package org.alfresco.repo.security.authentication;

import java.io.Serializable;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.activiti.engine.HistoryService;
import org.activiti.engine.TaskService;
import org.activiti.engine.delegate.DelegateExecution;
import org.activiti.engine.task.Task;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.action.executer.MailActionExecuter;
import org.alfresco.repo.admin.SysAdminParams;
import org.alfresco.repo.client.config.ClientAppConfig;
import org.alfresco.repo.client.config.ClientAppNotFoundException;
import org.alfresco.repo.workflow.BPMEngineRegistry;
import org.alfresco.repo.workflow.WorkflowModel;
import org.alfresco.repo.workflow.WorkflowModelResetPassword;
import org.alfresco.repo.workflow.activiti.ActivitiConstants;
import org.alfresco.service.cmr.action.ActionService;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.cmr.workflow.WorkflowDefinition;
import org.alfresco.service.cmr.workflow.WorkflowException;
import org.alfresco.service.cmr.workflow.WorkflowInstance;
import org.alfresco.service.cmr.workflow.WorkflowPath;
import org.alfresco.service.cmr.workflow.WorkflowService;
import org.alfresco.service.cmr.workflow.WorkflowTask;
import org.alfresco.service.cmr.workflow.WorkflowTaskQuery;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.EmailHelper;
import org.alfresco.util.GUID;
import org.alfresco.util.ParameterCheck;
import org.alfresco.util.PropertyCheck;
import org.alfresco.util.UrlUtil;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.extensions.surf.util.I18NUtil;

/* loaded from: input_file:org/alfresco/repo/security/authentication/ResetPasswordServiceImpl.class */
public class ResetPasswordServiceImpl implements ResetPasswordService {
    private static final Log LOGGER = LogFactory.getLog(ResetPasswordServiceImpl.class);
    private static final String TIMER_END = "PT1H";
    private static final String WORKFLOW_DESCRIPTION_KEY = "resetpasswordwf_resetpassword.resetpassword.workflow.description";
    private static final String FTL_TEMPLATE_ASSETS_URL = "template_assets_url";
    private static final String FTL_RESET_PASSWORD_URL = "reset_password_url";
    private static final String FTL_USER_NAME = "userName";
    private WorkflowService workflowService;
    private HistoryService activitiHistoryService;
    private ActionService actionService;
    private PersonService personService;
    private NodeService nodeService;
    private SysAdminParams sysAdminParams;
    private MutableAuthenticationService authenticationService;
    private TaskService activitiTaskService;
    private EmailHelper emailHelper;
    private ClientAppConfig clientAppConfig;
    private String defaultEmailSender;
    private String timerEnd = TIMER_END;
    private boolean sendEmailAsynchronously = true;

    /* loaded from: input_file:org/alfresco/repo/security/authentication/ResetPasswordServiceImpl$InvalidResetPasswordWorkflowException.class */
    public static class InvalidResetPasswordWorkflowException extends ResetPasswordWorkflowException {
        private static final long serialVersionUID = -4685359036247580984L;

        public InvalidResetPasswordWorkflowException(String str) {
            super(str);
        }
    }

    /* loaded from: input_file:org/alfresco/repo/security/authentication/ResetPasswordServiceImpl$ResetPasswordDetails.class */
    public static class ResetPasswordDetails {
        private String userId;
        private String password;
        private String workflowId;
        private String workflowKey;

        public String getUserId() {
            return this.userId;
        }

        public ResetPasswordDetails setUserId(String str) {
            this.userId = str;
            return this;
        }

        public String getPassword() {
            return this.password;
        }

        public ResetPasswordDetails setPassword(String str) {
            this.password = str;
            return this;
        }

        public String getWorkflowId() {
            return this.workflowId;
        }

        public ResetPasswordDetails setWorkflowId(String str) {
            this.workflowId = str;
            return this;
        }

        public String getWorkflowKey() {
            return this.workflowKey;
        }

        public ResetPasswordDetails setWorkflowKey(String str) {
            this.workflowKey = str;
            return this;
        }

        public String toString() {
            StringBuilder sb = new StringBuilder(100);
            sb.append("ResetPasswordDetails [userId=").append(this.userId).append(", workflowId=").append(this.workflowId).append(", workflowKey=").append(this.workflowKey).append(']');
            return sb.toString();
        }
    }

    /* loaded from: input_file:org/alfresco/repo/security/authentication/ResetPasswordServiceImpl$ResetPasswordEmailDetails.class */
    public static class ResetPasswordEmailDetails {
        private String userName;
        private String userEmail;
        private String fromEmail;
        private String templatePath;
        private String templateAssetsUrl;
        private Map<String, Serializable> templateModel;
        private String emailSubject;
        private boolean ignoreSendFailure = true;

        public String getUserName() {
            return this.userName;
        }

        public ResetPasswordEmailDetails setUserName(String str) {
            this.userName = str;
            return this;
        }

        public String getUserEmail() {
            return this.userEmail;
        }

        public ResetPasswordEmailDetails setUserEmail(String str) {
            this.userEmail = str;
            return this;
        }

        public String getFromEmail() {
            return this.fromEmail;
        }

        public ResetPasswordEmailDetails setFromEmail(String str) {
            this.fromEmail = str;
            return this;
        }

        public String getTemplatePath() {
            return this.templatePath;
        }

        public ResetPasswordEmailDetails setTemplatePath(String str) {
            this.templatePath = str;
            return this;
        }

        public String getTemplateAssetsUrl() {
            return this.templateAssetsUrl;
        }

        public ResetPasswordEmailDetails setTemplateAssetsUrl(String str) {
            this.templateAssetsUrl = str;
            return this;
        }

        public Map<String, Serializable> getTemplateModel() {
            return this.templateModel;
        }

        public ResetPasswordEmailDetails setTemplateModel(Map<String, Serializable> map) {
            this.templateModel = map;
            return this;
        }

        public String getEmailSubject() {
            return this.emailSubject;
        }

        public ResetPasswordEmailDetails setEmailSubject(String str) {
            this.emailSubject = str;
            return this;
        }

        public boolean isIgnoreSendFailure() {
            return this.ignoreSendFailure;
        }

        public ResetPasswordEmailDetails setIgnoreSendFailure(boolean z) {
            this.ignoreSendFailure = z;
            return this;
        }

        public String toString() {
            StringBuilder sb = new StringBuilder(250);
            sb.append("ResetPasswordEmailDetails [userName=").append(this.userName).append(", userEmail=").append(this.userEmail).append(", fromEmail=").append(this.fromEmail).append(", templatePath=").append(this.templatePath).append(", templateAssetsUrl=").append(this.templateAssetsUrl).append(", templateModel=").append(this.templateModel).append(", emailSubject=").append(this.emailSubject).append(", ignoreSendFailure=").append(this.ignoreSendFailure).append(']');
            return sb.toString();
        }
    }

    /* loaded from: input_file:org/alfresco/repo/security/authentication/ResetPasswordServiceImpl$ResetPasswordWorkflowException.class */
    public static class ResetPasswordWorkflowException extends AlfrescoRuntimeException {
        private static final long serialVersionUID = -694208478609278943L;

        public ResetPasswordWorkflowException(String str) {
            super(str);
        }
    }

    /* loaded from: input_file:org/alfresco/repo/security/authentication/ResetPasswordServiceImpl$ResetPasswordWorkflowInvalidUserException.class */
    public static class ResetPasswordWorkflowInvalidUserException extends ResetPasswordWorkflowException {
        private static final long serialVersionUID = -6524046975575636256L;

        public ResetPasswordWorkflowInvalidUserException(String str) {
            super(str);
        }
    }

    /* loaded from: input_file:org/alfresco/repo/security/authentication/ResetPasswordServiceImpl$ResetPasswordWorkflowNotFoundException.class */
    public static class ResetPasswordWorkflowNotFoundException extends ResetPasswordWorkflowException {
        private static final long serialVersionUID = -7492264073778098895L;

        public ResetPasswordWorkflowNotFoundException(String str) {
            super(str);
        }
    }

    public void setWorkflowService(WorkflowService workflowService) {
        this.workflowService = workflowService;
    }

    public void setActivitiHistoryService(HistoryService historyService) {
        this.activitiHistoryService = historyService;
    }

    public void setActionService(ActionService actionService) {
        this.actionService = actionService;
    }

    public void setPersonService(PersonService personService) {
        this.personService = personService;
    }

    public void setNodeService(NodeService nodeService) {
        this.nodeService = nodeService;
    }

    public void setSysAdminParams(SysAdminParams sysAdminParams) {
        this.sysAdminParams = sysAdminParams;
    }

    public void setAuthenticationService(MutableAuthenticationService mutableAuthenticationService) {
        this.authenticationService = mutableAuthenticationService;
    }

    public void setActivitiTaskService(TaskService taskService) {
        this.activitiTaskService = taskService;
    }

    public void setEmailHelper(EmailHelper emailHelper) {
        this.emailHelper = emailHelper;
    }

    public void setClientAppConfig(ClientAppConfig clientAppConfig) {
        this.clientAppConfig = clientAppConfig;
    }

    public void setTimerEnd(String str) {
        if (StringUtils.isNotEmpty(str)) {
            this.timerEnd = str;
        }
    }

    public void setDefaultEmailSender(String str) {
        this.defaultEmailSender = str;
    }

    public void setSendEmailAsynchronously(boolean z) {
        this.sendEmailAsynchronously = z;
    }

    public void init() {
        PropertyCheck.mandatory(this, "workflowService", this.workflowService);
        PropertyCheck.mandatory(this, "activitiHistoryService", this.activitiHistoryService);
        PropertyCheck.mandatory(this, "actionService", this.actionService);
        PropertyCheck.mandatory(this, "personService", this.personService);
        PropertyCheck.mandatory(this, "nodeService", this.nodeService);
        PropertyCheck.mandatory(this, "sysAdminParams", this.sysAdminParams);
        PropertyCheck.mandatory(this, "authenticationService", this.authenticationService);
        PropertyCheck.mandatory(this, "activitiTaskService", this.activitiTaskService);
        PropertyCheck.mandatory(this, "emailHelper", this.emailHelper);
        PropertyCheck.mandatory(this, "clientAppConfig", this.clientAppConfig);
        PropertyCheck.mandatory(this, "defaultEmailSender", this.defaultEmailSender);
    }

    @Override // org.alfresco.repo.security.authentication.ResetPasswordService
    public void requestReset(String str, String str2) {
        ParameterCheck.mandatoryString("userId", str);
        ParameterCheck.mandatoryString("clientName", str2);
        String validateUserAndGetEmail = validateUserAndGetEmail(str);
        WorkflowDefinition definitionByName = this.workflowService.getDefinitionByName(WorkflowModelResetPassword.WORKFLOW_DEFINITION_NAME);
        HashMap hashMap = new HashMap(7);
        hashMap.put(WorkflowModel.PROP_WORKFLOW_DESCRIPTION, I18NUtil.getMessage(WORKFLOW_DESCRIPTION_KEY));
        hashMap.put(WorkflowModelResetPassword.WF_PROP_USERNAME, str);
        hashMap.put(WorkflowModelResetPassword.WF_PROP_USER_EMAIL, validateUserAndGetEmail);
        hashMap.put(WorkflowModelResetPassword.WF_PROP_CLIENT_NAME, str2);
        hashMap.put(WorkflowModel.ASSOC_PACKAGE, this.workflowService.createPackage(null));
        hashMap.put(WorkflowModelResetPassword.WF_PROP_KEY, GUID.generate());
        hashMap.put(WorkflowModelResetPassword.WF_PROP_TIMER_END, this.timerEnd);
        WorkflowPath startWorkflow = this.workflowService.startWorkflow(definitionByName.getId(), hashMap);
        if (startWorkflow.isActive()) {
            this.workflowService.endTask(this.workflowService.getStartTask(startWorkflow.getInstance().getId()).getId(), null);
        }
    }

    protected String validateUserAndGetEmail(String str) {
        if (!this.personService.personExists(str)) {
            throw new ResetPasswordWorkflowInvalidUserException("User does not exist: " + str);
        }
        if (!this.personService.isEnabled(str)) {
            throw new ResetPasswordWorkflowInvalidUserException("User is disabled: " + str);
        }
        return (String) this.nodeService.getProperty(this.personService.getPerson(str, false), ContentModel.PROP_EMAIL);
    }

    @Override // org.alfresco.repo.security.authentication.ResetPasswordService
    public void initiateResetPassword(ResetPasswordDetails resetPasswordDetails) {
        ParameterCheck.mandatory("resetDetails", resetPasswordDetails);
        validateIdAndKey(resetPasswordDetails.getWorkflowId(), resetPasswordDetails.getWorkflowKey(), resetPasswordDetails.getUserId());
        if (StringUtils.isBlank(resetPasswordDetails.getPassword())) {
            throw new IllegalArgumentException("Invalid password value [" + resetPasswordDetails.getPassword() + ']');
        }
        WorkflowTaskQuery workflowTaskQuery = new WorkflowTaskQuery();
        workflowTaskQuery.setProcessId(resetPasswordDetails.getWorkflowId());
        List<WorkflowTask> queryTasks = this.workflowService.queryTasks(workflowTaskQuery, false);
        if (queryTasks.isEmpty()) {
            throw new InvalidResetPasswordWorkflowException("Invalid workflow identifier: " + resetPasswordDetails.getWorkflowId() + ", " + resetPasswordDetails.getWorkflowKey());
        }
        WorkflowTask workflowTask = queryTasks.get(0);
        Map<QName, Serializable> singletonMap = Collections.singletonMap(WorkflowModelResetPassword.WF_PROP_PASSWORD, resetPasswordDetails.getPassword());
        String id = workflowTask.getId();
        this.workflowService.updateTask(id, singletonMap, null, null);
        this.workflowService.endTask(id, null);
        String replace = id.replace("activiti$", "");
        this.activitiHistoryService.deleteHistoricTaskInstance(replace);
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Deleting historical task for security reasons " + replace);
        }
    }

    private void validateIdAndKey(String str, String str2, String str3) {
        ParameterCheck.mandatory("id", str);
        ParameterCheck.mandatory("key", str2);
        ParameterCheck.mandatory("userId", str3);
        WorkflowInstance workflowInstance = null;
        try {
            workflowInstance = this.workflowService.getWorkflowById(str);
        } catch (WorkflowException unused) {
        }
        if (workflowInstance == null) {
            throw new ResetPasswordWorkflowNotFoundException("The reset password workflow instance with the id [" + str + "] is not found.");
        }
        if (!workflowInstance.isActive()) {
            throw new InvalidResetPasswordWorkflowException("The reset password workflow instance with the id [" + str + "] is not active (it might be expired or has already been used).");
        }
        Map<QName, Serializable> pathProperties = this.workflowService.getPathProperties(str);
        String str4 = (String) pathProperties.get(WorkflowModelResetPassword.WF_PROP_USERNAME);
        String str5 = (String) pathProperties.get(WorkflowModelResetPassword.WF_PROP_KEY);
        if (str4 == null || str5 == null || !str5.equals(str2)) {
            throw new InvalidResetPasswordWorkflowException(str4 == null ? "The recovered user name is null for the reset password workflow instance with the id [" + str + "]" : str5 == null ? "The recovered key is null for the reset password workflow instance with the id [" + str + "]" : "The recovered key [" + str5 + "] does not match the given workflow key [" + str2 + "] for the reset password workflow instance with the id [" + str + "]");
        }
        if (!str4.equals(str3)) {
            throw new InvalidResetPasswordWorkflowException("The given user id [" + str3 + "] does not match the person's user id [" + str4 + "] who requested the password reset.");
        }
    }

    @Override // org.alfresco.repo.security.authentication.ResetPasswordService
    public ClientAppConfig.ClientApp getClientAppConfig(String str) {
        ParameterCheck.mandatoryString("clientName", str);
        ClientAppConfig.ClientApp client = this.clientAppConfig.getClient(str);
        if (client == null) {
            throw new ClientAppNotFoundException("Client was not found [" + str + "]");
        }
        return client;
    }

    @Override // org.alfresco.repo.security.authentication.ResetPasswordService
    public void sendResetPasswordEmail(DelegateExecution delegateExecution, String str, String str2) {
        Map variables = delegateExecution.getVariables();
        String str3 = (String) variables.get(WorkflowModelResetPassword.WF_PROP_USERNAME_ACTIVITI);
        String str4 = (String) variables.get(WorkflowModelResetPassword.WF_PROP_USER_EMAIL_ACTIVITI);
        String str5 = (String) variables.get(WorkflowModelResetPassword.WF_PROP_CLIENT_NAME_ACTIVITI);
        String str6 = (String) variables.get(WorkflowModelResetPassword.WF_PROP_KEY_ACTIVITI);
        String processInstanceId = delegateExecution.getProcessInstanceId();
        ClientAppConfig.ClientApp clientAppConfig = getClientAppConfig(str5);
        sendEmail(new ResetPasswordEmailDetails().setUserName(str3).setUserEmail(str4).setTemplatePath(this.emailHelper.getEmailTemplate(str5, getResetPasswordEmailTemplate(clientAppConfig), str)).setTemplateAssetsUrl(clientAppConfig.getTemplateAssetsUrl()).setEmailSubject(str2).setTemplateModel(Collections.singletonMap(FTL_RESET_PASSWORD_URL, createResetPasswordUrl(clientAppConfig, processInstanceId, str6))));
    }

    @Override // org.alfresco.repo.security.authentication.ResetPasswordService
    public void performResetPassword(DelegateExecution delegateExecution) {
        String str = (String) delegateExecution.getVariable(WorkflowModelResetPassword.WF_PROP_USERNAME_ACTIVITI);
        List list = this.activitiTaskService.createTaskQuery().taskDefinitionKey(WorkflowModelResetPassword.TASK_RESET_PASSWORD).processInstanceId(delegateExecution.getProcessInstanceId()).list();
        if (list.size() != 1) {
            throw new ResetPasswordWorkflowException("Unexpected count of task instances: " + list.size());
        }
        String id = ((Task) list.get(0)).getId();
        String str2 = (String) this.activitiTaskService.getVariable(id, WorkflowModelResetPassword.WF_PROP_PASSWORD_ACTIVITI);
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Retrieved new password from task " + id);
        }
        ParameterCheck.mandatoryString(WorkflowModelResetPassword.WF_PROP_USERNAME_ACTIVITI, str);
        ParameterCheck.mandatoryString(WorkflowModelResetPassword.WF_PROP_PASSWORD_ACTIVITI, str2);
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Changing password for " + str);
        }
        this.authenticationService.setAuthentication(str, str2.toCharArray());
    }

    @Override // org.alfresco.repo.security.authentication.ResetPasswordService
    public void sendResetPasswordConfirmationEmail(DelegateExecution delegateExecution, String str, String str2) {
        Map variables = delegateExecution.getVariables();
        String str3 = (String) variables.get(WorkflowModelResetPassword.WF_PROP_USERNAME_ACTIVITI);
        String str4 = (String) variables.get(WorkflowModelResetPassword.WF_PROP_USER_EMAIL_ACTIVITI);
        String str5 = (String) variables.get(WorkflowModelResetPassword.WF_PROP_CLIENT_NAME_ACTIVITI);
        ClientAppConfig.ClientApp clientAppConfig = getClientAppConfig(str5);
        sendEmail(new ResetPasswordEmailDetails().setUserName(str3).setUserEmail(str4).setTemplatePath(this.emailHelper.getEmailTemplate(str5, getConfirmResetPasswordEmailTemplate(clientAppConfig), str)).setTemplateAssetsUrl(clientAppConfig.getTemplateAssetsUrl()).setEmailSubject(str2).setTemplateModel(Collections.singletonMap("userName", str3)));
    }

    protected void sendEmail(ResetPasswordEmailDetails resetPasswordEmailDetails) {
        HashMap hashMap = new HashMap();
        hashMap.put(FTL_TEMPLATE_ASSETS_URL, getUrl(resetPasswordEmailDetails.getTemplateAssetsUrl(), ClientAppConfig.PROP_TEMPLATE_ASSETS_URL));
        if (resetPasswordEmailDetails.getTemplateModel() != null) {
            hashMap.putAll(resetPasswordEmailDetails.getTemplateModel());
        }
        HashMap hashMap2 = new HashMap(7);
        String fromEmail = resetPasswordEmailDetails.getFromEmail();
        if (StringUtils.isEmpty(fromEmail)) {
            fromEmail = this.defaultEmailSender;
        }
        hashMap2.put(MailActionExecuter.PARAM_FROM, fromEmail);
        hashMap2.put(MailActionExecuter.PARAM_TO, resetPasswordEmailDetails.getUserEmail());
        hashMap2.put(MailActionExecuter.PARAM_SUBJECT, resetPasswordEmailDetails.getEmailSubject());
        hashMap2.put("template", resetPasswordEmailDetails.getTemplatePath());
        hashMap2.put(MailActionExecuter.PARAM_TEMPLATE_MODEL, hashMap);
        hashMap2.put("locale", this.emailHelper.getUserLocaleOrDefault(resetPasswordEmailDetails.getUserName()));
        hashMap2.put(MailActionExecuter.PARAM_IGNORE_SEND_FAILURE, Boolean.valueOf(resetPasswordEmailDetails.ignoreSendFailure));
        this.actionService.executeAction(this.actionService.createAction(MailActionExecuter.NAME, hashMap2), null, false, this.sendEmailAsynchronously);
    }

    private String getUrl(String str, String str2) {
        if (str == null) {
            LOGGER.warn("The url for the property [" + str2 + "] is not configured.");
            return "";
        }
        if (str.endsWith("/")) {
            str = str.substring(0, str.length() - 1);
        }
        return UrlUtil.replaceShareUrlPlaceholder(str, this.sysAdminParams);
    }

    protected String getResetPasswordEmailTemplate(ClientAppConfig.ClientApp clientApp) {
        return clientApp.getProperty("requestResetPasswordTemplatePath");
    }

    protected String getConfirmResetPasswordEmailTemplate(ClientAppConfig.ClientApp clientApp) {
        return clientApp.getProperty("confirmResetPasswordTemplatePath");
    }

    protected String createResetPasswordUrl(ClientAppConfig.ClientApp clientApp, String str, String str2) {
        StringBuilder sb = new StringBuilder(100);
        String property = clientApp.getProperty("resetPasswordPageUrl");
        if (StringUtils.isEmpty(property)) {
            sb.append(UrlUtil.getShareUrl(this.sysAdminParams));
            LOGGER.warn("'resetPasswordPageUrl' property is not set for the client [" + clientApp.getName() + "]. The default base url of Share will be used [" + sb.toString() + "]");
        } else {
            sb.append(getUrl(property, ""));
        }
        sb.append("?key=").append(str2).append("&id=").append(BPMEngineRegistry.createGlobalId(ActivitiConstants.ENGINE_ID, str));
        return sb.toString();
    }
}
