package com.dotmarketing.cms.forgotpassword.action;

import com.dotcms.enterprise.PasswordFactoryProxy;
import com.dotcms.repackage.org.apache.struts.action.ActionErrors;
import com.dotcms.repackage.org.apache.struts.action.ActionForm;
import com.dotcms.repackage.org.apache.struts.action.ActionForward;
import com.dotcms.repackage.org.apache.struts.action.ActionMapping;
import com.dotcms.repackage.org.apache.struts.action.ActionMessage;
import com.dotcms.repackage.org.apache.struts.action.ActionMessages;
import com.dotcms.repackage.org.apache.struts.actions.DispatchAction;
import com.dotcms.util.SecurityUtils;
import com.dotmarketing.beans.Host;
import com.dotmarketing.business.APILocator;
import com.dotmarketing.business.NoSuchUserException;
import com.dotmarketing.business.web.HostWebAPI;
import com.dotmarketing.business.web.WebAPILocator;
import com.dotmarketing.cms.factories.PublicCompanyFactory;
import com.dotmarketing.cms.factories.PublicEncryptionFactory;
import com.dotmarketing.cms.forgotpassword.struts.ForgotPasswordForm;
import com.dotmarketing.cms.login.factories.LoginFactory;
import com.dotmarketing.cms.myaccount.action.AccountActivationAction;
import com.dotmarketing.exception.DotDataException;
import com.dotmarketing.exception.DotSecurityException;
import com.dotmarketing.factories.EmailFactory;
import com.dotmarketing.util.Config;
import com.dotmarketing.util.Logger;
import com.dotmarketing.util.UtilMethods;
import com.dotmarketing.util.Validator;
import com.liferay.portal.PortalException;
import com.liferay.portal.SystemException;
import com.liferay.portal.model.Company;
import com.liferay.portal.model.Portlet;
import com.liferay.portal.model.User;
import com.liferay.util.StringPool;
import java.util.Date;
import java.util.HashMap;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/dotmarketing/cms/forgotpassword/action/ForgotPasswordAction.class */
public class ForgotPasswordAction extends DispatchAction {
    private HostWebAPI hostWebAPI = WebAPILocator.getHostWebAPI();

    public ActionForward unspecified(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        ActionForward findForward = actionMapping.findForward("forgotPasswordPage");
        ForgotPasswordForm forgotPasswordForm = (ForgotPasswordForm) actionForm;
        if (UtilMethods.isSet(forgotPasswordForm.getAccKey()) && Config.getBooleanProperty("USE_RESET_PASSWORD_EMAIL")) {
            httpServletRequest.setAttribute("email", forgotPasswordForm.getEmail());
            findForward = actionMapping.findForward("resetPasswordPage");
        }
        if (Config.getBooleanProperty("USE_CHALLENGE_QUESTION")) {
            findForward = new ActionForward(SecurityUtils.stripReferer(httpServletRequest, actionMapping.findForward("challengeQuestionPage").getPath() + "?emailAddress=" + forgotPasswordForm.getEmail()));
        }
        return findForward;
    }

    public ActionForward forgotPassword(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        ActionForward findForward = actionMapping.findForward("forgotPasswordPage");
        ForgotPasswordForm forgotPasswordForm = (ForgotPasswordForm) actionForm;
        httpServletRequest.setAttribute("email", forgotPasswordForm.getEmail());
        String str = null;
        if (httpServletRequest.getAttribute("referrer") != null && !httpServletRequest.getAttribute("referrer").toString().equalsIgnoreCase(StringPool.BLANK)) {
            str = (String) httpServletRequest.getAttribute("referrer");
        } else if (httpServletRequest.getParameter("referrer") != null && !httpServletRequest.getParameter("referrer").toString().equalsIgnoreCase(StringPool.BLANK)) {
            str = SecurityUtils.stripReferer(httpServletRequest, httpServletRequest.getParameter("referrer"));
        }
        try {
            if (!APILocator.getUserAPI().userExistsWithEmail(forgotPasswordForm.getEmail())) {
                ActionErrors actionErrors = new ActionErrors();
                actionErrors.add("com.dotcms.repackage.org.apache.struts.action.ERROR", new ActionMessage("error.user.email.doesnt.exists"));
                saveErrors(httpServletRequest, actionErrors);
                return findForward;
            }
            User loadByUserByEmail = APILocator.getUserAPI().loadByUserByEmail(forgotPasswordForm.getEmail(), APILocator.getUserAPI().getSystemUser(), false);
            if (loadByUserByEmail.isNew()) {
                ActionErrors actionErrors2 = new ActionErrors();
                actionErrors2.add("com.dotcms.repackage.org.apache.struts.action.ERROR", new ActionMessage("error.user.email.doesnt.exists"));
                saveMessages(httpServletRequest.getSession(), actionErrors2);
                if (!UtilMethods.isSet(str)) {
                    return findForward;
                }
                ActionForward actionForward = new ActionForward(SecurityUtils.stripReferer(httpServletRequest, str));
                actionForward.setRedirect(true);
                return actionForward;
            }
            if (!loadByUserByEmail.isActive()) {
                ActionErrors actionErrors3 = new ActionErrors();
                actionErrors3.add("com.dotcms.repackage.org.apache.struts.action.ERROR", new ActionMessage("error.user.is.not.active"));
                saveErrors(httpServletRequest, actionErrors3);
                return actionMapping.findForward("resendActivationPage");
            }
            if (Config.getBooleanProperty("USE_CHALLENGE_QUESTION")) {
                httpServletRequest.setAttribute("email", forgotPasswordForm.getEmail());
                forgotPasswordForm.setAccKey(PublicEncryptionFactory.encryptString(loadByUserByEmail.getUserId()));
                return actionMapping.findForward("challengeQuestionPage");
            }
            if (Config.getBooleanProperty("USE_RESET_PASSWORD_EMAIL")) {
                httpServletRequest.setAttribute("email", forgotPasswordForm.getEmail());
                return sendResetPassword(actionMapping, actionForm, httpServletRequest, httpServletResponse);
            }
            String randomPassword = PublicEncryptionFactory.getRandomPassword();
            loadByUserByEmail.setPassword(PasswordFactoryProxy.generateHash(randomPassword));
            APILocator.getUserAPI().save(loadByUserByEmail, APILocator.getUserAPI().getSystemUser(), false);
            Host currentHost = this.hostWebAPI.getCurrentHost(httpServletRequest);
            Company defaultCompany = PublicCompanyFactory.getDefaultCompany();
            HashMap hashMap = new HashMap();
            hashMap.put("subject", "Your " + currentHost.getHostname() + " Password");
            hashMap.put("password", randomPassword);
            hashMap.put("emailTemplate", Config.getStringProperty("FORGOT_PASSWORD_EMAIL_TEMPLATE"));
            hashMap.put("to", loadByUserByEmail.getEmailAddress());
            hashMap.put("from", defaultCompany.getEmailAddress());
            EmailFactory.sendParameterizedEmail(hashMap, null, currentHost, loadByUserByEmail);
            ActionMessages actionMessages = new ActionMessages();
            actionMessages.add("com.dotcms.repackage.org.apache.struts.action.ACTION_MESSAGE", new ActionMessage("message.forgot.password.email.sent"));
            httpServletRequest.setAttribute("com.dotcms.repackage.org.apache.struts.action.ACTION_MESSAGE", actionMessages);
            ActionForward findForward2 = actionMapping.findForward("passwordChangeConfirmationPage");
            if (UtilMethods.isSet(str)) {
                findForward2 = new ActionForward(SecurityUtils.stripReferer(httpServletRequest, str));
                findForward2.setRedirect(true);
            }
            return findForward2;
        } catch (NoSuchUserException e) {
            ActionErrors actionErrors4 = new ActionErrors();
            actionErrors4.add("com.dotcms.repackage.org.apache.struts.action.ERROR", new ActionMessage("error.user.email.doesnt.exists"));
            saveErrors(httpServletRequest, actionErrors4);
            return findForward;
        } catch (DotDataException e2) {
            ActionErrors actionErrors5 = new ActionErrors();
            actionErrors5.add("com.dotcms.repackage.org.apache.struts.action.ERROR", new ActionMessage("error.user.email.doesnt.exists"));
            saveErrors(httpServletRequest, actionErrors5);
            return findForward;
        }
    }

    public ActionForward verifyChallengeQuestion(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        ForgotPasswordForm forgotPasswordForm = (ForgotPasswordForm) actionForm;
        String accKey = forgotPasswordForm.getAccKey();
        String str = accKey;
        try {
            str = PublicEncryptionFactory.decryptString(accKey);
        } catch (Exception e) {
        }
        String str2 = null;
        if (httpServletRequest.getAttribute("referrer") != null && !httpServletRequest.getAttribute("referrer").toString().equalsIgnoreCase(StringPool.BLANK)) {
            str2 = (String) httpServletRequest.getAttribute("referrer");
        } else if (httpServletRequest.getParameter("referrer") != null && !httpServletRequest.getParameter("referrer").toString().equalsIgnoreCase(StringPool.BLANK)) {
            str2 = SecurityUtils.stripReferer(httpServletRequest, httpServletRequest.getParameter("referrer"));
        }
        try {
            User loadByUserByEmail = APILocator.getUserAPI().loadByUserByEmail(str, APILocator.getUserAPI().getSystemUser(), false);
            Company defaultCompany = PublicCompanyFactory.getDefaultCompany();
            httpServletRequest.setAttribute("email", loadByUserByEmail.getEmailAddress());
            String parameter = UtilMethods.isSet(httpServletRequest.getParameter("email")) ? httpServletRequest.getParameter("email") : loadByUserByEmail.getEmailAddress();
            if (!APILocator.getUserProxyAPI().getUserProxy(loadByUserByEmail, APILocator.getUserAPI().getSystemUser(), false).getChallengeQuestionAnswer().equalsIgnoreCase(httpServletRequest.getParameter("challengeQuestionAnswer"))) {
                ActionMessages actionMessages = new ActionMessages();
                actionMessages.add("com.dotcms.repackage.org.apache.struts.action.ERROR", new ActionMessage("message.challenge_question.answer_failure"));
                httpServletRequest.setAttribute("com.dotcms.repackage.org.apache.struts.action.ERROR", actionMessages);
                forgotPasswordForm.setAccKey(PublicEncryptionFactory.encryptString(loadByUserByEmail.getUserId()));
                forgotPasswordForm.setEmail(loadByUserByEmail.getEmailAddress());
                return actionMapping.findForward("challengeQuestionPage");
            }
            String randomPassword = PublicEncryptionFactory.getRandomPassword();
            loadByUserByEmail.setPassword(PasswordFactoryProxy.generateHash(randomPassword));
            APILocator.getUserAPI().save(loadByUserByEmail, APILocator.getUserAPI().getSystemUser(), false);
            Host currentHost = this.hostWebAPI.getCurrentHost(httpServletRequest);
            try {
                HashMap hashMap = new HashMap();
                hashMap.put("subject", "Your " + currentHost.getHostname() + " Password");
                hashMap.put("password", randomPassword);
                hashMap.put("emailTemplate", Config.getStringProperty("CHALLENGE_QUESTION_EMAIL_TEMPLATE"));
                hashMap.put("to", parameter);
                hashMap.put("from", defaultCompany.getEmailAddress());
                EmailFactory.sendParameterizedEmail(hashMap, null, currentHost, loadByUserByEmail);
                ActionMessages actionMessages2 = new ActionMessages();
                actionMessages2.add("com.dotcms.repackage.org.apache.struts.action.ACTION_MESSAGE", new ActionMessage("message.challenge_question.answer_successful", parameter));
                saveMessages(httpServletRequest.getSession(), actionMessages2);
                return UtilMethods.isSet(str2) ? new ActionForward(SecurityUtils.stripReferer(httpServletRequest, str2 + StringPool.QUESTION + httpServletRequest.getQueryString())) : actionMapping.findForward("passwordChangeConfirmationPage");
            } catch (Exception e2) {
                ActionMessages actionMessages3 = new ActionMessages();
                actionMessages3.add("com.dotcms.repackage.org.apache.struts.action.ERROR", new ActionMessage("error.send_email"));
                httpServletRequest.setAttribute("com.dotcms.repackage.org.apache.struts.action.ERROR", actionMessages3);
                return actionMapping.findForward("challengeQuestionPage");
            }
        } catch (Exception e3) {
            Logger.debug(this, "Failed - Redirecting to: loginPage");
            ActionErrors actionErrors = new ActionErrors();
            actionErrors.add("com.dotcms.repackage.org.apache.struts.action.ERROR", new ActionMessage("error.send_email"));
            httpServletRequest.setAttribute("com.dotcms.repackage.org.apache.struts.action.ERROR", actionErrors);
            return actionMapping.findForward("loginPage");
        }
    }

    public ActionForward sendResetPassword(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        String parameter = httpServletRequest.getParameter("email") == null ? (String) httpServletRequest.getAttribute("email") : httpServletRequest.getParameter("email");
        ActionMessages actionMessages = new ActionMessages();
        User loadByUserByEmail = APILocator.getUserAPI().loadByUserByEmail(parameter, APILocator.getUserAPI().getSystemUser(), false);
        if (loadByUserByEmail.isNew()) {
            actionMessages.add("com.dotcms.repackage.org.apache.struts.action.GLOBAL_MESSAGE", new ActionMessage("errors.user.not.exist"));
            saveMessages(httpServletRequest, actionMessages);
            return actionMapping.findForward("loginAction");
        }
        sendResetPasswordEmail(loadByUserByEmail, httpServletRequest);
        actionMessages.add("com.dotcms.repackage.org.apache.struts.action.GLOBAL_MESSAGE", new ActionMessage("send.reset.password.email.confirmation"));
        saveMessages(httpServletRequest.getSession(), actionMessages);
        return actionMapping.findForward("emailSentConfirmationPage");
    }

    private void sendResetPasswordEmail(User user, HttpServletRequest httpServletRequest) throws PortalException, SystemException, DotDataException, DotSecurityException {
        Host currentHost = this.hostWebAPI.getCurrentHost(httpServletRequest);
        Company defaultCompany = PublicCompanyFactory.getDefaultCompany();
        String str = user.getUserId() + "##" + UtilMethods.dateToJDBC(UtilMethods.addDays(new Date(), 7));
        Logger.debug(ForgotPasswordAction.class, "linkparam=" + str);
        String encryptString = PublicEncryptionFactory.encryptString(str);
        Logger.debug(ForgotPasswordAction.class, "linkparamEncrypted=" + encryptString);
        HashMap hashMap = new HashMap();
        hashMap.put("subject", currentHost.getHostname() + " Reset Password Link");
        hashMap.put("linkurl", UtilMethods.encodeURL(encryptString));
        hashMap.put("emailTemplate", Config.getStringProperty("RESET_PASSWORD_LINK_EMAIL_TEMPLATE"));
        hashMap.put("to", user.getEmailAddress());
        hashMap.put("from", defaultCompany.getEmailAddress());
        hashMap.put(Portlet.PREFERENCES_SHARING_TYPE_COMPANY, defaultCompany.getName());
        try {
            EmailFactory.sendParameterizedEmail(hashMap, null, currentHost, user);
        } catch (Exception e) {
            Logger.error(ForgotPasswordAction.class, "Error sending Reset Password Email");
        }
    }

    public ActionForward resetPassword(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        ForgotPasswordForm forgotPasswordForm = (ForgotPasswordForm) actionForm;
        String accKey = forgotPasswordForm.getAccKey();
        Logger.debug(AccountActivationAction.class, "acckeyCrypted=" + accKey);
        String decryptString = PublicEncryptionFactory.decryptString(accKey);
        Logger.debug(AccountActivationAction.class, "acckey=" + decryptString);
        StringTokenizer stringTokenizer = new StringTokenizer(decryptString, "##");
        String nextToken = stringTokenizer.nextToken();
        Date jdbcToDate = UtilMethods.jdbcToDate(stringTokenizer.nextToken());
        User loadUserById = APILocator.getUserAPI().loadUserById(nextToken, APILocator.getUserAPI().getSystemUser(), false);
        ActionMessages actionMessages = new ActionMessages();
        if (loadUserById.isNew()) {
            actionMessages.add("com.dotcms.repackage.org.apache.struts.action.GLOBAL_MESSAGE", new ActionMessage("errors.user.not.exist"));
            saveMessages(httpServletRequest, actionMessages);
            return actionMapping.findForward("loginPage");
        }
        if (!jdbcToDate.after(new Date())) {
            return sendResetPassword(actionMapping, actionForm, httpServletRequest, httpServletResponse);
        }
        if (!Validator.validate(httpServletRequest, actionForm, actionMapping)) {
            return actionMapping.findForward("resetPasswordPage");
        }
        loadUserById.setPassword(PasswordFactoryProxy.generateHash(forgotPasswordForm.getNewPassword()));
        APILocator.getUserAPI().save(loadUserById, APILocator.getUserAPI().getSystemUser(), false);
        if (PublicCompanyFactory.getDefaultCompany().getAuthType().equals(Company.AUTH_TYPE_EA)) {
            LoginFactory.doLogin(loadUserById.getEmailAddress(), forgotPasswordForm.getNewPassword(), false, httpServletRequest, httpServletResponse);
        } else {
            LoginFactory.doLogin(loadUserById.getUserId(), forgotPasswordForm.getNewPassword(), false, httpServletRequest, httpServletResponse);
        }
        actionMessages.add("com.dotcms.repackage.org.apache.struts.action.GLOBAL_MESSAGE", new ActionMessage("message.forgot.password.password.updated"));
        saveMessages(httpServletRequest, actionMessages);
        return actionMapping.findForward("passwordChangeConfirmationPage");
    }
}
