/**
   * Processing recovery
   *
   * @param recoveryDTO class that contains user and tenant Information
   * @return true if the reset request is processed successfully.
   * @throws IdentityException if fails
   */
  public NotificationDataDTO recoverWithNotification(UserRecoveryDTO recoveryDTO)
      throws IdentityException {

    String notificationAddress;
    String secretKey = null;
    String confirmationKey = null;
    NotificationSendingModule module = null;
    boolean persistData = true;
    String userId = recoveryDTO.getUserId();
    String domainName = recoveryDTO.getTenantDomain();
    int tenantId = recoveryDTO.getTenantId();
    String userStore = IdentityUtil.extractDomainFromName(userId);
    String userName = UserCoreUtil.removeDomainFromName(userId);
    TenantManager tenantManager = IdentityMgtServiceComponent.getRealmService().getTenantManager();
    try {
      Tenant tenant = tenantManager.getTenant(tenantId);
      if (tenant != null) {
        domainName = tenant.getDomain();
      }

    } catch (UserStoreException e) {
      if (log.isDebugEnabled()) {
        log.debug("No Tenant domain for tenant id " + tenantId, e);
      }
    }
    NotificationDataDTO notificationData = new NotificationDataDTO();
    String internalCode = null;

    String type = recoveryDTO.getNotificationType();
    if (type != null) {
      module = modules.get(type);
    }

    if (module == null) {
      module = defaultModule;
    }

    NotificationData emailNotificationData = new NotificationData();
    String emailTemplate = null;

    notificationAddress = Utils.getEmailAddressForUser(userId, tenantId);
    String firstName =
        Utils.getClaimFromUserStoreManager(userId, tenantId, "http://wso2.org/claims/givenname");
    emailNotificationData.setTagData(FIRST_NAME, firstName);
    emailNotificationData.setTagData(USER_STORE_DOMAIN, userStore);
    emailNotificationData.setTagData(USER_NAME, userName);
    emailNotificationData.setTagData(TENANT_DOMAIN, domainName);

    if ((notificationAddress == null) || (notificationAddress.trim().length() < 0)) {
      throw new IdentityException(
          "Notification sending failure. Notification address is not defined for user : "******"Building notification with data - First name: "
              + firstName
              + " User name: "
              + userId
              + " Send To: "
              + notificationAddress);
    }

    Config config = null;
    ConfigBuilder configBuilder = ConfigBuilder.getInstance();
    try {
      config = configBuilder.loadConfiguration(ConfigType.EMAIL, StorageType.REGISTRY, tenantId);
    } catch (Exception e1) {
      throw new IdentityException("Error while loading email templates for user : "******"Error while getting user's external code string.", e);
        }
        secretKey = UUIDGenerator.generateUUID();
        emailNotificationData.setTagData(CONFIRMATION_CODE, confirmationKey);
        emailTemplate =
            config.getProperty(IdentityMgtConstants.Notification.PASSWORD_RESET_RECOVERY);

      } else if (IdentityMgtConstants.Notification.ACCOUNT_CONFORM.equals(notification)) {
        confirmationKey = UUIDGenerator.generateUUID();
        secretKey = UUIDGenerator.generateUUID();
        emailNotificationData.setTagData(CONFIRMATION_CODE, confirmationKey);
        emailTemplate = config.getProperty(IdentityMgtConstants.Notification.ACCOUNT_CONFORM);

      } else if (IdentityMgtConstants.Notification.TEMPORARY_PASSWORD.equals(notification)) {
        String temporaryPassword = recoveryDTO.getTemporaryPassword(); // TODO
        if (temporaryPassword == null || temporaryPassword.trim().length() < 1) {
          char[] chars = IdentityMgtConfig.getInstance().getPasswordGenerator().generatePassword();
          temporaryPassword = new String(chars);
        }
        Utils.updatePassword(userId, tenantId, temporaryPassword);
        emailNotificationData.setTagData(TEMPORARY_PASSWORD, temporaryPassword);
        emailTemplate = config.getProperty(IdentityMgtConstants.Notification.TEMPORARY_PASSWORD);
        persistData = false;
      } else if (IdentityMgtConstants.Notification.ACCOUNT_UNLOCK.equals(notification)) {
        emailTemplate = config.getProperty(IdentityMgtConstants.Notification.ACCOUNT_UNLOCK);
        persistData = false;
      } else if (IdentityMgtConstants.Notification.ACCOUNT_ID_RECOVERY.equals(notification)) {
        emailTemplate = config.getProperty(IdentityMgtConstants.Notification.ACCOUNT_ID_RECOVERY);
        persistData = false;
      } else if (IdentityMgtConstants.Notification.ASK_PASSWORD.equals(notification)) {
        if (firstName == null || firstName.isEmpty()) {
          emailNotificationData.setTagData(FIRST_NAME, userId);
        }
        internalCode = generateUserCode(2, userId);
        try {
          confirmationKey = getUserExternalCodeStr(internalCode);
        } catch (Exception e) {
          throw new IdentityException("Error while with recovering with password.", e);
        }
        secretKey = UUIDGenerator.generateUUID();
        emailNotificationData.setTagData(CONFIRMATION_CODE, confirmationKey);
        emailTemplate = config.getProperty(IdentityMgtConstants.Notification.ASK_PASSWORD);
      }

      if (log.isDebugEnabled()) {
        log.debug("Notification type: " + notification);
      }
    }

    Notification emailNotification = null;
    try {
      emailNotification =
          NotificationBuilder.createNotification("EMAIL", emailTemplate, emailNotificationData);
    } catch (Exception e) {
      throw new IdentityException("Error when creating notification for user : " + userId, e);
    }

    notificationData.setNotificationAddress(notificationAddress);
    notificationData.setUserId(userId);
    notificationData.setDomainName(domainName);
    notificationData.setNotificationType(recoveryDTO.getNotificationType());

    if (persistData) {
      UserRecoveryDataDO recoveryDataDO =
          new UserRecoveryDataDO(userId, tenantId, internalCode, secretKey);
      dataStore.invalidate(userId, tenantId);
      dataStore.store(recoveryDataDO);
    }

    if (IdentityMgtConfig.getInstance().isNotificationInternallyManaged()) {
      module.setNotificationData(notificationData);
      module.setNotification(emailNotification);
      notificationSender.sendNotification(module);
      notificationData.setNotificationSent(true);
    } else {
      notificationData.setNotificationSent(false);
      notificationData.setNotificationCode(confirmationKey);
    }

    return notificationData;
  }
  /*
   * TODO - Important. Refactor this method and use recoveryWithNotification instead.
   */
  public NotificationDataDTO notifyWithEmail(UserRecoveryDTO notificationBean)
      throws IdentityException {

    String notificationAddress;

    String confirmationKey = null;
    NotificationSendingModule module = null;

    String userId = notificationBean.getUserId();
    String domainName = notificationBean.getTenantDomain();
    int tenantId = notificationBean.getTenantId();
    confirmationKey = notificationBean.getConfirmationCode();
    String userStore = IdentityUtil.extractDomainFromName(userId);
    String userName = UserCoreUtil.removeDomainFromName(userId);

    NotificationDataDTO notificationData = new NotificationDataDTO();

    String type = notificationBean.getNotificationType();
    if (type != null) {
      module = modules.get(type);
    }

    if (module == null) {
      module = defaultModule;
    }

    NotificationData emailNotificationData = new NotificationData();
    String emailTemplate = null;
    notificationAddress = module.getNotificationAddress(userId, tenantId);

    if ((notificationAddress == null) || (notificationAddress.trim().length() < 0)) {
      log.warn("Notification address is not defined for user " + userId);
    }

    String firstName =
        Utils.getClaimFromUserStoreManager(userId, tenantId, "http://wso2.org/claims/givenname");
    emailNotificationData.setTagData(FIRST_NAME, firstName);
    emailNotificationData.setTagData(USER_STORE_DOMAIN, userStore);
    emailNotificationData.setTagData(USER_NAME, userName);
    emailNotificationData.setTagData(TENANT_DOMAIN, domainName);
    emailNotificationData.setSendTo(notificationAddress);

    Config config = null;
    ConfigBuilder configBuilder = ConfigBuilder.getInstance();
    try {
      config = configBuilder.loadConfiguration(ConfigType.EMAIL, StorageType.REGISTRY, tenantId);
    } catch (Exception e1) {
      throw new IdentityException(
          "Error occurred while loading email templates for user : "******"EMAIL", emailTemplate, emailNotificationData);
    } catch (Exception e) {
      throw new IdentityException(
          "Error occurred while creating notification from email template : " + emailTemplate, e);
    }

    notificationData.setNotificationAddress(notificationAddress);
    notificationData.setUserId(userId);
    notificationData.setDomainName(domainName);
    notificationData.setNotificationType(notificationBean.getNotificationType());

    if (IdentityMgtConfig.getInstance().isNotificationInternallyManaged()) {
      module.setNotificationData(notificationData);
      module.setNotification(emailNotification);
      notificationSender.sendNotification(module);
      notificationData.setNotificationSent(true);
    } else {
      notificationData.setNotificationSent(false);
      notificationData.setNotificationCode(confirmationKey);
    }

    return notificationData;
  }
  /**
   * This method locks the accounts after a configured number of authentication failure attempts.
   * And unlocks accounts based on successful authentications.
   */
  @Override
  public boolean doPostAuthenticate(
      String userName, boolean authenticated, UserStoreManager userStoreManager)
      throws UserStoreException {

    if (log.isDebugEnabled()) {
      log.debug("Post authenticator is called in IdentityMgtEventListener");
    }

    IdentityMgtConfig config = IdentityMgtConfig.getInstance();

    if (!config.isEnableAuthPolicy()) {
      return authenticated;
    }

    UserIdentityClaimsDO userIdentityDTO = module.load(userName, userStoreManager);
    if (userIdentityDTO == null) {
      userIdentityDTO = new UserIdentityClaimsDO(userName);
    }

    boolean userOTPEnabled = userIdentityDTO.getOneTimeLogin();

    // One time password check
    if (authenticated
        && config.isAuthPolicyOneTimePasswordCheck()
        && (!userStoreManager.isReadOnly())) {

      // reset password of the user and notify user of the new password
      if (userOTPEnabled) {

        String password = UserIdentityManagementUtil.generateTemporaryPassword().toString();
        userStoreManager.updateCredentialByAdmin(userName, password);

        // Get email user claim value
        String email =
            userStoreManager.getUserClaimValue(
                userName, UserCoreConstants.ClaimTypeURIs.EMAIL_ADDRESS, null);

        if (email == null) {
          throw new UserStoreException("No user email provided for user " + userName);
        }

        List<NotificationSendingModule> notificationModules =
            config.getNotificationSendingModules();

        if (notificationModules != null) {

          NotificationDataDTO notificationData = new NotificationDataDTO();

          NotificationData emailNotificationData = new NotificationData();
          String emailTemplate = null;
          int tenantId = userStoreManager.getTenantId();
          String firstName = null;
          try {
            firstName =
                Utils.getClaimFromUserStoreManager(
                    userName, tenantId, "http://wso2.org/claims/givenname");
          } catch (IdentityException e2) {
            throw new UserStoreException("Could not load user given name");
          }
          emailNotificationData.setTagData("first-name", firstName);
          emailNotificationData.setTagData("user-name", userName);
          emailNotificationData.setTagData("otp-password", password);

          emailNotificationData.setSendTo(email);

          Config emailConfig = null;
          ConfigBuilder configBuilder = ConfigBuilder.getInstance();
          try {
            emailConfig =
                configBuilder.loadConfiguration(ConfigType.EMAIL, StorageType.REGISTRY, tenantId);
          } catch (Exception e1) {
            throw new UserStoreException("Could not load the email template configuration");
          }

          emailTemplate = emailConfig.getProperty("otp");

          Notification emailNotification = null;
          try {
            emailNotification =
                NotificationBuilder.createNotification(
                    "EMAIL", emailTemplate, emailNotificationData);
          } catch (Exception e) {
            throw new UserStoreException("Could not create the email notification");
          }
          NotificationSender sender = new NotificationSender();

          for (NotificationSendingModule notificationSendingModule : notificationModules) {

            if (IdentityMgtConfig.getInstance().isNotificationInternallyManaged()) {
              notificationSendingModule.setNotificationData(notificationData);
              notificationSendingModule.setNotification(emailNotification);
              sender.sendNotification(notificationSendingModule);
              notificationData.setNotificationSent(true);
            }
          }

        } else {
          throw new UserStoreException("No notification modules configured");
        }
      }
    }

    // Password expire check. Not for OTP enabled users.
    if (authenticated
        && config.isAuthPolicyExpirePasswordCheck()
        && !userOTPEnabled
        && (!userStoreManager.isReadOnly())) {
      // TODO - password expire impl
      // Refactor adduser and change password api to stamp the time
      // Check user's expire time in the claim
      // if expired redirect to change password
      // else pass through
      /*
      long timestamp = userIdentityDTO.getPasswordTimeStamp();
      // Only allow behavior to users with this claim. Intent bypass for admin?
      if (timestamp > 0) {
      	Calendar passwordExpireTime = Calendar.getInstance();
      	passwordExpireTime.setTimeInMillis(timestamp);

      	int expireDuration = config.getAuthPolicyPasswordExpireTime();
      	if (expireDuration > 0) {

      		passwordExpireTime.add(Calendar.DATE, expireDuration);

      		Calendar currentTime = Calendar.getInstance();

      		if (currentTime.compareTo(passwordExpireTime) > 0) {
      			// password expired
      			// set flag to redirect
      			log.error("Password is expired ...........");
      			// throw new UserStoreException("Password is expired");
      		}

      	}
      }
      */
    }

    if (!authenticated && config.isAuthPolicyAccountLockOnFailure()) {
      userIdentityDTO.setFailAttempts();
      // reading the max allowed #of failure attempts

      if (userIdentityDTO.getFailAttempts() >= config.getAuthPolicyMaxLoginAttempts()) {
        if (log.isDebugEnabled()) {
          log.debug(
              "User, "
                  + userName
                  + " has exceed the max failed login attempts. "
                  + "User account would be locked");
        }
        userIdentityDTO.setAccountLock(true);
        // lock time from the config
        int lockTime = IdentityMgtConfig.getInstance().getAuthPolicyLockingTime();
        if (lockTime != 0) {
          userIdentityDTO.setUnlockTime(System.currentTimeMillis() + (lockTime * 60 * 1000));
        }
      }

      try {
        module.store(userIdentityDTO, userStoreManager);
      } catch (IdentityException e) {
        throw new UserStoreException("Error while doPostAuthenticate", e);
      }

    } else {
      // if the account was locked due to account verification process,
      // the unlock the account and reset the number of failedAttempts
      if (userIdentityDTO.isAccountLocked() || userIdentityDTO.getFailAttempts() > 0) {
        userIdentityDTO.setAccountLock(false);
        userIdentityDTO.setFailAttempts(0);
        userIdentityDTO.setUnlockTime(0);
        try {
          module.store(userIdentityDTO, userStoreManager);
        } catch (IdentityException e) {
          throw new UserStoreException("Error while doPostAuthenticate", e);
        }
      }
    }

    return true;
  }