package net.lukemurphey.nsia.web.views;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.sql.SQLException;
import java.util.Map;
import java.util.Vector;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.lukemurphey.nsia.Application;
import net.lukemurphey.nsia.GeneralizedException;
import net.lukemurphey.nsia.InputValidationException;
import net.lukemurphey.nsia.LocalPasswordAuthentication;
import net.lukemurphey.nsia.NoDatabaseConnectionException;
import net.lukemurphey.nsia.NotFoundException;
import net.lukemurphey.nsia.NumericalOverflowException;
import net.lukemurphey.nsia.PasswordAuthenticationValidator;
import net.lukemurphey.nsia.PasswordInvalidException;
import net.lukemurphey.nsia.UserManagement;
import net.lukemurphey.nsia.eventlog.EventLogField;
import net.lukemurphey.nsia.eventlog.EventLogMessage;
import net.lukemurphey.nsia.scan.ScanRule;
import net.lukemurphey.nsia.web.Link;
import net.lukemurphey.nsia.web.Menu;
import net.lukemurphey.nsia.web.RequestContext;
import net.lukemurphey.nsia.web.SessionMessages;
import net.lukemurphey.nsia.web.Shortcuts;
import net.lukemurphey.nsia.web.StandardViewList;
import net.lukemurphey.nsia.web.URLInvalidException;
import net.lukemurphey.nsia.web.View;
import net.lukemurphey.nsia.web.ViewFailedException;
import net.lukemurphey.nsia.web.ViewNotFoundException;
import net.lukemurphey.nsia.web.forms.Field;
import net.lukemurphey.nsia.web.forms.FieldError;
import net.lukemurphey.nsia.web.forms.FieldErrors;
import net.lukemurphey.nsia.web.forms.Form;
import net.lukemurphey.nsia.web.forms.PasswordValidator;
import net.lukemurphey.nsia.web.templates.DialogTemplateDirective;
import net.lukemurphey.nsia.web.templates.TemplateLoader;
import net.lukemurphey.nsia.web.views.Dialog;

/* loaded from: input_file:net/lukemurphey/nsia/web/views/UserPasswordUpdateView.class */
public class UserPasswordUpdateView extends View {
    public static final String VIEW_NAME = "user_password";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/lukemurphey/nsia/web/views/UserPasswordUpdateView$UserPasswordUpdateForm.class */
    public static class UserPasswordUpdateForm extends Form {
        public UserPasswordUpdateForm() {
            addField(new Field("YourPassword"));
            addField(new Field("Password", new PasswordValidator()));
            addField(new Field("PasswordConfirm"));
        }

        @Override // net.lukemurphey.nsia.web.forms.Form
        public FieldErrors validate(HttpServletRequest httpServletRequest) {
            FieldErrors validate = super.validate(httpServletRequest);
            if (!validate.isEmpty()) {
                return validate;
            }
            if (httpServletRequest.getParameter("Password") != null && !httpServletRequest.getParameter("Password").equalsIgnoreCase(httpServletRequest.getParameter("PasswordConfirm"))) {
                validate.put(new FieldError("Password", httpServletRequest.getParameter("PasswordConfirm"), "The passwords are not identical"));
            }
            return validate;
        }
    }

    public UserPasswordUpdateView() {
        super("User/UpdatePassword", VIEW_NAME, Pattern.compile("[0-9]+"));
    }

    public static String getURL(UserManagement.UserDescriptor userDescriptor) throws URLInvalidException {
        return new UserPasswordUpdateView().createURL(Integer.valueOf(userDescriptor.getUserID()));
    }

    private boolean performActions(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RequestContext requestContext, String[] strArr, Map<String, Object> map, UserManagement.UserDescriptor userDescriptor) throws ViewFailedException, NotFoundException, PasswordInvalidException {
        try {
            UserManagement userManagement = new UserManagement(Application.getApplication());
            if (!"POST".equalsIgnoreCase(httpServletRequest.getMethod())) {
                return false;
            }
            FieldErrors validate = new UserPasswordUpdateForm().validate(httpServletRequest);
            if (validate.size() > 0) {
                map.put("form_errors", validate);
                return false;
            }
            LocalPasswordAuthentication localPasswordAuthentication = new LocalPasswordAuthentication(Application.getApplication());
            System.out.print("Password: " + httpServletRequest.getParameter("YourPassword"));
            if (!localPasswordAuthentication.checkPassword(userDescriptor.getUserID(), new PasswordAuthenticationValidator(httpServletRequest.getParameter("YourPassword")))) {
                validate.put(new FieldError("YourPassword", ScanRule.RULE_TYPE, "Your current password is incorrect"));
                map.put("form_errors", validate);
                throw new PasswordInvalidException();
            }
            userManagement.changePassword(userDescriptor, httpServletRequest.getParameter("Password"));
            Application.getApplication().logEvent(EventLogMessage.EventType.USER_PASSWORD_CHANGED, new EventLogField(EventLogField.FieldName.TARGET_USER_NAME, userDescriptor.getUserName()), new EventLogField(EventLogField.FieldName.TARGET_USER_ID, userDescriptor.getUserID()), new EventLogField(EventLogField.FieldName.SOURCE_USER_NAME, requestContext.getSessionInfo().getUserName()), new EventLogField(EventLogField.FieldName.SOURCE_USER_ID, requestContext.getSessionInfo().getUserId()));
            if (userDescriptor == null || requestContext.getUser() == null || userDescriptor.getUserID() != requestContext.getUser().getUserID()) {
                requestContext.addMessage("The password for the " + userDescriptor.getUserName() + " account was successfully updated", SessionMessages.MessageSeverity.SUCCESS);
            } else {
                requestContext.addMessage("Your password was successfully updated", SessionMessages.MessageSeverity.SUCCESS);
            }
            httpServletResponse.sendRedirect(UserView.getURL(userDescriptor));
            return true;
        } catch (IOException e) {
            throw new ViewFailedException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new ViewFailedException(e2);
        } catch (SQLException e3) {
            throw new ViewFailedException(e3);
        } catch (InputValidationException e4) {
            throw new ViewFailedException(e4);
        } catch (NoDatabaseConnectionException e5) {
            throw new ViewFailedException(e5);
        } catch (NumericalOverflowException e6) {
            throw new ViewFailedException(e6);
        } catch (URLInvalidException e7) {
            throw new ViewFailedException(e7);
        }
    }

    @Override // net.lukemurphey.nsia.web.View
    protected boolean process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RequestContext requestContext, String[] strArr, Map<String, Object> map) throws ViewFailedException, URLInvalidException, IOException, ViewNotFoundException {
        UserManagement.UserDescriptor userDescriptor = null;
        if (strArr.length >= 1) {
            try {
                try {
                    userDescriptor = new UserManagement(Application.getApplication()).getUserDescriptor(Integer.valueOf(strArr[0]).intValue());
                    if (userDescriptor == null) {
                        Dialog.getDialog(httpServletResponse, requestContext, map, "No user was found with the given ID", "User Not Found", Dialog.DialogType.WARNING);
                        return true;
                    }
                    map.put(UserView.VIEW_NAME, userDescriptor);
                } catch (SQLException e) {
                    throw new ViewFailedException(e);
                } catch (NoDatabaseConnectionException e2) {
                    throw new ViewFailedException(e2);
                } catch (NotFoundException e3) {
                    Dialog.getDialog(httpServletResponse, requestContext, map, "No user was found with the given ID", "User Not Found", Dialog.DialogType.WARNING);
                    return true;
                }
            } catch (NumberFormatException e4) {
                Dialog.getDialog(httpServletResponse, requestContext, map, "The User ID provided is not valid", "User ID Invalid", Dialog.DialogType.WARNING);
                return true;
            }
        }
        if (userDescriptor == null) {
            Dialog.getDialog(httpServletResponse, requestContext, map, "No user provided to update", "User Not Found", Dialog.DialogType.WARNING);
            return true;
        }
        try {
            if (requestContext.getUser().getUserID() == userDescriptor.getUserID()) {
                if (!Shortcuts.hasRight(requestContext.getSessionInfo(), "Users.UpdateOwnPassword", "Update user's own password")) {
                    requestContext.addMessage("You do not have permission to update your password", SessionMessages.MessageSeverity.WARNING);
                    httpServletResponse.sendRedirect(UserView.getURL(userDescriptor));
                    return true;
                }
            } else if (!Shortcuts.hasRight(requestContext.getSessionInfo(), "Users.UpdatePassword", "Update another user's password")) {
                requestContext.addMessage("You do not have permission to update user passwords", SessionMessages.MessageSeverity.WARNING);
                httpServletResponse.sendRedirect(UserView.getURL(userDescriptor));
                return true;
            }
            try {
                if (performActions(httpServletRequest, httpServletResponse, requestContext, strArr, map, userDescriptor)) {
                    return true;
                }
            } catch (NotFoundException e5) {
                Dialog.getDialog(httpServletResponse, requestContext, map, "No user was found with the given ID", "User Not Found", Dialog.DialogType.WARNING);
                return true;
            } catch (PasswordInvalidException e6) {
            }
            map.put("menu", Menu.getUserMenu(requestContext, userDescriptor));
            Vector vector = new Vector();
            vector.add(new Link("Main Dashboard", StandardViewList.getURL(MainDashboardView.VIEW_NAME, new Object[0])));
            vector.add(new Link("User Management", UsersView.getURL()));
            vector.add(new Link("View User: " + userDescriptor.getUserName(), UserView.getURL(userDescriptor)));
            vector.add(new Link("Edit User", UserEditView.getURL(userDescriptor)));
            vector.add(new Link("Update Password", createURL(Integer.valueOf(userDescriptor.getUserID()))));
            map.put("breadcrumbs", vector);
            map.put(DialogTemplateDirective.PARAM_TITLE, "Update Password");
            Shortcuts.addDashboardHeaders(httpServletRequest, httpServletResponse, map);
            TemplateLoader.renderToResponse("UserPasswordUpdate.ftl", map, httpServletResponse);
            return true;
        } catch (GeneralizedException e7) {
            throw new ViewFailedException(e7);
        }
    }
}
