package com.atlassian.jira.web.action.user;

import com.atlassian.crowd.exception.runtime.CommunicationException;
import com.atlassian.crowd.exception.runtime.OperationFailedException;
import com.atlassian.jira.bc.security.login.LoginReason;
import com.atlassian.jira.bc.security.login.LoginService;
import com.atlassian.jira.permission.management.beans.ProjectPermissionOperationResultBean;
import com.atlassian.jira.plugin.user.PasswordPolicyManager;
import com.atlassian.jira.plugin.user.WebErrorMessage;
import com.atlassian.jira.security.request.RequestMethod;
import com.atlassian.jira.security.request.SupportedMethods;
import com.atlassian.jira.security.xsrf.RequiresXsrfCheck;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.util.UserManager;
import com.atlassian.jira.user.util.UserUtil;
import com.atlassian.jira.util.dbc.Assertions;
import com.atlassian.jira.web.action.JiraWebActionSupport;
import com.atlassian.jira.web.action.admin.user.PasswordChangeService;
import com.opensymphony.util.TextUtils;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:com/atlassian/jira/web/action/user/ChangePassword.class */
public class ChangePassword extends JiraWebActionSupport {
    private String current;
    private String password;
    private String confirm;
    private String username;
    private final UserUtil userUtil;
    private final UserManager userManager;
    private final PasswordPolicyManager passwordPolicyManager;
    private final List<WebErrorMessage> passwordErrors = new ArrayList();
    private final LoginService loginService;
    private final PasswordChangeService passwordChangeService;

    /* renamed from: com.atlassian.jira.web.action.user.ChangePassword$1, reason: invalid class name */
    /* loaded from: input_file:com/atlassian/jira/web/action/user/ChangePassword$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$atlassian$jira$bc$security$login$LoginReason = new int[LoginReason.values().length];

        static {
            try {
                $SwitchMap$com$atlassian$jira$bc$security$login$LoginReason[LoginReason.OK.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$atlassian$jira$bc$security$login$LoginReason[LoginReason.AUTHENTICATION_DENIED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$atlassian$jira$bc$security$login$LoginReason[LoginReason.AUTHORISATION_FAILED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$atlassian$jira$bc$security$login$LoginReason[LoginReason.AUTHENTICATED_FAILED.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    public ChangePassword(UserUtil userUtil, UserManager userManager, PasswordPolicyManager passwordPolicyManager, LoginService loginService, PasswordChangeService passwordChangeService) {
        this.userUtil = userUtil;
        this.userManager = userManager;
        this.passwordPolicyManager = passwordPolicyManager;
        this.loginService = loginService;
        this.passwordChangeService = passwordChangeService;
    }

    @SupportedMethods({RequestMethod.GET})
    public String doDefault() throws Exception {
        ApplicationUser loggedInUser = getLoggedInUser();
        if (loggedInUser == null || !loggedInUser.getUsername().equals(this.username)) {
            return "error";
        }
        if (this.userManager.userCanUpdateOwnDetails(loggedInUser)) {
            return super.doDefault();
        }
        addErrorMessage(getText("editprofile.not.allowed"));
        return "error";
    }

    protected void doValidation() {
        ApplicationUser applicationUser = (ApplicationUser) Assertions.notNull("user", getLoggedInUser());
        if (applicationUser == null) {
            addErrorMessage(getText("changepassword.could.not.find.user"));
            return;
        }
        if (!this.userManager.userCanUpdateOwnDetails(applicationUser)) {
            addErrorMessage(getText("editprofile.not.allowed"));
            return;
        }
        try {
            switch (AnonymousClass1.$SwitchMap$com$atlassian$jira$bc$security$login$LoginReason[this.loginService.authenticate(applicationUser, this.current).getReason().ordinal()]) {
                case 2:
                    addErrorMessage(getText("changepassword.elevated.authorisation.required"));
                    break;
                case 3:
                    addErrorMessage(getText("changepassword.could.not.find.user"));
                    break;
                case 4:
                    addError("current", getText("changepassword.current.password.incorrect"));
                    break;
            }
        } catch (CommunicationException e) {
            this.log.debug("Error communicating with remote user directory.", e);
            addErrorMessage(getText("login.error.communication"));
        } catch (OperationFailedException e2) {
            this.log.debug("Internal error occurred while authorising current user in the user directory.", e2);
            addError("current", getText("login.error.misc"));
        } catch (Exception e3) {
            this.log.debug("Exception occurred while trying to authorise current user.", e3);
            addErrorMessage(getText("changepassword.could.not.find.user"));
        }
        if (!TextUtils.stringSet(this.password)) {
            addError("password", getText("changepassword.new.password.required"));
            return;
        }
        if (!this.password.equals(this.confirm)) {
            addError("confirm", getText("changepassword.new.password.confirmation.does.not.match"));
            return;
        }
        Collection<WebErrorMessage> checkPolicy = this.passwordPolicyManager.checkPolicy(applicationUser, this.current, this.password);
        if (checkPolicy.isEmpty()) {
            return;
        }
        addError("password", getText("changepassword.new.password.rejected"));
        Iterator<WebErrorMessage> it = checkPolicy.iterator();
        while (it.hasNext()) {
            this.passwordErrors.add(it.next());
        }
    }

    @SupportedMethods({RequestMethod.POST})
    @RequiresXsrfCheck
    protected String doExecute() throws Exception {
        ApplicationUser loggedInUser = getLoggedInUser();
        if (loggedInUser == null || !loggedInUser.getName().equals(this.username)) {
            return "error";
        }
        this.passwordChangeService.setPassword(this, loggedInUser, this.password);
        return invalidInput() ? "error" : returnComplete();
    }

    public boolean canUpdateUserPassword() {
        return this.userManager.canUpdateUserPassword(getLoggedInUser());
    }

    @SupportedMethods({RequestMethod.GET})
    public String doSuccess() {
        return ProjectPermissionOperationResultBean.SUCCESS_TYPE;
    }

    public void setCurrent(String str) {
        this.current = str;
    }

    public void setPassword(String str) {
        this.password = str;
    }

    public List<WebErrorMessage> getPasswordErrors() {
        return this.passwordErrors;
    }

    public void setConfirm(String str) {
        this.confirm = str;
    }

    public String getUsername() {
        return this.username;
    }

    public void setUsername(String str) {
        this.username = str;
    }

    public boolean getElevatedSecurityCheckRequired() {
        return this.loginService.getLoginInfo(this.username).isElevatedSecurityCheckRequired();
    }
}
