package pl.ds.websight.usermanager.rest.user;

import java.io.IOException;
import javax.jcr.RepositoryException;
import org.apache.commons.lang3.StringUtils;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.models.annotations.DefaultInjectionStrategy;
import org.apache.sling.models.annotations.Model;
import pl.ds.websight.request.parameters.support.annotations.RequestParameter;
import pl.ds.websight.rest.framework.Errors;
import pl.ds.websight.rest.framework.Validatable;
import pl.ds.websight.usermanager.util.AuthorizableUtil;

@Model(adaptables = {SlingHttpServletRequest.class}, defaultInjectionStrategy = DefaultInjectionStrategy.OPTIONAL)
/* loaded from: input_file:resources/install/0/websight-release-admin-sling-1.0.4.zip:jcr_root/apps/websight/install/websight-user-manager-service-1.0.3.jar:pl/ds/websight/usermanager/rest/user/UpdateUserRestModel.class */
public class UpdateUserRestModel extends UserBaseModel implements Validatable {

    @RequestParameter
    private Boolean changePassword;

    @RequestParameter
    private String password;

    @RequestParameter
    private String confirmedPassword;

    @Override // pl.ds.websight.rest.framework.Validatable
    public Errors validate() {
        Errors createErrors = Errors.createErrors();
        try {
            Authorizable authorizable = getAuthorizable();
            if (authorizable == null) {
                createErrors.add("id", getAuthorizableId(), "User " + getAuthorizableId() + " does not exist");
            } else if (authorizable.isGroup()) {
                createErrors.add("id", getAuthorizableId(), "Cannot update group with user update");
            }
            if (isChangingStatusOfProtectedUser(authorizable)) {
                createErrors.add("enabled", isEnabled(), "Cannot update status of protected user");
            }
            validatePassword(createErrors);
            return createErrors;
        } catch (IOException | RepositoryException e) {
            throw new IllegalStateException("Error while update user model validation", e);
        }
    }

    private void validatePassword(Errors errors) throws IOException {
        if (isChangingPassword()) {
            if (StringUtils.isBlank(this.password)) {
                errors.add("password", null, "Password cannot be empty");
                return;
            }
            String passwordConstraint = getPasswordConstraint();
            if (StringUtils.isNotBlank(passwordConstraint) && !this.password.matches(passwordConstraint)) {
                errors.add("password", null, "Password must match regex " + passwordConstraint);
            }
            if (this.password.equals(this.confirmedPassword)) {
                return;
            }
            errors.add("confirmedPassword", null, "Passwords must be equal");
        }
    }

    private boolean isChangingStatusOfProtectedUser(Authorizable authorizable) throws RepositoryException {
        if (authorizable == null || authorizable.isGroup()) {
            return false;
        }
        User user = (User) authorizable;
        Boolean isEnabled = isEnabled();
        return AuthorizableUtil.isProtected(getAuthorizableId()) && isEnabled != null && user.isDisabled() == isEnabled.booleanValue();
    }

    public String getPassword() {
        return this.password;
    }

    public boolean isChangingPassword() {
        return Boolean.TRUE.equals(this.changePassword);
    }
}
