package com.atlassian.confluence.user.actions;

import com.atlassian.confluence.event.Evented;
import com.atlassian.confluence.event.events.user.GroupInviteUserSignupEvent;
import com.atlassian.confluence.event.events.user.PublicUserSignupEvent;
import com.atlassian.confluence.event.events.user.UserSignupEvent;
import com.atlassian.confluence.license.exception.LicenseUserLimitExceededException;
import com.atlassian.confluence.search.lucene.extractor.SpaceDescriptionUsernameExtractor;
import com.atlassian.confluence.security.CaptchaAware;
import com.atlassian.confluence.security.ExternalUserManagementAware;
import com.atlassian.confluence.security.PermissionManager;
import com.atlassian.confluence.setup.settings.Settings;
import com.atlassian.confluence.user.SignupValidator;
import com.atlassian.confluence.user.UserForm;
import com.atlassian.confluence.user.UserFormValidator;
import com.atlassian.confluence.util.SeraphUtils;
import com.atlassian.core.exception.InfrastructureException;
import com.atlassian.core.task.MultiQueueTaskManager;
import com.atlassian.crowd.exception.InvalidCredentialException;
import com.atlassian.crowd.exception.InvalidUserException;
import com.atlassian.crowd.exception.OperationNotPermittedException;
import com.atlassian.crowd.exception.runtime.OperationFailedException;
import com.atlassian.seraph.config.SecurityConfigFactory;
import com.atlassian.user.User;
import com.atlassian.user.impl.DefaultUser;
import com.atlassian.user.search.page.Pager;
import com.opensymphony.webwork.ServletActionContext;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/confluence/user/actions/SignUpAction.class */
public class SignUpAction extends AbstractLoginSignupAction implements Evented<UserSignupEvent>, ExternalUserManagementAware, CaptchaAware {
    private static final Logger log = LoggerFactory.getLogger(SignUpAction.class);
    private String password;
    private String confirm;
    private String email;
    private String fullName;
    private UserFormValidator userFormValidator;
    private SignupValidator signupValidator;
    private PermissionManager permissionManager;
    private User previousSignUpAttempt;

    @Override // com.atlassian.confluence.validation.MessageHolderAware
    public void validate() {
        super.validate();
        checkSignupAllowed();
        if (this.messageHolder.hasErrors()) {
            return;
        }
        validateExecute();
    }

    public void checkSignupAllowed() {
        this.signupValidator.validateSignup(this.token, this.messageHolder);
    }

    private Pager<User> getUsersWithDuplicateEmails() {
        return this.userAccessor.getUsersByEmail(this.email).pager();
    }

    private void validateEmailIfNecessary() {
        if (hasValidToken() || !domainRestrictedSignupEnabled() || this.signupManager.isEmailOnRestrictedDomain(this.email)) {
            return;
        }
        addActionError("signup.domain.not.allowed", getContactAdminUrl());
    }

    private boolean domainRestrictedSignupEnabled() {
        return this.signupManager.isDomainRestrictedSignupEnabled();
    }

    private boolean isPublicSignupWithNoRestrictionsPermitted() {
        Settings globalSettings = getGlobalSettings();
        return (globalSettings.isExternalUserManagement() || globalSettings.isDenyPublicSignup() || domainRestrictedSignupEnabled()) ? false : true;
    }

    private String[] getContactAdminUrl() {
        return new String[]{getBootstrapManager().getWebAppContextPath() + "/administrators.action"};
    }

    @Override // com.atlassian.confluence.user.actions.AbstractLoginSignupAction, com.atlassian.confluence.core.ConfluenceActionSupport
    public String doDefault() throws Exception {
        checkSignupAllowed();
        return super.doDefault();
    }

    private boolean hasValidToken() {
        return !StringUtils.isBlank(this.token) && this.signupManager.canSignUpWith(this.token);
    }

    public String execute() throws Exception {
        if (hasErrors() || this.messageHolder.hasErrors()) {
            return "input";
        }
        if (this.previousSignUpAttempt != null) {
            this.permissionManager.withExemption(() -> {
                this.userAccessor.removeUser(this.previousSignUpAttempt);
            });
        }
        if (!isPublicSignupWithNoRestrictionsPermitted() && !hasValidToken()) {
            if (domainRestrictedSignupEnabled()) {
                return initiateDomainRestrictedSignup();
            }
            this.messageHolder.addActionError("public.signup.disabled", getContactAdminUrl());
            return "input";
        }
        try {
            this.userAccessor.addUser(this.username, this.password, this.email, this.fullName, new String[]{this.userAccessor.getNewUserDefaultGroupName()});
            SecurityConfigFactory.getInstance().getAuthenticator().login(ServletActionContext.getRequest(), ServletActionContext.getResponse(), this.username, this.password, true);
            return "success";
        } catch (LicenseUserLimitExceededException e) {
            addActionError("not.licensed", getContactAdminUrl());
            return "input";
        } catch (InfrastructureException e2) {
            addActionError("create.user.failed", this.username);
            log.error("Failed to create user: " + this.username, e2);
            return "error";
        }
    }

    public void validateExecute() {
        this.userFormValidator.validateNewUserBySignup(new UserForm(this.username, this.fullName, this.email, this.password, this.confirm), this.messageHolder);
        if (this.messageHolder.hasErrors()) {
            return;
        }
        validateEmailIfNecessary();
        Pager<User> usersWithDuplicateEmails = getUsersWithDuplicateEmails();
        for (User user : usersWithDuplicateEmails) {
            if (this.userAccessor.isDeactivated(user) && this.signupManager.isPendingConfirmation(user)) {
                this.previousSignUpAttempt = user;
            }
        }
        if (!usersWithDuplicateEmails.isEmpty() && this.previousSignUpAttempt == null) {
            this.messageHolder.addFieldError(SpaceDescriptionUsernameExtractor.EMAIL, "signup.email.not.unique");
        }
        if (this.previousSignUpAttempt == null || !this.previousSignUpAttempt.getName().equalsIgnoreCase(this.username)) {
            validateUserDoesNotExist();
        }
    }

    public void validateUserDoesNotExist() {
        if (getUser() != null) {
            addFieldError("username", getText("user.exists"));
        }
    }

    private String initiateDomainRestrictedSignup() throws OperationFailedException, InvalidUserException, InvalidCredentialException, OperationNotPermittedException {
        User defaultUser = new DefaultUser(this.username, this.fullName, this.email);
        this.signupManager.sendConfirmationEmail(this.signupManager.createUserPendingConfirmation(defaultUser, this.password), defaultUser);
        return "email-sent";
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.atlassian.confluence.event.Evented
    public UserSignupEvent getEventToPublish(String str) {
        if ("success".equals(str)) {
            return isPublicSignupWithNoRestrictionsPermitted() ? new PublicUserSignupEvent(this, getUser()) : new GroupInviteUserSignupEvent(this, getUser());
        }
        return null;
    }

    @Override // com.atlassian.confluence.user.actions.AbstractUsersAction, com.atlassian.confluence.core.ConfluenceActionSupport
    public boolean isPermitted() {
        return true;
    }

    public String getPassword() {
        return this.password;
    }

    public void setPassword(String str) {
        this.password = str;
    }

    public String getConfirm() {
        return this.confirm;
    }

    public void setConfirm(String str) {
        this.confirm = str;
    }

    public String getEmail() {
        return this.email;
    }

    public void setEmail(String str) {
        this.email = str;
    }

    public String getFullName() {
        return this.fullName;
    }

    public void setFullName(String str) {
        this.fullName = str;
    }

    public String getLinkLoginURL(HttpServletRequest httpServletRequest) {
        return SeraphUtils.getLinkLoginURL(httpServletRequest, this.username);
    }

    public void setUserFormValidator(UserFormValidator userFormValidator) {
        this.userFormValidator = userFormValidator;
    }

    public void setSignupValidator(SignupValidator signupValidator) {
        this.signupValidator = signupValidator;
    }

    @Override // com.atlassian.confluence.core.ConfluenceActionSupport
    public void setPermissionManager(PermissionManager permissionManager) {
        this.permissionManager = permissionManager;
    }

    @Deprecated
    public void setTaskManager(MultiQueueTaskManager multiQueueTaskManager) {
    }
}
