package org.lamsfoundation.lams.admin.web.action;

import java.util.Date;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.beanutils.BeanUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.action.ActionMessage;
import org.apache.struts.action.ActionMessages;
import org.apache.struts.action.DynaActionForm;
import org.lamsfoundation.lams.admin.service.AdminServiceProxy;
import org.lamsfoundation.lams.themes.Theme;
import org.lamsfoundation.lams.usermanagement.AuthenticationMethod;
import org.lamsfoundation.lams.usermanagement.SupportedLocale;
import org.lamsfoundation.lams.usermanagement.User;
import org.lamsfoundation.lams.usermanagement.dto.UserDTO;
import org.lamsfoundation.lams.usermanagement.service.IUserManagementService;
import org.lamsfoundation.lams.util.HashUtil;
import org.lamsfoundation.lams.util.ValidationUtil;
import org.lamsfoundation.lams.util.WebUtil;
import org.lamsfoundation.lams.web.action.LamsDispatchAction;
import org.lamsfoundation.lams.web.session.SessionManager;

/* loaded from: input_file:org/lamsfoundation/lams/admin/web/action/UserSaveAction.class */
public class UserSaveAction extends LamsDispatchAction {
    private static Logger log = Logger.getLogger(UserSaveAction.class);
    private static IUserManagementService service;

    public ActionForward saveUserDetails(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        service = AdminServiceProxy.getService(getServlet().getServletContext());
        ActionMessages actionMessages = new ActionMessages();
        DynaActionForm dynaActionForm = (DynaActionForm) actionForm;
        Integer num = (Integer) dynaActionForm.get("orgId");
        Integer num2 = (Integer) dynaActionForm.get("userId");
        if (!AdminServiceProxy.getSecurityService(getServlet().getServletContext()).isSysadmin(((UserDTO) SessionManager.getSession().getAttribute("user")).getUserID(), "Edit User Details " + num2, true)) {
            httpServletResponse.sendError(403, "Only Sysadmin has edit permisions");
            return null;
        }
        UserDTO userDTO = (UserDTO) SessionManager.getSession().getAttribute("user");
        log.debug("orgId: " + num);
        Boolean bool = false;
        SupportedLocale supportedLocale = (SupportedLocale) service.findById(SupportedLocale.class, (Integer) dynaActionForm.get("localeId"));
        AuthenticationMethod authenticationMethod = (AuthenticationMethod) service.findById(AuthenticationMethod.class, (Integer) dynaActionForm.get("authenticationMethodId"));
        log.debug("locale: " + supportedLocale);
        log.debug("authenticationMethod:" + authenticationMethod);
        if (isCancelled(httpServletRequest)) {
            if (num == null || num.intValue() == 0) {
                return actionMapping.findForward("usersearch");
            }
            httpServletRequest.setAttribute("org", num);
            return actionMapping.findForward("userlist");
        }
        User user = null;
        if (num2.intValue() != 0) {
            bool = true;
            user = (User) service.findById(User.class, num2);
        }
        String trim = dynaActionForm.get("login") == null ? null : dynaActionForm.getString("login").trim();
        if (StringUtils.isBlank(trim)) {
            actionMessages.add("login", new ActionMessage("error.login.required"));
        } else if (ValidationUtil.isUserNameValid(trim)) {
            dynaActionForm.set("login", trim);
            User userByLogin = service.getUserByLogin(trim);
            if (userByLogin != null && (user == null || !StringUtils.equals(user.getLogin(), trim))) {
                actionMessages.add("login", new ActionMessage("error.login.unique", "(" + trim + ", ID: " + userByLogin.getUserId() + ")"));
            }
        } else {
            actionMessages.add("login", new ActionMessage("error.username.invalid.characters"));
        }
        String str = dynaActionForm.get("firstName") == null ? null : (String) dynaActionForm.get("firstName");
        if (StringUtils.isBlank(str)) {
            actionMessages.add("firstName", new ActionMessage("error.firstname.required"));
        } else if (!ValidationUtil.isFirstLastNameValid(str)) {
            actionMessages.add("firstName", new ActionMessage("error.firstname.invalid.characters"));
        }
        String str2 = dynaActionForm.get("lastName") == null ? null : (String) dynaActionForm.get("lastName");
        if (StringUtils.isBlank(str2)) {
            actionMessages.add("lastName", new ActionMessage("error.lastname.required"));
        } else if (!ValidationUtil.isFirstLastNameValid(str2)) {
            actionMessages.add("lastName", new ActionMessage("error.lastname.invalid.characters"));
        }
        String str3 = dynaActionForm.get("email") == null ? null : (String) dynaActionForm.get("email");
        if (StringUtils.isBlank(str3)) {
            actionMessages.add("email", new ActionMessage("error.email.required"));
        } else if (!ValidationUtil.isEmailValid(str3)) {
            actionMessages.add("email", new ActionMessage("error.valid.email.required"));
        }
        if (actionMessages.isEmpty()) {
            if (bool.booleanValue()) {
                log.debug("editing userId: " + num2);
                dynaActionForm.set("password", user.getPassword());
                BeanUtils.copyProperties(user, dynaActionForm);
                user.setLocale(supportedLocale);
                user.setAuthenticationMethod(authenticationMethod);
                user.setTheme((Theme) service.findById(Theme.class, (Long) dynaActionForm.get("userTheme")));
                service.saveUser(user);
            } else {
                String string = dynaActionForm.getString("password2");
                String str4 = dynaActionForm.get("password") == null ? null : (String) dynaActionForm.get("password");
                if (StringUtils.isBlank(str4)) {
                    actionMessages.add("password", new ActionMessage("error.password.required"));
                }
                if (!StringUtils.equals(str4, (String) dynaActionForm.get("password2"))) {
                    actionMessages.add("password", new ActionMessage("error.newpassword.mismatch"));
                }
                if (!ValidationUtil.isPasswordValueValid(str4, string)) {
                    actionMessages.add("password", new ActionMessage("error.newpassword.mismatch"));
                }
                if (actionMessages.isEmpty()) {
                    user = new User();
                    String salt = HashUtil.salt();
                    String sha256 = HashUtil.sha256((String) dynaActionForm.get("password"), salt);
                    BeanUtils.copyProperties(user, dynaActionForm);
                    user.setSalt(salt);
                    user.setPassword(sha256);
                    log.debug("creating user... new login: " + user.getLogin());
                    if (actionMessages.isEmpty()) {
                        user.setTheme(service.getDefaultTheme());
                        user.setDisabledFlag(false);
                        user.setCreateDate(new Date());
                        user.setAuthenticationMethod((AuthenticationMethod) service.findByProperty(AuthenticationMethod.class, "authenticationMethodName", "LAMS-Database").get(0));
                        user.setUserId((Integer) null);
                        user.setLocale(supportedLocale);
                        user.setTheme((Theme) service.findById(Theme.class, (Long) dynaActionForm.get("userTheme")));
                        service.saveUser(user);
                        service.logUserCreated(user, userDTO);
                        log.debug("user: " + user.toString());
                    }
                }
            }
        }
        if (!actionMessages.isEmpty()) {
            saveErrors(httpServletRequest, actionMessages);
            httpServletRequest.setAttribute("orgId", num);
            return actionMapping.findForward("user");
        }
        if (num == null || num.intValue() == 0) {
            return actionMapping.findForward("usersearch");
        }
        if (bool.booleanValue()) {
            httpServletRequest.setAttribute("org", num);
            return actionMapping.findForward("userlist");
        }
        httpServletRequest.setAttribute("orgId", num);
        httpServletRequest.setAttribute("userId", user.getUserId());
        return actionMapping.findForward("userroles");
    }

    public ActionForward changePass(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        service = AdminServiceProxy.getService(getServlet().getServletContext());
        ActionMessages actionMessages = new ActionMessages();
        Integer readIntParam = WebUtil.readIntParam(httpServletRequest, "userId", true);
        if (!AdminServiceProxy.getSecurityService(getServlet().getServletContext()).isSysadmin(((UserDTO) SessionManager.getSession().getAttribute("user")).getUserID(), "Change Password of User " + readIntParam, true)) {
            httpServletResponse.sendError(403, "Only Sysadmin has edit permisions");
            return null;
        }
        String readStrParam = WebUtil.readStrParam(httpServletRequest, "password");
        String readStrParam2 = WebUtil.readStrParam(httpServletRequest, "password2");
        if (StringUtils.isBlank(readStrParam)) {
            actionMessages.add("password", new ActionMessage("error.password.required"));
        }
        if (!StringUtils.equals(readStrParam, readStrParam2)) {
            actionMessages.add("password", new ActionMessage("error.newpassword.mismatch"));
        }
        if (!ValidationUtil.isPasswordValueValid(readStrParam, readStrParam2)) {
            actionMessages.add("password", new ActionMessage("label.password.restrictions"));
        }
        if (!actionMessages.isEmpty()) {
            saveErrors(httpServletRequest, actionMessages);
            return actionMapping.findForward("errorPass");
        }
        User user = (User) service.findById(User.class, readIntParam);
        String salt = HashUtil.salt();
        String sha256 = HashUtil.sha256(readStrParam, salt);
        user.setSalt(salt);
        user.setPassword(sha256);
        service.saveUser(user);
        return actionMapping.findForward("userChangePass");
    }
}
