package org.broadleafcommerce.core.web.controller.account;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import org.broadleafcommerce.common.exception.ServiceException;
import org.broadleafcommerce.common.security.util.PasswordChange;
import org.broadleafcommerce.common.web.controller.BroadleafAbstractController;
import org.broadleafcommerce.core.web.controller.account.validator.ChangePasswordValidator;
import org.broadleafcommerce.profile.core.service.CustomerService;
import org.broadleafcommerce.profile.web.core.CustomerState;
import org.springframework.ui.Model;
import org.springframework.validation.BindingResult;
import org.springframework.validation.Errors;
import org.springframework.web.servlet.mvc.support.RedirectAttributes;

/* loaded from: input_file:org/broadleafcommerce/core/web/controller/account/BroadleafChangePasswordController.class */
public class BroadleafChangePasswordController extends BroadleafAbstractController {

    @Resource(name = "blCustomerService")
    protected CustomerService customerService;

    @Resource(name = "blChangePasswordValidator")
    protected ChangePasswordValidator changePasswordValidator;
    protected String passwordChangedMessage = "Password successfully changed";
    protected static String changePasswordView = "account/changePassword";
    protected static String changePasswordRedirect = "redirect:/account/password";

    public String viewChangePassword(HttpServletRequest httpServletRequest, Model model) {
        return getChangePasswordView();
    }

    public String processChangePassword(HttpServletRequest httpServletRequest, Model model, ChangePasswordForm changePasswordForm, BindingResult bindingResult, RedirectAttributes redirectAttributes) throws ServiceException {
        this.exploitProtectionService.compareToken(changePasswordForm.getCsrfToken());
        PasswordChange passwordChange = new PasswordChange(CustomerState.getCustomer().getUsername());
        passwordChange.setCurrentPassword(changePasswordForm.getCurrentPassword());
        passwordChange.setNewPassword(changePasswordForm.getNewPassword());
        passwordChange.setNewPasswordConfirm(changePasswordForm.getNewPasswordConfirm());
        this.changePasswordValidator.validate(passwordChange, (Errors) bindingResult);
        if (bindingResult.hasErrors()) {
            return getChangePasswordView();
        }
        this.customerService.changePassword(passwordChange);
        return getChangePasswordRedirect();
    }

    public String getChangePasswordView() {
        return changePasswordView;
    }

    public String getChangePasswordRedirect() {
        return changePasswordRedirect;
    }

    public String getPasswordChangedMessage() {
        return this.passwordChangedMessage;
    }
}
