package org.lamsfoundation.lams.web;

import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
import org.lamsfoundation.lams.logevent.service.ILogEventService;
import org.lamsfoundation.lams.usermanagement.User;
import org.lamsfoundation.lams.usermanagement.service.UserManagementService;
import org.lamsfoundation.lams.util.CentralConstants;
import org.lamsfoundation.lams.util.HashUtil;
import org.lamsfoundation.lams.util.MessageService;
import org.lamsfoundation.lams.util.ValidationUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Controller;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

@Controller
/* loaded from: input_file:org/lamsfoundation/lams/web/PasswordChangeController.class */
public class PasswordChangeController {
    private static Logger log = Logger.getLogger(PasswordChangeController.class);

    @Autowired
    @Qualifier(CentralConstants.CENTRAL_MESSAGE_SERVICE_BEAN_NAME)
    MessageService messageService;

    @Autowired
    WebApplicationContext applicationContext;

    @RequestMapping(path = {"/passwordChanged"}, method = {RequestMethod.POST})
    public String execute(@ModelAttribute("PasswordChangeActionForm") PasswordChangeActionForm passwordChangeActionForm, HttpServletRequest httpServletRequest) throws Exception {
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        if (linkedMultiValueMap.isEmpty()) {
            try {
                String remoteUser = httpServletRequest.getRemoteUser();
                String login = passwordChangeActionForm.getLogin();
                String oldPassword = passwordChangeActionForm.getOldPassword();
                String password = passwordChangeActionForm.getPassword();
                String passwordConfirm = passwordChangeActionForm.getPasswordConfirm();
                if (remoteUser == null || !remoteUser.equals(login)) {
                    linkedMultiValueMap.add("GLOBAL", this.messageService.getMessage("error.authorisation"));
                } else {
                    WebApplicationContext webApplicationContext = WebApplicationContextUtils.getWebApplicationContext(this.applicationContext.getServletContext());
                    UserManagementService userManagementService = (UserManagementService) webApplicationContext.getBean("userManagementService");
                    User userByLogin = userManagementService.getUserByLogin(login);
                    if (!userByLogin.getPassword().equals(userByLogin.getPassword().length() == 40 ? HashUtil.sha1(oldPassword) : HashUtil.sha256(oldPassword, userByLogin.getSalt()))) {
                        linkedMultiValueMap.add("oldPassword", this.messageService.getMessage("error.oldpassword.mismatch"));
                        log.debug("old pass wrong");
                    }
                    if (!password.equals(passwordConfirm)) {
                        linkedMultiValueMap.add("password", this.messageService.getMessage("error.newpassword.mismatch"));
                        log.debug("new pass wrong");
                    }
                    if (password == null || password.length() == 0) {
                        linkedMultiValueMap.add("password", this.messageService.getMessage("error.password.empty"));
                        log.debug("new password cannot be empty");
                    }
                    if (!ValidationUtil.isPasswordValueValid(password, passwordConfirm)) {
                        linkedMultiValueMap.add("password", this.messageService.getMessage("label.password.restrictions"));
                        log.debug("Password must follow the restrictions");
                    }
                    if (linkedMultiValueMap.isEmpty()) {
                        String salt = HashUtil.salt();
                        userByLogin.setSalt(salt);
                        userByLogin.setPassword(HashUtil.sha256(password, salt));
                        userByLogin.setChangePassword(false);
                        userManagementService.saveUser(userByLogin);
                        ((ILogEventService) webApplicationContext.getBean("logEventService")).logEvent(12, userByLogin.getUserId(), userByLogin.getUserId(), (Long) null, (Long) null, ((MessageService) webApplicationContext.getBean(CentralConstants.CENTRAL_MESSAGE_SERVICE_BEAN_NAME)).getMessage("audit.user.password.change", new String[]{userByLogin.getLogin() + " (" + userByLogin.getUserId() + ")"}));
                    }
                }
            } catch (Exception e) {
                log.error("Exception occured ", e);
                linkedMultiValueMap.add("GLOBAL", this.messageService.getMessage(e.getMessage()));
            }
        }
        if (linkedMultiValueMap.isEmpty()) {
            httpServletRequest.setAttribute("redirectURL", passwordChangeActionForm.getRedirectURL());
            return "/passwordChangeOkContent";
        }
        httpServletRequest.setAttribute("errorMap", linkedMultiValueMap);
        passwordChangeActionForm.reset(httpServletRequest);
        httpServletRequest.setAttribute("redirect", "password");
        return "redirect:/index.do";
    }
}
