package com.dotcms.rest.api.v1.authentication;

import com.dotcms.api.system.user.UserService;
import com.dotcms.api.system.user.UserServiceFactory;
import com.dotcms.company.CompanyAPI;
import com.dotcms.repackage.com.google.common.annotations.VisibleForTesting;
import com.dotcms.repackage.javax.ws.rs.POST;
import com.dotcms.repackage.javax.ws.rs.Path;
import com.dotcms.repackage.javax.ws.rs.Produces;
import com.dotcms.repackage.javax.ws.rs.core.Context;
import com.dotcms.repackage.javax.ws.rs.core.Response;
import com.dotcms.repackage.org.glassfish.jersey.server.JSONP;
import com.dotcms.rest.ErrorEntity;
import com.dotcms.rest.ResponseEntityView;
import com.dotcms.rest.annotation.InitRequestRequired;
import com.dotcms.rest.annotation.NoCache;
import com.dotcms.rest.exception.mapper.ExceptionMapperUtil;
import com.dotmarketing.business.APILocator;
import com.dotmarketing.portlets.cmsmaintenance.ajax.LogConsoleAjaxAction;
import com.dotmarketing.util.Config;
import com.dotmarketing.util.SecurityLogger;
import com.liferay.portal.NoSuchUserException;
import com.liferay.portal.SendPasswordException;
import com.liferay.portal.UserEmailAddressException;
import com.liferay.portal.ejb.UserLocalManager;
import com.liferay.portal.ejb.UserLocalManagerFactory;
import com.liferay.portal.language.LanguageException;
import com.liferay.portal.language.LanguageUtil;
import com.liferay.util.LocaleUtil;
import java.io.Serializable;
import java.util.Arrays;
import java.util.List;
import java.util.Locale;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@Path("/v1/forgotpassword")
/* loaded from: input_file:com/dotcms/rest/api/v1/authentication/ForgotPasswordResource.class */
public class ForgotPasswordResource implements Serializable {
    private final UserLocalManager userLocalManager;
    private final CompanyAPI companyAPI;
    private final ResponseUtil responseUtil;
    private final UserService userService;

    public ForgotPasswordResource() {
        this(UserLocalManagerFactory.getManager(), UserServiceFactory.getInstance().getUserService(), APILocator.getCompanyAPI(), ResponseUtil.INSTANCE);
    }

    @VisibleForTesting
    public ForgotPasswordResource(UserLocalManager userLocalManager, UserService userService, CompanyAPI companyAPI, ResponseUtil responseUtil) {
        this.userLocalManager = userLocalManager;
        this.userService = userService;
        this.companyAPI = companyAPI;
        this.responseUtil = responseUtil;
    }

    @Produces({LogConsoleAjaxAction.CONTENT_JSON, "application/javascript"})
    @POST
    @NoCache
    @JSONP
    @InitRequestRequired
    public final Response forgotPassword(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, ForgotPasswordForm forgotPasswordForm) {
        Response response = null;
        String str = null;
        Locale locale = LocaleUtil.getLocale(httpServletRequest);
        try {
            str = "userId".equals(this.companyAPI.getCompany(httpServletRequest).getAuthType()) ? this.userLocalManager.getUserById(forgotPasswordForm.getUserId()).getEmailAddress() : forgotPasswordForm.getUserId();
            this.userService.sendResetPassword(this.companyAPI.getCompanyId(httpServletRequest), str, locale);
            response = Response.ok(new ResponseEntityView(str)).build();
            SecurityLogger.logInfo(getClass(), "Email address " + str + " has request to reset his password from IP: " + httpServletRequest.getRemoteAddr());
        } catch (NoSuchUserException e) {
            if (Config.getBooleanProperty("DISPLAY_NOT_EXISTING_USER_AT_RECOVER_PASSWORD", false)) {
                response = this.responseUtil.getErrorResponse(httpServletRequest, Response.Status.BAD_REQUEST, locale, null, "the-email-address-you-requested-is-not-registered-in-our-database");
            } else {
                SecurityLogger.logInfo(getClass(), "User does NOT exist in the Database, returning OK message for security reasons");
                try {
                    response = Response.status(Response.Status.UNAUTHORIZED).entity(new ResponseEntityView((List<ErrorEntity>) Arrays.asList(new ErrorEntity("a-new-password-has-been-sent-to-x", LanguageUtil.format(locale, "a-new-password-has-been-sent-to-x", (Object) str, false))))).build();
                } catch (LanguageException e2) {
                }
            }
        } catch (SendPasswordException e3) {
            response = this.responseUtil.getErrorResponse(httpServletRequest, Response.Status.BAD_REQUEST, locale, null, "a-new-password-can-only-be-sent-to-an-external-email-address");
        } catch (UserEmailAddressException e4) {
            response = this.responseUtil.getErrorResponse(httpServletRequest, Response.Status.BAD_REQUEST, locale, null, "please-enter-a-valid-email-address");
        } catch (Exception e5) {
            response = ExceptionMapperUtil.createResponse(e5, Response.Status.INTERNAL_SERVER_ERROR);
        }
        return response;
    }
}
