package pl.sparkbit.security.service.impl;

import java.beans.ConstructorProperties;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
import pl.sparkbit.commons.exception.NotFoundException;
import pl.sparkbit.security.callbacks.PasswordResetChallengeCallback;
import pl.sparkbit.security.callbacks.SetNewPasswordChallengeCallback;
import pl.sparkbit.security.config.SecurityProperties;
import pl.sparkbit.security.dao.CredentialsDao;
import pl.sparkbit.security.dao.UserDetailsDao;
import pl.sparkbit.security.domain.Credentials;
import pl.sparkbit.security.domain.SecurityChallenge;
import pl.sparkbit.security.domain.SecurityChallengeType;
import pl.sparkbit.security.exception.NoValidTokenFoundException;
import pl.sparkbit.security.login.AuthnAttributes;
import pl.sparkbit.security.login.ExpectedAndProvidedAuthnAttributesMismatchException;
import pl.sparkbit.security.login.LoginPrincipalFactory;
import pl.sparkbit.security.service.PasswordResetService;
import pl.sparkbit.security.util.SecurityChallenges;

@ConditionalOnProperty(value = {SecurityProperties.PASSWORD_RESET_ENABLED}, havingValue = "true")
@Service
/* loaded from: input_file:pl/sparkbit/security/service/impl/PasswordResetServiceImpl.class */
public class PasswordResetServiceImpl implements PasswordResetService {
    private static final Logger log = LoggerFactory.getLogger(PasswordResetServiceImpl.class);
    private static final List<SecurityChallengeType> ALLOWED_TYPES_TO_RESET = Arrays.asList(SecurityChallengeType.PASSWORD_RESET, SecurityChallengeType.SET_NEW_PASSWORD);
    private final CredentialsDao credentialsDao;
    private final LoginPrincipalFactory loginPrincipalFactory;
    private final Optional<SetNewPasswordChallengeCallback> setNewPasswordCallback;
    private final PasswordEncoder passwordEncoder;
    private final PasswordResetChallengeCallback passwordResetCallback;
    private final SecurityChallenges securityChallenges;
    private final UserDetailsDao userDetailsDao;
    private final SecurityProperties configuration;

    @Override // pl.sparkbit.security.service.PasswordResetService
    @Transactional
    public void initiatePasswordReset(Map<String, String> map) {
        try {
            AuthnAttributes authnAttributes = this.loginPrincipalFactory.generate(map).getAuthnAttributes();
            Optional<String> selectUserId = this.userDetailsDao.selectUserId(authnAttributes);
            if (!selectUserId.isPresent()) {
                log.debug("Initiated password reset for non-existent user {}", authnAttributes);
                if (this.configuration.getPasswordReset().getInformNotFound().booleanValue()) {
                    throw new NotFoundException("User not found");
                }
            } else {
                String str = selectUserId.get();
                this.passwordResetCallback.transmitToUser(this.securityChallenges.createAndInsertChallenge(str, SecurityChallengeType.PASSWORD_RESET));
                log.debug("User {} initiated password reset", str);
            }
        } catch (ExpectedAndProvidedAuthnAttributesMismatchException e) {
            throw new AccessDeniedException(e.getMessage());
        }
    }

    @Override // pl.sparkbit.security.service.PasswordResetService
    @Transactional(propagation = Propagation.MANDATORY)
    public void initiateSetNewPassword(String str) {
        if (!this.setNewPasswordCallback.isPresent()) {
            throw new IllegalStateException("Implement SetNewPasswordChallengeCallback bean!");
        }
        this.setNewPasswordCallback.get().transmitToUser(this.securityChallenges.createAndInsertChallenge(str, SecurityChallengeType.SET_NEW_PASSWORD));
        log.debug("User {} initiated setting new password", str);
    }

    @Override // pl.sparkbit.security.service.PasswordResetService
    @Transactional
    public void resetPassword(String str, String str2, SecurityChallengeType securityChallengeType) {
        if (!ALLOWED_TYPES_TO_RESET.contains(securityChallengeType)) {
            log.debug("Illegal token type", securityChallengeType);
            throw new NoValidTokenFoundException("Valid token not found", NoValidTokenFoundException.FailureReason.TOKEN_NOT_FOUND);
        }
        SecurityChallenge finishChallenge = this.securityChallenges.finishChallenge(str, securityChallengeType);
        if (SecurityChallengeType.SET_NEW_PASSWORD.equals(securityChallengeType)) {
            this.setNewPasswordCallback.ifPresent(setNewPasswordChallengeCallback -> {
                setNewPasswordChallengeCallback.notifyOfSuccess(finishChallenge);
            });
        } else if (SecurityChallengeType.PASSWORD_RESET.equals(securityChallengeType)) {
            this.passwordResetCallback.notifyOfSuccess(finishChallenge);
        }
        this.credentialsDao.updateCredentials(Credentials.builder().userId(finishChallenge.getUserId()).password(this.passwordEncoder.encode(str2)).build());
        log.debug("Password for user {} changed", finishChallenge.getUserId());
    }

    @ConstructorProperties({"credentialsDao", "loginPrincipalFactory", "setNewPasswordCallback", "passwordEncoder", "passwordResetCallback", "securityChallenges", "userDetailsDao", "configuration"})
    public PasswordResetServiceImpl(CredentialsDao credentialsDao, LoginPrincipalFactory loginPrincipalFactory, Optional<SetNewPasswordChallengeCallback> optional, PasswordEncoder passwordEncoder, PasswordResetChallengeCallback passwordResetChallengeCallback, SecurityChallenges securityChallenges, UserDetailsDao userDetailsDao, SecurityProperties securityProperties) {
        this.credentialsDao = credentialsDao;
        this.loginPrincipalFactory = loginPrincipalFactory;
        this.setNewPasswordCallback = optional;
        this.passwordEncoder = passwordEncoder;
        this.passwordResetCallback = passwordResetChallengeCallback;
        this.securityChallenges = securityChallenges;
        this.userDetailsDao = userDetailsDao;
        this.configuration = securityProperties;
    }
}
