package org.apache.syncope.client.enduser.resources;

import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.syncope.client.enduser.SyncopeEnduserConstants;
import org.apache.syncope.client.enduser.SyncopeEnduserSession;
import org.apache.syncope.client.enduser.annotations.Resource;
import org.apache.syncope.common.rest.api.service.UserSelfService;
import org.apache.wicket.request.resource.AbstractResource;
import org.apache.wicket.request.resource.IResource;

@Resource(key = "userSelfPasswordReset", path = "/api/self/requestPasswordReset")
/* loaded from: input_file:org/apache/syncope/client/enduser/resources/UserSelfPasswordReset.class */
public class UserSelfPasswordReset extends BaseUserSelfResource {
    private static final long serialVersionUID = -2721621682300247583L;

    protected AbstractResource.ResourceResponse newResourceResponse(IResource.Attributes attributes) {
        HttpServletRequest httpServletRequest;
        AbstractResource.ResourceResponse resourceResponse = new AbstractResource.ResourceResponse();
        resourceResponse.setContentType("text/plain");
        String[] strArr = {"<unknown>"};
        try {
            httpServletRequest = (HttpServletRequest) attributes.getRequest().getContainerRequest();
        } catch (Exception e) {
            LOG.error("Unable to process password reset request", e);
            resourceResponse.setError(Integer.valueOf(Response.Status.BAD_REQUEST.getStatusCode()), "ErrorMessage{{ " + e.getMessage() + " }}");
        }
        if (!xsrfCheck(httpServletRequest)) {
            LOG.error("XSRF TOKEN does not match");
            resourceResponse.setError(Integer.valueOf(Response.Status.BAD_REQUEST.getStatusCode()), "XSRF TOKEN does not match");
            return resourceResponse;
        }
        Map parameterMap = httpServletRequest.getParameterMap();
        strArr = (String[]) parameterMap.get("username");
        if (ArrayUtils.isEmpty(strArr)) {
            throw new Exception("A valid username should be provided");
        }
        if (httpServletRequest.getHeader(SyncopeEnduserConstants.CAPTCHA_SESSION_KEY) == null || !captchaCheck(httpServletRequest.getHeader(SyncopeEnduserConstants.CAPTCHA_SESSION_KEY), httpServletRequest.getSession().getAttribute(SyncopeEnduserConstants.CAPTCHA_SESSION_KEY))) {
            throw new IllegalArgumentException("Entered captcha is not matching");
        }
        if (SyncopeEnduserSession.get().getPlatformInfo().isPwdResetRequiringSecurityQuestions()) {
            String[] strArr2 = (String[]) parameterMap.get("securityAnswer");
            if (ArrayUtils.isEmpty(strArr2)) {
                throw new Exception("A correct security answer should be provided");
            }
            ((UserSelfService) SyncopeEnduserSession.get().getService(UserSelfService.class)).requestPasswordReset(strArr[0], strArr2[0]);
        } else {
            ((UserSelfService) SyncopeEnduserSession.get().getService(UserSelfService.class)).requestPasswordReset(strArr[0], (String) null);
        }
        buildResponse(resourceResponse, Response.Status.OK.getStatusCode(), "Password reset request sent for user " + strArr[0]);
        return resourceResponse;
    }
}
