get("vt", "");
        template(TEMPLATE_RESET_NOT_FOUND);
        BasicWebUser basicWebUser = (BasicWebUser) this.security.findUser(str);
        if (basicWebUser == null || !basicWebUser.isPasswordResetAuthorized(str2)) {
            delivery().message("Invalid password-reset ticket.");
            return badRequest("invalid-ticket");
        }
        template(TEMPLATE_RESET);
        if (!context.isPost()) {
            return render();
        }
        Input process = getPasswordResetValidatorSet().process(context);
        if (!process.passed()) {
            return validationFailure(process);
        }
        this.security.passwordChange(new PasswordProposal(process.values().get("newpw"), basicWebUser.getUserUsername(), basicWebUser, context));
        saveUser(basicWebUser);
        template(TEMPLATE_RESET_COMPLETE);
        return message("Password change complete.");
    }

    protected String getEmailTemplateName() {
        return EMAIL_TEMPLATE_NAME;
    }
}
