package org.lamsfoundation.lams.admin.web.controller;

import java.util.Date;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.beanutils.BeanUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.lamsfoundation.lams.admin.service.AdminServiceProxy;
import org.lamsfoundation.lams.admin.web.form.UserForm;
import org.lamsfoundation.lams.themes.Theme;
import org.lamsfoundation.lams.usermanagement.AuthenticationMethod;
import org.lamsfoundation.lams.usermanagement.SupportedLocale;
import org.lamsfoundation.lams.usermanagement.User;
import org.lamsfoundation.lams.usermanagement.dto.UserDTO;
import org.lamsfoundation.lams.usermanagement.service.IUserManagementService;
import org.lamsfoundation.lams.util.HashUtil;
import org.lamsfoundation.lams.util.MessageService;
import org.lamsfoundation.lams.util.ValidationUtil;
import org.lamsfoundation.lams.util.WebUtil;
import org.lamsfoundation.lams.web.session.SessionManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.context.WebApplicationContext;

@RequestMapping
@Controller
/* loaded from: input_file:org/lamsfoundation/lams/admin/web/controller/UserSaveController.class */
public class UserSaveController {
    private static Logger log = Logger.getLogger(UserSaveController.class);
    private static IUserManagementService service;
    private static MessageService messageService;

    @Autowired
    private WebApplicationContext applicationContext;

    @RequestMapping(path = {"/saveUserDetails"}, method = {RequestMethod.POST})
    public String saveUserDetails(@ModelAttribute UserForm userForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        messageService = AdminServiceProxy.getMessageService(this.applicationContext.getServletContext());
        service = AdminServiceProxy.getService(this.applicationContext.getServletContext());
        Integer orgId = userForm.getOrgId();
        Integer userId = userForm.getUserId();
        if (!AdminServiceProxy.getSecurityService(this.applicationContext.getServletContext()).isSysadmin(((UserDTO) SessionManager.getSession().getAttribute("user")).getUserID(), "Edit User Details " + userId, true)) {
            httpServletResponse.sendError(403, "Only Sysadmin has edit permisions");
            return null;
        }
        UserDTO userDTO = (UserDTO) SessionManager.getSession().getAttribute("user");
        log.debug("orgId: " + orgId);
        Boolean bool = false;
        SupportedLocale supportedLocale = (SupportedLocale) service.findById(SupportedLocale.class, userForm.getLocaleId());
        AuthenticationMethod authenticationMethod = (AuthenticationMethod) service.findById(AuthenticationMethod.class, userForm.getAuthenticationMethodId());
        log.debug("locale: " + supportedLocale);
        log.debug("authenticationMethod:" + authenticationMethod);
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        if (httpServletRequest.getAttribute("CANCEL") != null) {
            if (orgId == null || orgId.intValue() == 0) {
                return "redirect:/usersearch.do";
            }
            httpServletRequest.setAttribute("org", orgId);
            return "redirect:/usermanage.do";
        }
        User user = null;
        if (userId.intValue() != 0) {
            bool = true;
            user = (User) service.findById(User.class, userId);
        }
        String trim = userForm.getLogin() == null ? null : userForm.getLogin().trim();
        if (StringUtils.isBlank(trim)) {
            linkedMultiValueMap.add("login", messageService.getMessage("error.login.required"));
        } else if (ValidationUtil.isUserNameValid(trim)) {
            userForm.setLogin(trim);
            User userByLogin = service.getUserByLogin(trim);
            if (userByLogin != null && (user == null || !StringUtils.equals(user.getLogin(), trim))) {
                linkedMultiValueMap.add("login", messageService.getMessage("error.login.unique", "(" + trim + ", ID: " + userByLogin.getUserId() + ")"));
            }
        } else {
            linkedMultiValueMap.add("login", messageService.getMessage("error.username.invalid.characters"));
        }
        String firstName = userForm.getFirstName() == null ? null : userForm.getFirstName();
        if (StringUtils.isBlank(firstName)) {
            linkedMultiValueMap.add("firstName", messageService.getMessage("error.firstname.required"));
        } else if (!ValidationUtil.isFirstLastNameValid(firstName)) {
            linkedMultiValueMap.add("firstName", messageService.getMessage("error.firstname.invalid.characters"));
        }
        String lastName = userForm.getLastName() == null ? null : userForm.getLastName();
        if (StringUtils.isBlank(lastName)) {
            linkedMultiValueMap.add("lastName", messageService.getMessage("error.lastname.required"));
        } else if (!ValidationUtil.isFirstLastNameValid(lastName)) {
            linkedMultiValueMap.add("lastName", messageService.getMessage("error.lastname.invalid.characters"));
        }
        String email = userForm.getEmail() == null ? null : userForm.getEmail();
        if (StringUtils.isBlank(email)) {
            linkedMultiValueMap.add("email", messageService.getMessage("error.email.required"));
        } else if (!ValidationUtil.isEmailValid(email)) {
            linkedMultiValueMap.add("email", messageService.getMessage("error.valid.email.required"));
        }
        if (linkedMultiValueMap.isEmpty()) {
            if (bool.booleanValue()) {
                log.debug("editing userId: " + userId);
                userForm.setPassword(user.getPassword());
                BeanUtils.copyProperties(user, userForm);
                user.setLocale(supportedLocale);
                user.setAuthenticationMethod(authenticationMethod);
                user.setTheme((Theme) service.findById(Theme.class, userForm.getUserTheme()));
                service.saveUser(user);
            } else {
                String password2 = userForm.getPassword2();
                String password = userForm.getPassword() == null ? null : userForm.getPassword();
                if (StringUtils.isBlank(password)) {
                    linkedMultiValueMap.add("password", messageService.getMessage("error.password.required"));
                }
                if (!StringUtils.equals(password, userForm.getPassword2())) {
                    linkedMultiValueMap.add("password", messageService.getMessage("error.newpassword.mismatch"));
                }
                if (!ValidationUtil.isPasswordValueValid(password, password2)) {
                    linkedMultiValueMap.add("password", messageService.getMessage("error.newpassword.mismatch"));
                }
                if (linkedMultiValueMap.isEmpty()) {
                    user = new User();
                    String salt = HashUtil.salt();
                    String sha256 = HashUtil.sha256(userForm.getPassword(), salt);
                    BeanUtils.copyProperties(user, userForm);
                    user.setSalt(salt);
                    user.setPassword(sha256);
                    log.debug("creating user... new login: " + user.getLogin());
                    if (linkedMultiValueMap.isEmpty()) {
                        user.setTheme(service.getDefaultTheme());
                        user.setDisabledFlag(false);
                        user.setCreateDate(new Date());
                        user.setAuthenticationMethod((AuthenticationMethod) service.findByProperty(AuthenticationMethod.class, "authenticationMethodName", "LAMS-Database").get(0));
                        user.setUserId((Integer) null);
                        user.setLocale(supportedLocale);
                        user.setTheme((Theme) service.findById(Theme.class, userForm.getUserTheme()));
                        service.saveUser(user);
                        service.logUserCreated(user, userDTO);
                        log.debug("user: " + user.toString());
                    }
                }
            }
        }
        if (!linkedMultiValueMap.isEmpty()) {
            httpServletRequest.setAttribute("errorMap", linkedMultiValueMap);
            httpServletRequest.setAttribute("orgId", orgId);
            return "redirect:/user/edit.do";
        }
        if (orgId == null || orgId.intValue() == 0) {
            return "redirect:/usersearch.do";
        }
        if (bool.booleanValue()) {
            httpServletRequest.setAttribute("org", orgId);
            return "redirect:/usermanage.do";
        }
        httpServletRequest.setAttribute("orgId", orgId);
        httpServletRequest.setAttribute("userId", user.getUserId());
        return "redirect:/userroles.do";
    }

    @RequestMapping(path = {"/changePass"}, method = {RequestMethod.POST})
    public String changePass(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        service = AdminServiceProxy.getService(this.applicationContext.getServletContext());
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        Integer readIntParam = WebUtil.readIntParam(httpServletRequest, "userId", true);
        if (!AdminServiceProxy.getSecurityService(this.applicationContext.getServletContext()).isSysadmin(((UserDTO) SessionManager.getSession().getAttribute("user")).getUserID(), "Change Password of User " + readIntParam, true)) {
            httpServletResponse.sendError(403, "Only Sysadmin has edit permisions");
            return null;
        }
        String readStrParam = WebUtil.readStrParam(httpServletRequest, "password");
        String readStrParam2 = WebUtil.readStrParam(httpServletRequest, "password2");
        if (StringUtils.isBlank(readStrParam)) {
            linkedMultiValueMap.add("password", messageService.getMessage("error.password.required"));
        }
        if (!StringUtils.equals(readStrParam, readStrParam2)) {
            linkedMultiValueMap.add("password", messageService.getMessage("error.newpassword.mismatch"));
        }
        if (!ValidationUtil.isPasswordValueValid(readStrParam, readStrParam2)) {
            linkedMultiValueMap.add("password", messageService.getMessage("label.password.restrictions"));
        }
        if (!linkedMultiValueMap.isEmpty()) {
            httpServletRequest.setAttribute("errorMap", linkedMultiValueMap);
            return "userChangePass";
        }
        User user = (User) service.findById(User.class, readIntParam);
        String salt = HashUtil.salt();
        String sha256 = HashUtil.sha256(readStrParam, salt);
        user.setSalt(salt);
        user.setPassword(sha256);
        service.saveUser(user);
        return "redirect:/user/edit.do";
    }
}
