package org.apereo.cas.pm.web.flow;

import java.util.Map;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.pm.PasswordChangeRequest;
import org.apereo.cas.pm.web.flow.actions.VerifyPasswordResetRequestAction;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.web.flow.CasWebflowConstants;
import org.apereo.cas.web.flow.actions.ConsumerExecutionAction;
import org.apereo.cas.web.flow.actions.StaticEventExecutionAction;
import org.apereo.cas.web.flow.configurer.AbstractCasWebflowConfigurer;
import org.apereo.cas.web.support.WebUtils;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.ActionState;
import org.springframework.webflow.engine.Flow;
import org.springframework.webflow.engine.SubflowState;
import org.springframework.webflow.engine.TransitionSet;
import org.springframework.webflow.engine.TransitionableState;
import org.springframework.webflow.engine.ViewState;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-pm-webflow-6.5.4.jar:org/apereo/cas/pm/web/flow/PasswordManagementWebflowConfigurer.class */
public class PasswordManagementWebflowConfigurer extends AbstractCasWebflowConfigurer {
    public static final String FLOW_ID_PASSWORD_RESET = "pswdreset";
    public static final String FLOW_VAR_ID_PASSWORD = "password";
    public static final String DO_CHANGE_PASSWORD_PARAMETER = "doChangePassword";

    public PasswordManagementWebflowConfigurer(FlowBuilderServices flowBuilderServices, FlowDefinitionRegistry flowDefinitionRegistry, ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties) {
        super(flowBuilderServices, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties);
        setOrder(casConfigurationProperties.getAuthn().getPm().getWebflow().getOrder());
    }

    @Override // org.apereo.cas.web.flow.configurer.AbstractCasWebflowConfigurer
    protected void doInitialize() {
        Flow loginFlow = getLoginFlow();
        if (loginFlow != null) {
            createAccountStatusViewStates(loginFlow);
        }
    }

    private void createAccountStatusViewStates(Flow flow) {
        enablePasswordManagementForFlow(flow);
        createViewState(flow, CasWebflowConstants.STATE_ID_AUTHENTICATION_BLOCKED, "login-error/casAuthenticationBlockedView");
        createViewState(flow, CasWebflowConstants.STATE_ID_INVALID_WORKSTATION, "login-error/casBadWorkstationView");
        createViewState(flow, CasWebflowConstants.STATE_ID_INVALID_AUTHENTICATION_HOURS, "login-error/casBadHoursView");
        createViewState(flow, CasWebflowConstants.STATE_ID_ACCOUNT_LOCKED, "login-error/casAccountLockedView");
        createViewState(flow, CasWebflowConstants.STATE_ID_ACCOUNT_DISABLED, "login-error/casAccountDisabledView");
        createViewState(flow, CasWebflowConstants.STATE_ID_PASSWORD_UPDATE_SUCCESS, "password-reset/casPasswordUpdateSuccessView");
        if (!this.casProperties.getAuthn().getPm().getCore().isEnabled()) {
            createViewState(flow, CasWebflowConstants.STATE_ID_EXPIRED_PASSWORD, "login-error/casExpiredPassView").getEntryActionList().add(createEvaluateAction(CasWebflowConstants.ACTION_ID_INIT_PASSWORD_CHANGE));
            createViewState(flow, CasWebflowConstants.STATE_ID_MUST_CHANGE_PASSWORD, "login-error/casMustChangePassView").getEntryActionList().add(createEvaluateAction(CasWebflowConstants.ACTION_ID_INIT_PASSWORD_CHANGE));
            return;
        }
        configurePasswordResetFlow(flow, CasWebflowConstants.STATE_ID_EXPIRED_PASSWORD, "login-error/casExpiredPassView");
        configurePasswordResetFlow(flow, CasWebflowConstants.STATE_ID_MUST_CHANGE_PASSWORD, "login-error/casMustChangePassView");
        configurePasswordMustChangeForAuthnWarnings(flow);
        configurePasswordExpirationWarning(flow);
        createPasswordResetFlow();
        ActionState actionState = (ActionState) flow.getStartState();
        prependActionsToActionStateExecutionList(flow, actionState.getId(), "validatePasswordResetTokenAction");
        createTransitionForState(actionState, CasWebflowConstants.TRANSITION_ID_INVALID_PASSWORD_RESET_TOKEN, CasWebflowConstants.STATE_ID_PASSWORD_RESET_ERROR_VIEW);
        createViewState(flow, CasWebflowConstants.STATE_ID_PASSWORD_RESET_ERROR_VIEW, "password-reset/casResetPasswordErrorView");
    }

    private void configurePasswordExpirationWarning(Flow flow) {
        getTransitionableState(flow, CasWebflowConstants.STATE_ID_SHOW_AUTHN_WARNING_MSGS).getEntryActionList().add(createEvaluateAction("handlePasswordExpirationWarningMessagesAction"));
    }

    private void configurePasswordMustChangeForAuthnWarnings(Flow flow) {
        TransitionableState transitionableState = getTransitionableState(flow, CasWebflowConstants.STATE_ID_SHOW_AUTHN_WARNING_MSGS);
        transitionableState.getEntryActionList().add(createEvaluateAction("flowScope.pswdChangePostLogin=true"));
        createTransitionForState(transitionableState, "changePassword", CasWebflowConstants.STATE_ID_MUST_CHANGE_PASSWORD);
    }

    private void createPasswordResetFlow() {
        Flow loginFlow = getLoginFlow();
        if (loginFlow != null) {
            boolean isAutoLogin = this.casProperties.getAuthn().getPm().getCore().isAutoLogin();
            createTransitionForState((ViewState) getState(loginFlow, CasWebflowConstants.STATE_ID_VIEW_LOGIN_FORM, ViewState.class), CasWebflowConstants.TRANSITION_ID_RESET_PASSWORD, CasWebflowConstants.STATE_ID_SEND_RESET_PASSWORD_ACCT_INFO);
            ViewState createViewState = createViewState(loginFlow, CasWebflowConstants.STATE_ID_SEND_RESET_PASSWORD_ACCT_INFO, "password-reset/casResetPasswordSendInstructionsView");
            createTransitionForState(createViewState, "findAccount", CasWebflowConstants.STATE_ID_SEND_PASSWORD_RESET_INSTRUCTIONS);
            ActionState createActionState = createActionState(loginFlow, CasWebflowConstants.STATE_ID_SEND_PASSWORD_RESET_INSTRUCTIONS, "sendPasswordResetInstructionsAction");
            createTransitionForState(createActionState, "success", CasWebflowConstants.STATE_ID_SENT_RESET_PASSWORD_ACCT_INFO);
            createTransitionForState(createActionState, "error", createViewState.getId());
            createViewState(loginFlow, CasWebflowConstants.STATE_ID_SENT_RESET_PASSWORD_ACCT_INFO, "password-reset/casResetPasswordSentInstructionsView");
            registerPasswordResetFlowDefinition();
            ActionState actionState = (ActionState) getState(loginFlow, CasWebflowConstants.STATE_ID_INIT_LOGIN_FORM, ActionState.class);
            String targetStateId = actionState.getTransition("success").getTargetStateId();
            SubflowState createSubflowState = createSubflowState(loginFlow, CasWebflowConstants.STATE_ID_PASSWORD_RESET_SUBFLOW, FLOW_ID_PASSWORD_RESET);
            TransitionableState transitionableState = getTransitionableState(loginFlow, CasWebflowConstants.STATE_ID_CREATE_TICKET_GRANTING_TICKET);
            transitionableState.getEntryActionList().add(createEvaluateAction(String.join(DO_CHANGE_PASSWORD_PARAMETER, "flowScope.", " = requestParameters.", " != null")));
            createDecisionState(loginFlow, CasWebflowConstants.DECISION_STATE_CHECK_FOR_PASSWORD_RESET_TOKEN_ACTION, "requestParameters.pswdrst != null", CasWebflowConstants.STATE_ID_PASSWORD_RESET_SUBFLOW, targetStateId);
            createTransitionForState((TransitionableState) actionState, "success", CasWebflowConstants.DECISION_STATE_CHECK_FOR_PASSWORD_RESET_TOKEN_ACTION, true);
            createStateDefaultTransition(createActionState(loginFlow, CasWebflowConstants.STATE_ID_REDIRECT_TO_LOGIN, StaticEventExecutionAction.SUCCESS), loginFlow.getStartState().getId());
            createTransitionForState(createSubflowState, CasWebflowConstants.STATE_ID_PASSWORD_RESET_FLOW_COMPLETE, isAutoLogin ? CasWebflowConstants.STATE_ID_REAL_SUBMIT : CasWebflowConstants.STATE_ID_REDIRECT_TO_LOGIN);
            createDecisionState(loginFlow, CasWebflowConstants.STATE_ID_CHECK_DO_CHANGE_PASSWORD, "flowScope.doChangePassword == true", CasWebflowConstants.STATE_ID_MUST_CHANGE_PASSWORD, transitionableState.getTransition("success").getTargetStateId()).getEntryActionList().add(createEvaluateAction("flowScope.pswdChangePostLogin=true"));
            createTransitionForState(transitionableState, "success", CasWebflowConstants.STATE_ID_CHECK_DO_CHANGE_PASSWORD, true);
            createDecisionState(loginFlow, CasWebflowConstants.STATE_ID_POST_LOGIN_PASSWORD_CHANGE_CHECK, "flowScope.pswdChangePostLogin == true", getTransitionableState(loginFlow, CasWebflowConstants.STATE_ID_SHOW_AUTHN_WARNING_MSGS).getTransition("proceed").getTargetStateId(), isAutoLogin ? CasWebflowConstants.STATE_ID_REAL_SUBMIT : CasWebflowConstants.STATE_ID_REDIRECT_TO_LOGIN);
            createTransitionForState(getTransitionableState(loginFlow, CasWebflowConstants.STATE_ID_PASSWORD_UPDATE_SUCCESS), "proceed", CasWebflowConstants.STATE_ID_POST_LOGIN_PASSWORD_CHANGE_CHECK);
        }
    }

    private void registerPasswordResetFlowDefinition() {
        Flow buildFlow = buildFlow(FLOW_ID_PASSWORD_RESET);
        buildFlow.getStartActionList().add(createEvaluateAction(CasWebflowConstants.ACTION_ID_INITIAL_FLOW_SETUP));
        createStateDefaultTransition(createActionState(buildFlow, CasWebflowConstants.STATE_ID_INIT_PASSWORD_RESET, "initPasswordResetAction"), CasWebflowConstants.STATE_ID_MUST_CHANGE_PASSWORD);
        ActionState createActionState = createActionState(buildFlow, CasWebflowConstants.STATE_ID_VERIFY_SECURITY_QUESTIONS, "verifySecurityQuestionsAction");
        createTransitionForState(createActionState, "success", CasWebflowConstants.STATE_ID_INIT_PASSWORD_RESET);
        createTransitionForState(createActionState, "error", CasWebflowConstants.STATE_ID_PASSWORD_RESET_ERROR_VIEW);
        ActionState createActionState2 = createActionState(buildFlow, CasWebflowConstants.STATE_ID_VERIFY_PASSWORD_RESET_REQUEST, "verifyPasswordResetRequestAction");
        createTransitionForState(createActionState2, "success", CasWebflowConstants.STATE_ID_SECURITY_QUESTIONS_VIEW);
        createTransitionForState(createActionState2, "error", CasWebflowConstants.STATE_ID_PASSWORD_RESET_ERROR_VIEW);
        createTransitionForState(createActionState2, VerifyPasswordResetRequestAction.EVENT_ID_SECURITY_QUESTIONS_DISABLED, CasWebflowConstants.STATE_ID_INIT_PASSWORD_RESET);
        createTransitionForState(createViewState(buildFlow, CasWebflowConstants.STATE_ID_SECURITY_QUESTIONS_VIEW, "password-reset/casResetPasswordVerifyQuestionsView"), CasWebflowConstants.TRANSITION_ID_SUBMIT, CasWebflowConstants.STATE_ID_VERIFY_SECURITY_QUESTIONS, Map.of("bind", Boolean.FALSE, "validate", Boolean.FALSE));
        enablePasswordManagementForFlow(buildFlow);
        createViewState(buildFlow, CasWebflowConstants.STATE_ID_PASSWORD_RESET_ERROR_VIEW, "password-reset/casResetPasswordErrorView");
        createViewState(buildFlow, CasWebflowConstants.STATE_ID_PASSWORD_UPDATE_SUCCESS, "password-reset/casPasswordUpdateSuccessView");
        configurePasswordResetFlow(buildFlow, CasWebflowConstants.STATE_ID_MUST_CHANGE_PASSWORD, "login-error/casMustChangePassView");
        buildFlow.setStartState(createActionState2);
        this.mainFlowDefinitionRegistry.registerFlowDefinition(buildFlow);
        createEndState(buildFlow, CasWebflowConstants.STATE_ID_PASSWORD_RESET_FLOW_COMPLETE);
        createTransitionForState(getTransitionableState(buildFlow, CasWebflowConstants.STATE_ID_PASSWORD_UPDATE_SUCCESS), "proceed", CasWebflowConstants.STATE_ID_PASSWORD_RESET_FLOW_COMPLETE);
    }

    private void enablePasswordManagementForFlow(Flow flow) {
        flow.getStartActionList().add(new ConsumerExecutionAction(requestContext -> {
            WebUtils.putPasswordManagementEnabled(requestContext, Boolean.valueOf(this.casProperties.getAuthn().getPm().getCore().isEnabled()));
        }));
    }

    private void configurePasswordResetFlow(Flow flow, String str, String str2) {
        createFlowVariable(flow, "password", PasswordChangeRequest.class);
        ViewState createViewState = createViewState(flow, str, str2, createStateBinderConfiguration(CollectionUtils.wrapList("password", "confirmedPassword")));
        createStateModelBinding(createViewState, "password", PasswordChangeRequest.class);
        createViewState.getEntryActionList().add(createEvaluateAction(CasWebflowConstants.ACTION_ID_INIT_PASSWORD_CHANGE));
        createTransitionForState(createViewState, CasWebflowConstants.TRANSITION_ID_SUBMIT, CasWebflowConstants.STATE_ID_PASSWORD_CHANGE_ACTION, Map.of("bind", Boolean.TRUE, "validate", Boolean.TRUE));
        createStateDefaultTransition(createViewState, str);
        TransitionSet transitionSet = createActionState(flow, CasWebflowConstants.STATE_ID_PASSWORD_CHANGE_ACTION, createEvaluateAction(CasWebflowConstants.STATE_ID_PASSWORD_CHANGE_ACTION)).getTransitionSet();
        transitionSet.add(createTransition(CasWebflowConstants.TRANSITION_ID_PASSWORD_UPDATE_SUCCESS, CasWebflowConstants.STATE_ID_PASSWORD_UPDATE_SUCCESS));
        transitionSet.add(createTransition("error", str));
    }
}
