package org.jahia.modules.userregistration.actions;

import java.util.List;
import java.util.Locale;
import java.util.Map;
import javax.jcr.RepositoryException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.jahia.bin.ActionResult;
import org.jahia.engines.EngineMessage;
import org.jahia.engines.EngineMessages;
import org.jahia.registries.ServicesRegistry;
import org.jahia.services.content.JCRSessionWrapper;
import org.jahia.services.content.decorator.JCRUserNode;
import org.jahia.services.pwdpolicy.PolicyEnforcementResult;
import org.jahia.services.render.RenderContext;
import org.jahia.services.render.Resource;
import org.jahia.services.render.URLResolver;
import org.jahia.services.usermanager.JahiaUserManagerService;
import org.jahia.utils.i18n.Messages;
import org.json.JSONException;
import org.json.JSONObject;
import org.mozilla.classfile.ByteCode;

/* loaded from: input_file:userregistration-2.0.5.jar:org/jahia/modules/userregistration/actions/UnauthenticatedChangePasswordAction.class */
public class UnauthenticatedChangePasswordAction extends BaseAction {
    private static boolean isExpired(String str) {
        try {
            return System.currentTimeMillis() > Long.parseLong(str);
        } catch (NumberFormatException e) {
            return true;
        }
    }

    public ActionResult doExecute(HttpServletRequest httpServletRequest, RenderContext renderContext, Resource resource, JCRSessionWrapper jCRSessionWrapper, Map<String, List<String>> map, URLResolver uRLResolver) throws Exception {
        Locale uILocale = renderContext.getUILocale();
        JSONObject jSONObject = new JSONObject();
        JCRUserNode targetUser = getTargetUser(resource, map, jSONObject, uILocale);
        if (targetUser == null) {
            return jSONObject.length() > 0 ? new ActionResult(ByteCode.GOTO_W, (String) null, jSONObject) : ActionResult.BAD_REQUEST;
        }
        if (!resource.getNode().hasPermission("jcr:write_default") || !resource.getNode().isNodeType("jnt:user")) {
            jSONObject.put("errorMessage", Messages.getInternal("org.jahia.engines.pwdpolicy.passwordChangeNotAllowed", uILocale));
            return new ActionResult(ByteCode.GOTO_W, (String) null, jSONObject);
        }
        String trim = getParameter(map, "password", StringUtils.EMPTY).trim();
        if (StringUtils.EMPTY.equals(trim)) {
            jSONObject.put("errorMessage", getI18nMessage("passwordrecovery.recover.password.mandatory", uILocale));
        } else if (getParameter(map, "passwordconfirm", StringUtils.EMPTY).trim().equals(trim)) {
            PolicyEnforcementResult enforcePolicyOnPasswordChange = ServicesRegistry.getInstance().getJahiaPasswordPolicyService().enforcePolicyOnPasswordChange(targetUser, trim, true);
            if (enforcePolicyOnPasswordChange.isSuccess()) {
                targetUser.setPassword(trim);
                jSONObject.put("errorMessage", getI18nMessage("passwordrecovery.recover.passwordChanged", uILocale));
                HttpSession session = httpServletRequest.getSession();
                session.removeAttribute("passwordRecoveryAsked");
                session.setAttribute("org.jahia.usermanager.jahiauser", targetUser.getJahiaUser());
                targetUser.getProperty("j:passwordRecoveryToken").remove();
                targetUser.getSession().save();
                jSONObject.put("result", "success");
            } else {
                EngineMessages engineMessages = enforcePolicyOnPasswordChange.getEngineMessages();
                StringBuilder sb = new StringBuilder();
                for (EngineMessage engineMessage : engineMessages.getMessages()) {
                    sb.append(engineMessage.isResource() ? Messages.getInternalWithArguments(engineMessage.getKey(), uILocale, engineMessage.getValues()) : engineMessage.getKey()).append("\n");
                }
                jSONObject.put("errorMessage", sb.toString());
            }
        } else {
            jSONObject.put("errorMessage", getI18nMessage("passwordrecovery.recover.password.not.matching", uILocale));
        }
        return new ActionResult(ByteCode.GOTO_W, (String) null, jSONObject);
    }

    private JCRUserNode getTargetUser(Resource resource, Map<String, List<String>> map, JSONObject jSONObject, Locale locale) throws RepositoryException, JSONException {
        String parameter = getParameter(map, "authKey");
        if (org.apache.commons.lang.StringUtils.isEmpty(parameter)) {
            return null;
        }
        JCRUserNode lookupUser = this.userManagerService.lookupUser(resource.getNode().getName(), resource.getNode().getResolveSite().getSiteKey(), true);
        if (lookupUser == null) {
            jSONObject.put("errorMessage", getI18nMessage("passwordrecovery.username.invalid", locale));
            return null;
        }
        if (lookupUser.isRoot() || JahiaUserManagerService.isGuest(lookupUser)) {
            jSONObject.put("errorMessage", Messages.getInternal("org.jahia.engines.pwdpolicy.passwordChangeNotAllowed", locale));
            return null;
        }
        String propertyAsString = lookupUser.getPropertyAsString("j:passwordRecoveryToken");
        if (propertyAsString == null) {
            jSONObject.put("errorMessage", getI18nMessage("passwordrecovery.token.invalid", locale));
            return null;
        }
        if (isExpired(org.apache.commons.lang.StringUtils.substringAfter(propertyAsString, "|"))) {
            lookupUser.getProperty("j:passwordRecoveryToken").remove();
            lookupUser.getSession().save();
            jSONObject.put("errorMessage", getI18nMessage("passwordrecovery.token.invalid", locale));
            return null;
        }
        if (propertyAsString.equals(parameter)) {
            return lookupUser;
        }
        jSONObject.put("errorMessage", getI18nMessage("passwordrecovery.token.invalid", locale));
        return null;
    }
}
