package org.eclipse.orion.internal.server.servlets.useradmin;

import java.io.IOException;
import java.net.URI;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Random;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.core.runtime.CoreException;
import org.eclipse.core.runtime.IStatus;
import org.eclipse.core.runtime.MultiStatus;
import org.eclipse.orion.server.core.LogHelper;
import org.eclipse.orion.server.core.OrionConfiguration;
import org.eclipse.orion.server.core.ServerStatus;
import org.eclipse.orion.server.core.UserEmailUtil;
import org.eclipse.orion.server.core.metastore.UserInfo;
import org.eclipse.orion.server.servlets.OrionServlet;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: input_file:org/eclipse/orion/internal/server/servlets/useradmin/EmailConfirmationServlet.class */
public class EmailConfirmationServlet extends OrionServlet {
    private static final long serialVersionUID = 2029138177545673411L;

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        traceRequest(httpServletRequest);
        String str = httpServletRequest.getPathInfo().split("\\/", 2)[1];
        try {
            UserInfo readUserByProperty = OrionConfiguration.getMetaStore().readUserByProperty("UserName", str, false, false);
            if (readUserByProperty == null) {
                httpServletResponse.sendError(404, "User " + str + " not found.");
            } else if (httpServletRequest.getParameter("PasswordResetId") != null) {
                resetPassword(readUserByProperty, httpServletRequest, httpServletResponse);
            } else {
                confirmEmail(readUserByProperty, httpServletRequest, httpServletResponse);
            }
        } catch (CoreException e) {
            LogHelper.log(e);
            httpServletResponse.sendError(404, "User " + str + " not found.");
        }
    }

    private void resetPassword(UserInfo userInfo, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (userInfo.getProperty("PasswordResetId") == null || "".equals(userInfo.getProperty("PasswordResetId"))) {
            httpServletResponse.sendError(400, "You have not requested to reset your password or this password reset request was already completed");
            return;
        }
        if (!userInfo.getProperty("PasswordResetId").equals(httpServletRequest.getParameter("PasswordResetId"))) {
            httpServletResponse.sendError(400, "This password reset request is out of date");
            return;
        }
        userInfo.setProperty("Password", getRandomPassword());
        userInfo.setProperty("PasswordResetId", (String) null);
        try {
            UserEmailUtil.getUtil().sendPasswordResetEmail(userInfo);
            try {
                OrionConfiguration.getMetaStore().updateUser(userInfo);
                httpServletResponse.setHeader("Cache-Control", "no-cache");
                httpServletResponse.setContentType("text/html;charset=UTF-8");
                httpServletResponse.getWriter().write("<html><body><p>Your password has been successfully reset. Your new password has been sent to the email address associated with your account.</p></body></html>");
            } catch (Exception e) {
                LogHelper.log(e);
                httpServletResponse.sendError(500, "Your password could not be changed. To reset your password contact your administrator.");
            }
        } catch (Exception e2) {
            LogHelper.log(e2);
            httpServletResponse.sendError(500, "Your password could not be changed, because confirmation email could not be sent. To reset your password contact your administrator.");
        }
    }

    private void confirmEmail(UserInfo userInfo, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (userInfo.getProperty("EmailConfirmationId") == null) {
            httpServletResponse.setHeader("Cache-Control", "no-cache");
            httpServletResponse.setContentType("text/html;charset=UTF-8");
            httpServletResponse.getWriter().write("<html><body><p>Your email address has already been confirmed. Thank you!</p></body></html>");
            return;
        }
        if (httpServletRequest.getParameter("EmailConfirmationId") == null || !httpServletRequest.getParameter("EmailConfirmationId").equals(userInfo.getProperty("EmailConfirmationId"))) {
            httpServletResponse.sendError(400, "Email could not be confirmed.");
            return;
        }
        try {
            userInfo.setProperty("EmailConfirmationId", (String) null);
            userInfo.setProperty("Blocked", (String) null);
            OrionConfiguration.getMetaStore().updateUser(userInfo);
            httpServletResponse.setHeader("Cache-Control", "no-cache");
            httpServletResponse.setContentType("text/html;charset=UTF-8");
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(httpServletRequest.getScheme());
            stringBuffer.append(":////");
            stringBuffer.append(httpServletRequest.getServerName());
            stringBuffer.append(":");
            stringBuffer.append(httpServletRequest.getServerPort());
            httpServletResponse.getWriter().write("<html><body><p>Your email address has been confirmed. Thank you! <a href=\"" + ((Object) stringBuffer) + "\">Click here</a> to continue and login to your account.</p></body></html>");
        } catch (CoreException e) {
            LogHelper.log(e);
            httpServletResponse.sendError(500, e.getMessage());
        }
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        traceRequest(httpServletRequest);
        String[] split = httpServletRequest.getPathInfo() == null ? new String[0] : httpServletRequest.getPathInfo().split("\\/", 2);
        if (split.length > 1 && split[1] != null && "cansendemails".equalsIgnoreCase(split[1])) {
            JSONObject jSONObject = new JSONObject();
            try {
                jSONObject.put("EmailConfigured", UserEmailUtil.getUtil().isEmailConfigured());
                writeJSONResponse(httpServletRequest, httpServletResponse, jSONObject);
                return;
            } catch (JSONException e) {
                httpServletResponse.sendError(500, e.getMessage());
                return;
            }
        }
        try {
            JSONObject readJSONRequest = OrionServlet.readJSONRequest(httpServletRequest);
            String string = readJSONRequest.has("Email") ? readJSONRequest.getString("Email") : null;
            String string2 = readJSONRequest.has("UserName") ? readJSONRequest.getString("UserName") : null;
            ArrayList arrayList = new ArrayList();
            if (string2 != null && string2.trim().length() > 0) {
                try {
                    UserInfo readUserByProperty = OrionConfiguration.getMetaStore().readUserByProperty("UserName", string2.trim(), false, false);
                    if (readUserByProperty == null) {
                        httpServletResponse.sendError(404, "User " + string2 + " not found.");
                        return;
                    }
                    if (string != null && string.trim().length() > 0) {
                        if (!isEmailConfirmed(readUserByProperty)) {
                            httpServletResponse.sendError(400, "User " + string2 + " email has not been yet confirmed. Please follow the instructions from the confirmation email in your inbox and then request a password reset again.");
                            return;
                        } else if (!string.equals(readUserByProperty.getProperty("Email"))) {
                            httpServletResponse.sendError(404, "User " + string2 + " with email " + string + " does not exist.");
                            return;
                        }
                    }
                    arrayList.add(readUserByProperty);
                } catch (CoreException e2) {
                    LogHelper.log(e2);
                    httpServletResponse.sendError(500, e2.getMessage());
                    return;
                }
            } else if (string != null && string.trim().length() > 0) {
                try {
                    UserInfo readUserByProperty2 = OrionConfiguration.getMetaStore().readUserByProperty("Email", string.trim().toLowerCase(), false, false);
                    if (readUserByProperty2 != null && isEmailConfirmed(readUserByProperty2)) {
                        arrayList.add(readUserByProperty2);
                    }
                    if (arrayList.size() == 0) {
                        if (readUserByProperty2 == null) {
                            httpServletResponse.sendError(404, "User with email " + string + " not found.");
                            return;
                        } else {
                            httpServletResponse.sendError(400, "Email " + string2 + " has not been yet confirmed. Please follow the instructions from the confirmation email in your inbox and then request a password reset again.");
                            return;
                        }
                    }
                } catch (CoreException e3) {
                    LogHelper.log(e3);
                    httpServletResponse.sendError(500, e3.getMessage());
                    return;
                }
            }
            MultiStatus multiStatus = new MultiStatus("org.eclipse.orion.server.core", 0, (String) null, (Throwable) null);
            httpServletRequest.getRequestURI();
            URI create = URI.create(httpServletRequest.getRequestURL().toString());
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                multiStatus.add(sendPasswordResetConfirmation((UserInfo) it.next(), create));
            }
            if (!multiStatus.isOK()) {
                for (int i = 0; i < multiStatus.getChildren().length; i++) {
                    IStatus iStatus = multiStatus.getChildren()[i];
                    if (!iStatus.isOK()) {
                        getStatusHandler().handleRequest(httpServletRequest, httpServletResponse, iStatus);
                        return;
                    }
                }
            }
            getStatusHandler().handleRequest(httpServletRequest, httpServletResponse, new ServerStatus(1, 200, "Confirmation email has been sent to " + string, (Throwable) null));
        } catch (JSONException e4) {
            getStatusHandler().handleRequest(httpServletRequest, httpServletResponse, new ServerStatus(4, 400, "Could not parse json request", e4));
        }
    }

    private IStatus sendPasswordResetConfirmation(UserInfo userInfo, URI uri) {
        if (userInfo.getProperty("Email") == null || userInfo.getProperty("Email").length() == 0) {
            return new ServerStatus(4, 400, "User " + userInfo.getUniqueId() + " doesn't have its email set. Contact administrator to reset your password.", (Throwable) null);
        }
        if (!isEmailConfirmed(userInfo)) {
            return new ServerStatus(4, 400, "Your email has not been yet confirmed. Please follow the instructions from the confirmation email in your inbox and then request a password reset again.", (Throwable) null);
        }
        try {
            userInfo.setProperty("PasswordResetId", getUniqueEmailConfirmationId());
            OrionConfiguration.getMetaStore().updateUser(userInfo);
            try {
                UserEmailUtil.getUtil().sendResetPasswordConfirmation(uri, userInfo);
                return new ServerStatus(1, 200, "Confirmation email has been sent.", (Throwable) null);
            } catch (Exception e) {
                LogHelper.log(e);
                return new ServerStatus(4, 400, "Could not send confirmation email.", (Throwable) null);
            }
        } catch (CoreException e2) {
            LogHelper.log(e2);
            return new ServerStatus(4, 500, e2.getMessage(), e2);
        }
    }

    private String getRandomPassword() {
        return getRandomString(5, 25);
    }

    private String getRandomString(int i, int i2) {
        int randomNumber = getRandomNumber(i, i2);
        byte[] bArr = new byte[randomNumber];
        for (int i3 = 0; i3 < randomNumber; i3++) {
            bArr[i3] = (byte) getRandomNumber(49, 90);
        }
        return new String(bArr);
    }

    private int getRandomNumber(int i, int i2) {
        int nextInt = new Random().nextInt((i2 - i) + 1);
        if (nextInt < 0) {
            nextInt = -nextInt;
        }
        return i + nextInt;
    }

    private boolean isEmailConfirmed(UserInfo userInfo) {
        String property = userInfo.getProperty("Email");
        return property != null && property.length() > 0 && userInfo.getProperty("EmailConfirmationId") == null;
    }

    private static String getUniqueEmailConfirmationId() {
        return String.valueOf(System.currentTimeMillis()) + "-" + Math.random();
    }
}
