package org.apache.archiva.redback.struts2.action.admin;

import com.opensymphony.xwork2.Action;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.archiva.redback.integration.interceptor.SecureActionBundle;
import org.apache.archiva.redback.integration.interceptor.SecureActionException;
import org.apache.archiva.redback.integration.model.AdminEditUserCredentials;
import org.apache.archiva.redback.policy.PasswordEncoder;
import org.apache.archiva.redback.policy.PasswordRuleViolationException;
import org.apache.archiva.redback.rbac.RBACManager;
import org.apache.archiva.redback.rbac.RbacManagerException;
import org.apache.archiva.redback.rbac.Role;
import org.apache.archiva.redback.struts2.action.AuditEvent;
import org.apache.archiva.redback.struts2.action.CancellableAction;
import org.apache.archiva.redback.system.DefaultSecuritySession;
import org.apache.archiva.redback.system.SecuritySystemConstants;
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.users.UserManager;
import org.apache.archiva.redback.users.UserNotFoundException;
import org.apache.archiva.web.action.admin.repositories.AbstractManagedRepositoriesAction;
import org.apache.commons.lang.StringEscapeUtils;
import org.codehaus.plexus.util.StringUtils;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Controller;

@Scope("prototype")
@Controller("redback-admin-user-edit")
/* loaded from: input_file:WEB-INF/lib/redback-struts2-integration-2.0.jar:org/apache/archiva/redback/struts2/action/admin/UserEditAction.class */
public class UserEditAction extends AbstractAdminUserCredentialsAction implements CancellableAction {

    @Inject
    @Named("rBACManager#cached")
    private RBACManager rbacManager;
    private List<Role> effectivelyAssignedRoles;
    private AdminEditUserCredentials user;
    private String updateButton;
    private boolean emailValidationRequired;
    private boolean hasHiddenRoles;
    private String oldPassword;
    private String userAdminPassword;
    private boolean self;
    public static String CONFIRM = AbstractManagedRepositoriesAction.CONFIRM;
    public static String CONFIRM_ERROR = "confirmError";

    public String edit() {
        this.oldPassword = "";
        this.emailValidationRequired = this.securitySystem.getPolicy().getUserValidationSettings().isEmailValidationRequired();
        if (getUsername() == null) {
            addActionError(getText("cannot.edit.user.null.username"));
            return "error";
        }
        if (StringUtils.isEmpty(getUsername())) {
            addActionError(getText("cannot.edit.user.empty.username"));
            return "error";
        }
        UserManager userManager = this.securitySystem.getUserManager();
        String escapeXml = StringEscapeUtils.escapeXml(getUsername());
        if (!userManager.userExists(escapeXml)) {
            addActionError(getText("user.does.not.exist", Collections.singletonList(escapeXml)));
            return "error";
        }
        try {
            User findUser = userManager.findUser(escapeXml);
            if (findUser == null) {
                addActionError(getText("cannot.operate.on.null.user"));
                return "error";
            }
            this.user = new AdminEditUserCredentials(findUser);
            if (getUsername().equals(getCurrentUser())) {
                this.self = true;
            }
            try {
                List<Role> filterAssignableRoles = filterAssignableRoles(this.rbacManager.getEffectivelyAssignedRoles(findUser.getPrincipal().toString()));
                this.effectivelyAssignedRoles = filterRolesForCurrentUserAccess(filterAssignableRoles);
                this.hasHiddenRoles = filterAssignableRoles.size() > this.effectivelyAssignedRoles.size();
            } catch (RbacManagerException e) {
            }
            return "input";
        } catch (UserNotFoundException e2) {
            addActionError(getText("cannot.get.user", Arrays.asList(getUsername(), e2.getMessage())));
            return "error";
        }
    }

    private List<Role> filterAssignableRoles(Collection<Role> collection) {
        ArrayList arrayList = new ArrayList(collection.size());
        for (Role role : collection) {
            if (role.isAssignable()) {
                arrayList.add(role);
            }
        }
        return arrayList;
    }

    public String submit() {
        if (getUsername() == null) {
            addActionError(getText("cannot.edit.user.null.username"));
            return "error";
        }
        if (StringUtils.isEmpty(getUsername())) {
            addActionError(getText("cannot.edit.user.empty.username"));
            return "error";
        }
        if (this.user == null) {
            addActionError(getText("cannot.edit.user.null.credentials"));
            return "error";
        }
        this.internalUser = this.user;
        validateCredentialsLoose();
        return (hasActionErrors() || hasFieldErrors()) ? "error" : !getUsername().equals(getCurrentUser()) ? CONFIRM : save(true);
    }

    public String confirmAdminPassword() {
        UserManager userManager = this.securitySystem.getUserManager();
        if (StringUtils.isEmpty(this.userAdminPassword)) {
            addActionError(getText("user.admin.password.required"));
            return CONFIRM_ERROR;
        }
        try {
            if (this.securitySystem.getPolicy().getPasswordEncoder().isPasswordValid(userManager.findUser(getCurrentUser()).getEncodedPassword(), this.userAdminPassword)) {
                return save(false);
            }
            addActionError(getText("user.admin.password.does.not.match.existing"));
            return CONFIRM_ERROR;
        } catch (UserNotFoundException e) {
            addActionError(getText("cannot.find.user", Arrays.asList(getCurrentUser(), e.getMessage())));
            return CONFIRM_ERROR;
        }
    }

    @Override // org.apache.archiva.redback.struts2.action.CancellableAction
    public String cancel() {
        return CancellableAction.CANCEL;
    }

    private String save(boolean z) {
        UserManager userManager = this.securitySystem.getUserManager();
        if (!userManager.userExists(getUsername())) {
            addActionError(getText("user.does.not.exist", Collections.singletonList(getUsername())));
            return "error";
        }
        try {
            User findUser = userManager.findUser(getUsername());
            if (findUser == null) {
                addActionError(getText("cannot.operate.on.null.user"));
                return "error";
            }
            if (z) {
                PasswordEncoder passwordEncoder = this.securitySystem.getPolicy().getPasswordEncoder();
                if (StringUtils.isEmpty(this.oldPassword)) {
                    this.self = true;
                    addFieldError("oldPassword", getText("old.password.required"));
                    return "error";
                }
                if (!passwordEncoder.isPasswordValid(findUser.getEncodedPassword(), this.oldPassword)) {
                    this.self = true;
                    addFieldError("oldPassword", getText("password.provided.does.not.match.existing"));
                    return "error";
                }
            }
            findUser.setFullName(this.user.getFullName());
            findUser.setEmail(this.user.getEmail());
            findUser.setPassword(this.user.getPassword());
            findUser.setLocked(this.user.isLocked());
            findUser.setPasswordChangeRequired(this.user.isPasswordChangeRequired());
            userManager.updateUser(findUser, this.user.isPasswordChangeRequired());
            if (getSecuritySession().getUser().getUsername().equals(findUser.getUsername())) {
                this.session.put(SecuritySystemConstants.SECURITY_SESSION_KEY, new DefaultSecuritySession(getSecuritySession().getAuthenticationResult(), findUser));
                setSession(this.session);
            }
            String currentUser = getCurrentUser();
            AuditEvent auditEvent = new AuditEvent(getText("log.account.edit"));
            auditEvent.setAffectedUser(getUsername());
            auditEvent.setCurrentUser(currentUser);
            auditEvent.log();
            return Action.SUCCESS;
        } catch (PasswordRuleViolationException e) {
            processPasswordRuleViolations(e);
            return "error";
        } catch (UserNotFoundException e2) {
            addActionError(getText("cannot.find.user", Arrays.asList(getUsername(), e2.getMessage())));
            return "error";
        }
    }

    public String getUpdateButton() {
        return this.updateButton;
    }

    public void setUpdateButton(String str) {
        this.updateButton = str;
    }

    public AdminEditUserCredentials getUser() {
        return this.user;
    }

    public void setUser(AdminEditUserCredentials adminEditUserCredentials) {
        this.user = adminEditUserCredentials;
    }

    @Override // org.apache.archiva.redback.struts2.action.AbstractSecurityAction
    public SecureActionBundle initSecureActionBundle() throws SecureActionException {
        SecureActionBundle secureActionBundle = new SecureActionBundle();
        secureActionBundle.setRequiresAuthentication(true);
        secureActionBundle.addRequiredAuthorization("user-management-user-edit", "*");
        secureActionBundle.addRequiredAuthorization("user-management-user-edit", getUsername());
        secureActionBundle.addRequiredAuthorization("user-management-user-role", "*");
        return secureActionBundle;
    }

    public List<Role> getEffectivelyAssignedRoles() {
        return this.effectivelyAssignedRoles;
    }

    public boolean isEmailValidationRequired() {
        return this.emailValidationRequired;
    }

    public boolean isHasHiddenRoles() {
        return this.hasHiddenRoles;
    }

    public void setHasHiddenRoles(boolean z) {
        this.hasHiddenRoles = z;
    }

    public void setOldPassword(String str) {
        this.oldPassword = str;
    }

    public void setUserAdminPassword(String str) {
        this.userAdminPassword = str;
    }

    public boolean isSelf() {
        return this.self;
    }
}
