package org.gbif.ipt.action.admin;

import at.favre.lib.crypto.bcrypt.BCrypt;
import com.google.inject.Inject;
import com.opensymphony.xwork2.Action;
import java.io.IOException;
import java.util.List;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.text.RandomStringGenerator;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.gbif.ipt.action.BaseAction;
import org.gbif.ipt.action.POSTAction;
import org.gbif.ipt.config.AppConfig;
import org.gbif.ipt.model.User;
import org.gbif.ipt.service.AlreadyExistingException;
import org.gbif.ipt.service.DeletionNotAllowedException;
import org.gbif.ipt.service.admin.RegistrationManager;
import org.gbif.ipt.service.admin.UserAccountManager;
import org.gbif.ipt.struts2.SimpleTextProvider;
import org.gbif.ipt.validation.UserValidator;

/* loaded from: input_file:WEB-INF/classes/org/gbif/ipt/action/admin/UserAccountsAction.class */
public class UserAccountsAction extends POSTAction {
    private static final long serialVersionUID = 8892204508303815998L;
    private static final int PASSWORD_LENGTH = 8;
    private static final String EMAIL_NEW_ACCOUNT = "<a href=\"mailto:%s?subject=IPT account&amp;body=Dear %s,%%0d%%0dWe would like to inform you that we have created an IPT account for you.%%0d%%0dAccount information:%%0d%%0dIPT: %s%%0dEmail: %s%%0dPassword: %s%%0dRole: %s%%0d%%0dThank you for your attention.\">Click here</a> to share the credentials with the user";
    private static final String EMAIL_PASSWORD_CHANGE = "<a href=\"mailto:%s?subject=IPT password change&amp;body=Dear %s,%%0d%%0dWe would like to inform you that your IPT account's password has been successfully changed.%%0d%%0dAccount information:%%0d%%0dIPT: %s%%0dEmail: %s%%0dPassword: %s%%0d%%0dThank you for your attention.\">Click here</a> to share the new password with the user";
    private final UserAccountManager userManager;
    private final UserValidator validator;
    private User user;
    private String password2;
    private boolean resetPassword;
    private boolean newUser;
    private List<User> users;
    private static final Logger LOG = LogManager.getLogger((Class<?>) UserAccountsAction.class);
    private static final String PASSWORD_ALLOWED_CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
    private static final RandomStringGenerator PASSWORD_GENERATOR = new RandomStringGenerator.Builder().selectFrom(PASSWORD_ALLOWED_CHARS.toCharArray()).build();

    @Inject
    public UserAccountsAction(SimpleTextProvider simpleTextProvider, AppConfig appConfig, RegistrationManager registrationManager, UserAccountManager userAccountManager) {
        super(simpleTextProvider, appConfig, registrationManager);
        this.validator = new UserValidator();
        this.userManager = userAccountManager;
    }

    @Override // org.gbif.ipt.action.POSTAction
    public String delete() {
        if (getCurrentUser().getEmail().equalsIgnoreCase(this.id)) {
            addActionError(getText("admin.user.deleted.current"));
            return Action.INPUT;
        }
        try {
            if (this.userManager.delete(this.id) == null) {
                return BaseAction.NOT_FOUND;
            }
            this.userManager.save();
            addActionMessage(getText("admin.user.deleted"));
            return Action.SUCCESS;
        } catch (IOException e) {
            addActionError(getText("admin.user.cantSave", new String[]{e.getMessage()}));
            return Action.INPUT;
        } catch (DeletionNotAllowedException e2) {
            if (DeletionNotAllowedException.Reason.LAST_ADMIN == e2.getReason()) {
                addActionError(getText("admin.user.deleted.lastadmin"));
                return Action.INPUT;
            }
            if (DeletionNotAllowedException.Reason.LAST_RESOURCE_MANAGER == e2.getReason()) {
                addActionError(getText("admin.user.deleted.lastmanager", new String[]{e2.getMessage()}));
                return Action.INPUT;
            }
            if (DeletionNotAllowedException.Reason.IS_RESOURCE_CREATOR == e2.getReason()) {
                addActionError(getText("admin.user.deleted.error.creator", new String[]{e2.getMessage()}));
                return Action.INPUT;
            }
            addActionError(getText("admin.user.deleted.error"));
            return Action.INPUT;
        }
    }

    public String getPassword2() {
        return this.password2;
    }

    public String getNewUser() {
        return this.newUser ? BooleanUtils.YES : BooleanUtils.NO;
    }

    public User getUser() {
        return this.user;
    }

    public List<User> getUsers() {
        return this.users;
    }

    public String list() {
        this.users = this.userManager.list();
        return Action.SUCCESS;
    }

    @Override // org.gbif.ipt.action.BaseAction, com.opensymphony.xwork2.Preparable
    public void prepare() {
        super.prepare();
        if (this.id == null) {
            this.newUser = true;
        } else {
            this.user = this.userManager.get(this.id);
        }
        if (this.id != null && this.user == null) {
            this.notFound = true;
        }
        if (this.user == null) {
            this.id = null;
            this.user = new User();
            this.newUser = true;
        } else {
            try {
                this.user = (User) this.user.clone();
            } catch (CloneNotSupportedException e) {
                LOG.error("An exception occurred while retrieving user: " + e.getMessage(), (Throwable) e);
            }
        }
    }

    @Override // org.gbif.ipt.action.POSTAction
    public String save() {
        try {
            if (this.id == null) {
                String password = this.user.getPassword();
                this.userManager.create(this.user);
                addActionMessage(getText("admin.user.added", new String[]{String.format(EMAIL_NEW_ACCOUNT, this.user.getEmail(), this.user.getFirstname(), this.cfg.getBaseUrl(), this.user.getEmail(), password, this.user.getRole())}));
                return Action.SUCCESS;
            }
            if (this.resetPassword) {
                String generate = PASSWORD_GENERATOR.generate(8);
                this.user.setPassword(BCrypt.withDefaults().hashToString(12, generate.toCharArray()));
                this.userManager.save(this.user);
                addActionMessage(getText("admin.user.passwordChanged", new String[]{this.user.getEmail(), generate, String.format(EMAIL_PASSWORD_CHANGE, this.user.getEmail(), this.user.getFirstname(), this.cfg.getBaseUrl(), this.user.getEmail(), generate)}));
                return Action.SUCCESS;
            }
            if (this.userManager.get(this.user.getEmail()).getRole() == User.Role.Admin && this.user.getRole() != User.Role.Admin && this.userManager.list(User.Role.Admin).size() < 2) {
                addActionError(getText("admin.user.changed.current"));
                return Action.INPUT;
            }
            if (this.user.getEmail().equals(getCurrentUser().getEmail())) {
                getCurrentUser().setRole(this.user.getRole());
            }
            this.userManager.save(this.user);
            if (getCurrentUser().getRole() != User.Role.Admin) {
                return BaseAction.HOME;
            }
            addActionMessage(getText("admin.user.changed"));
            return Action.SUCCESS;
        } catch (IOException e) {
            LOG.error("The user change couldnt be saved: " + e.getMessage(), (Throwable) e);
            addActionError(getText("admin.user.saveError"));
            addActionError(e.getMessage());
            return Action.INPUT;
        } catch (AlreadyExistingException e2) {
            addActionError(getText("admin.user.exists", new String[]{this.user.getEmail()}));
            this.user = new User();
            return Action.INPUT;
        }
    }

    public void setPassword2(String str) {
        this.password2 = str;
    }

    public void setResetPassword(String str) {
        this.resetPassword = StringUtils.trimToNull(str) != null;
    }

    public void setUser(User user) {
        this.user = user;
    }

    public void setUsers(List<User> list) {
        this.users = list;
    }

    @Override // org.gbif.ipt.action.POSTAction
    public void validateHttpPostOnly() {
        this.validator.validate(this, this.user);
        if (!this.newUser || StringUtils.trimToNull(this.user.getPassword()) == null || this.user.getPassword().equals(this.password2)) {
            return;
        }
        addFieldError("password2", getText("validation.password2.wrong"));
        this.password2 = null;
        this.user.setPassword(null);
    }
}
