package org.dspace.app.rest.repository.patch.operation;

import com.fasterxml.jackson.annotation.JsonProperty;
import java.sql.SQLException;
import java.util.Optional;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.dspace.app.rest.exception.DSpaceBadRequestException;
import org.dspace.app.rest.exception.PasswordNotValidException;
import org.dspace.app.rest.exception.UnprocessableEntityException;
import org.dspace.app.rest.exception.WrongCurrentPasswordException;
import org.dspace.app.rest.model.patch.JsonValueEvaluator;
import org.dspace.app.rest.model.patch.Operation;
import org.dspace.app.util.AuthorizeUtil;
import org.dspace.authenticate.service.AuthenticationService;
import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.service.ValidatePasswordService;
import org.dspace.core.Context;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.factory.EPersonServiceFactory;
import org.dspace.eperson.service.AccountService;
import org.dspace.eperson.service.EPersonService;
import org.dspace.services.RequestService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/dspace/app/rest/repository/patch/operation/EPersonPasswordAddOperation.class */
public class EPersonPasswordAddOperation<R> extends PatchOperation<R> {
    private static final Logger log = LogManager.getLogger(EPersonPasswordAddOperation.class);
    public static final String OPERATION_PASSWORD_CHANGE = "/password";
    protected EPersonService ePersonService = EPersonServiceFactory.getInstance().getEPersonService();

    @Autowired
    private RequestService requestService;

    @Autowired
    private AccountService accountService;

    @Autowired
    private ValidatePasswordService validatePasswordService;

    @Autowired
    private AuthenticationService authenticationService;

    /* loaded from: input_file:org/dspace/app/rest/repository/patch/operation/EPersonPasswordAddOperation$PasswordVO.class */
    public static class PasswordVO {

        @JsonProperty("new_password")
        private String newPassword;

        @JsonProperty("current_password")
        private String currentPassword;

        public Optional<String> getNewPassword() {
            return Optional.ofNullable(this.newPassword);
        }

        public void setNewPassword(String str) {
            this.newPassword = str;
        }

        public Optional<String> getCurrentPassword() {
            return Optional.ofNullable(this.currentPassword);
        }

        public void setCurrentPassword(String str) {
            this.currentPassword = str;
        }
    }

    @Override // org.dspace.app.rest.repository.patch.operation.PatchOperation
    public R perform(Context context, R r, Operation operation) {
        if (!supports(r, operation)) {
            throw new DSpaceBadRequestException(getClass().getName() + " does not support this operation");
        }
        PasswordVO parseOperationValue = parseOperationValue(operation);
        String orElseThrow = parseOperationValue.getNewPassword().orElseThrow(() -> {
            return new DSpaceBadRequestException("No password provided");
        });
        EPerson ePerson = (EPerson) r;
        if (!AuthorizeUtil.authorizeUpdatePassword(context, ePerson.getEmail())) {
            throw new DSpaceBadRequestException("Password cannot be updated for the given EPerson with email: " + ePerson.getEmail());
        }
        if (!this.validatePasswordService.isPasswordValid(orElseThrow)) {
            throw new PasswordNotValidException();
        }
        String parameter = this.requestService.getCurrentRequest().getHttpServletRequest().getParameter("token");
        if (StringUtils.isNotBlank(parameter)) {
            verifyAndDeleteToken(context, ePerson, parameter, operation);
        } else if (ePerson.hasPasswordSet()) {
            verifyCurrentPassword(context, ePerson, parseOperationValue);
        }
        this.ePersonService.setPassword(ePerson, orElseThrow);
        return r;
    }

    private PasswordVO parseOperationValue(Operation operation) {
        if (operation.getValue() == null) {
            throw new UnprocessableEntityException("No value provided for operation " + operation.getPath());
        }
        try {
            return (PasswordVO) ((JsonValueEvaluator) operation.getValue()).evaluate(PasswordVO.class);
        } catch (Exception e) {
            throw new UnprocessableEntityException("Invalid value provided for operation " + operation.getPath(), e);
        }
    }

    private void verifyAndDeleteToken(Context context, EPerson ePerson, String str, Operation operation) {
        try {
            EPerson ePerson2 = this.accountService.getEPerson(context, str);
            if (ePerson2 == null) {
                throw new AccessDeniedException("The token in the parameter: " + str + " couldn't be associated with an EPerson");
            }
            if (!ePerson2.getID().equals(ePerson.getID())) {
                throw new AccessDeniedException("The token in the parameter belongs to a different EPerson than the uri indicates");
            }
            context.setCurrentUser(ePerson2);
            this.accountService.deleteToken(context, str);
        } catch (SQLException | AuthorizeException e) {
            log.error("Failed to verify or delete the token for an EPerson patch", e);
        }
    }

    private void verifyCurrentPassword(Context context, EPerson ePerson, PasswordVO passwordVO) {
        if (!this.authenticationService.canChangePassword(context, ePerson, passwordVO.getCurrentPassword().orElseThrow(() -> {
            return new WrongCurrentPasswordException("No current password provided");
        }))) {
            throw new WrongCurrentPasswordException("The provided password is wrong");
        }
    }

    @Override // org.dspace.app.rest.repository.patch.operation.PatchOperation
    public boolean supports(Object obj, Operation operation) {
        return (obj instanceof EPerson) && operation.getOp().trim().equalsIgnoreCase(PatchOperation.OPERATION_ADD) && operation.getPath().trim().equalsIgnoreCase(OPERATION_PASSWORD_CHANGE);
    }
}
