package org.apache.isis.extensions.secman.model.dom.user;

import java.util.Objects;
import java.util.Optional;
import javax.enterprise.inject.Model;
import javax.inject.Inject;
import org.apache.isis.applib.annotation.Action;
import org.apache.isis.applib.annotation.ParameterLayout;
import org.apache.isis.applib.value.Password;
import org.apache.isis.core.commons.internal.exceptions._Exceptions;
import org.apache.isis.extensions.secman.api.encryption.PasswordEncryptionService;
import org.apache.isis.extensions.secman.api.user.ApplicationUser;
import org.apache.isis.extensions.secman.api.user.ApplicationUserRepository;

@Action(domainEvent = ApplicationUser.UpdatePasswordDomainEvent.class, associateWith = "hasPassword", associateWithSequence = "10")
/* loaded from: input_file:org/apache/isis/extensions/secman/model/dom/user/ApplicationUser_updatePassword.class */
public class ApplicationUser_updatePassword {

    @Inject
    private ApplicationUserRepository<? extends ApplicationUser> applicationUserRepository;

    @Inject
    private Optional<PasswordEncryptionService> passwordEncryptionService;
    private final ApplicationUser holder;

    @Model
    public ApplicationUser act(@ParameterLayout(named = "Existing password") Password password, @ParameterLayout(named = "New password") Password password2, @ParameterLayout(named = "Re-enter password") Password password3) {
        this.applicationUserRepository.updatePassword(this.holder, password2.getPassword());
        return this.holder;
    }

    @Model
    public boolean hideAct() {
        return !this.applicationUserRepository.isPasswordFeatureEnabled(this.holder);
    }

    @Model
    public String disableAct() {
        if (!this.holder.isForSelfOrRunAsAdministrator()) {
            return "Can only update password for your own user account.";
        }
        if (this.holder.isHasPassword()) {
            return null;
        }
        return "Password must be reset by administrator.";
    }

    @Model
    public String validateAct(Password password, Password password2, Password password3) {
        if (!this.applicationUserRepository.isPasswordFeatureEnabled(this.holder)) {
            return "Password feature is not available for this User";
        }
        PasswordEncryptionService orElseThrow = this.passwordEncryptionService.orElseThrow(_Exceptions::unexpectedCodeReach);
        String encryptedPassword = this.holder.getEncryptedPassword();
        if (this.holder.getEncryptedPassword() != null && !orElseThrow.matches(password.getPassword(), encryptedPassword)) {
            return "Existing password is incorrect";
        }
        if (Objects.equals(password2, password3)) {
            return null;
        }
        return "Passwords do not match";
    }

    public ApplicationUser_updatePassword(ApplicationUser applicationUser) {
        this.holder = applicationUser;
    }
}
