package com.gu.pandomainauth.action;

import com.gu.pandomainauth.PanDomain$;
import com.gu.pandomainauth.PanDomainAuthSettingsRefresher;
import com.gu.pandomainauth.model.Authenticated;
import com.gu.pandomainauth.model.AuthenticatedUser;
import com.gu.pandomainauth.model.AuthenticationStatus;
import com.gu.pandomainauth.model.Expired;
import com.gu.pandomainauth.model.GracePeriod;
import com.gu.pandomainauth.model.InvalidCookie;
import com.gu.pandomainauth.model.NotAuthenticated$;
import com.gu.pandomainauth.model.NotAuthorized;
import com.gu.pandomainauth.model.PanDomainAuthSettings;
import com.gu.pandomainauth.service.CookieUtils$;
import com.gu.pandomainauth.service.Google2FAGroupChecker;
import com.gu.pandomainauth.service.OAuth;
import com.gu.pandomainauth.service.OAuthException;
import com.gu.pandomainauth.service.OAuthException$;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import play.api.libs.ws.WSClient;
import play.api.mvc.ActionBuilder;
import play.api.mvc.AnyContent;
import play.api.mvc.BodyParser;
import play.api.mvc.ControllerComponents;
import play.api.mvc.Cookie;
import play.api.mvc.Cookie$;
import play.api.mvc.DiscardingCookie;
import play.api.mvc.DiscardingCookie$;
import play.api.mvc.Request;
import play.api.mvc.RequestHeader;
import play.api.mvc.Result;
import play.api.mvc.Results;
import play.api.mvc.Results$;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.concurrent.Future$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxesRunTime;

/* compiled from: Actions.scala */
@ScalaSignature(bytes = "\u0006\u0001\tmgaB\u001d;!\u0003\r\ta\u0011\u0005\u0006\u0015\u0002!\ta\u0013\u0005\b\u001f\u0002\u0011\r\u0011\"\u0003Q\u0011\u0015I\u0006A\"\u0001[\u0011\u00159\u0007A\"\u0001i\u0011\u0015y\u0007A\"\u0001q\u0011\u0015)\b\u0001\"\u0003w\u0011\u0019\t)\u0001\u0001C\u0005m\"9\u0011q\u0001\u0001\u0005\n\u0005%\u0001\"CA\f\u0001\t\u0007I1BA\r\u0011\u001d\t9\u0003\u0001D\u0001\u0003SAq!a\u000f\u0001\t\u0003\ti\u0004C\u0004\u0002@\u0001!\t!!\u0011\t\r\u0005%\u0003A\"\u0001w\u0011%\tY\u0005\u0001b\u0001\n\u0003\ti\u0005\u0003\u0005\u0002\\\u0001\u0011\r\u0011\"\u0001w\u0011%\ti\u0006\u0001b\u0001\n\u0003\ty\u0006C\u0005\u0002n\u0001\u0011\r\u0011\"\u0001\u0002p!I\u0011q\u0010\u0001C\u0002\u0013\u0005\u0011q\u000e\u0005\b\u0003\u0003\u0003A\u0011AAB\u0011%\t)\fAI\u0001\n\u0003\t9\fC\u0004\u0002R\u0002!\t!a5\t\u000f\u0005]\u0007\u0001\"\u0001\u0002Z\"9\u00111\u001d\u0001\u0005\u0002\u0005\u0015\bbBAv\u0001\u0011\u0005\u0011Q\u001e\u0005\b\u0003g\u0004A\u0011AA{\u0011\u001d\tI\u0010\u0001C\u0001\u0003wDqA!\u0001\u0001\t\u0003\u0011\u0019\u0001C\u0004\u0003\u0010\u0001!\tA!\u0005\t\u000f\tU\u0001\u0001\"\u0001\u0003\u0018!9!\u0011\u0005\u0001\u0005\u0002\t\r\u0002b\u0002B\u0014\u0001\u0011\u0005!\u0011F\u0004\b\u0005g\u0001\u0001\u0012\u0001B\u001b\r\u001d\u0011I\u0004\u0001E\u0001\u0005wAqA!\u0015\"\t\u0003\u0011\u0019\u0006C\u0004\u0003V\u0005\"\tEa\u0016\t\u000f\t}\u0013\u0005\"\u0015\u0002\u001a!9!\u0011M\u0011\u0005B\t\rta\u0002BA\u0001!\u0005!1\u0011\u0004\b\u0005\u000b\u0003\u0001\u0012\u0001BD\u0011\u001d\u0011\tf\nC\u0001\u000534\u0011Ba.\u0001!\u0003\r\tA!/\t\u000b)KC\u0011A&\t\u0013\t=\u0015F1A\u0005\u0002\tm\u0006\"\u0003BJS\t\u0007I\u0011\u0001B^\u0011%\u0011)*\u000bb\u0001\n\u0003\u0011Y\fC\u0005\u0003\u0018&\u0012\r\u0011\"\u0001\u0003<\u001aI!1\u0012\u0001\u0011\u0002\u0007\u0005!Q\u0012\u0005\u0006\u0015>\"\ta\u0013\u0005\b\u0005+zC\u0011\tB,\u0011\u001d\u0011yf\fC)\u00033A\u0011Ba$0\u0005\u00045\tA!%\t\u0013\tMuF1A\u0007\u0002\tE\u0005\"\u0003BK_\t\u0007i\u0011\u0001BI\u0011%\u00119j\fb\u0001\u000e\u0003\u0011\t\nC\u0004\u0003b=\"\tE!'\t\u000f\t-v\u0006\"\u0001\u0003.\nY\u0011)\u001e;i\u0003\u000e$\u0018n\u001c8t\u0015\tYD(\u0001\u0004bGRLwN\u001c\u0006\u0003{y\nQ\u0002]1oI>l\u0017-\u001b8bkRD'BA A\u0003\t9WOC\u0001B\u0003\r\u0019w.\\\u0002\u0001'\t\u0001A\t\u0005\u0002F\u00116\taIC\u0001H\u0003\u0015\u00198-\u00197b\u0013\tIeI\u0001\u0004B]f\u0014VMZ\u0001\u0007I%t\u0017\u000e\u001e\u0013\u0015\u00031\u0003\"!R'\n\u000593%\u0001B+oSR\fa\u0001\\8hO\u0016\u0014X#A)\u0011\u0005I;V\"A*\u000b\u0005Q+\u0016!B:mMRR'\"\u0001,\u0002\u0007=\u0014x-\u0003\u0002Y'\n1Aj\\4hKJ\f\u0001b^:DY&,g\u000e^\u000b\u00027B\u0011A,Z\u0007\u0002;*\u0011alX\u0001\u0003oNT!\u0001Y1\u0002\t1L'm\u001d\u0006\u0003E\u000e\f1!\u00199j\u0015\u0005!\u0017\u0001\u00029mCfL!AZ/\u0003\u0011]\u001b6\t\\5f]R\fAcY8oiJ|G\u000e\\3s\u0007>l\u0007o\u001c8f]R\u001cX#A5\u0011\u0005)lW\"A6\u000b\u00051\f\u0017aA7wG&\u0011an\u001b\u0002\u0015\u0007>tGO]8mY\u0016\u00148i\\7q_:,g\u000e^:\u0002#A\fg\u000eR8nC&t7+\u001a;uS:<7/F\u0001r!\t\u00118/D\u0001=\u0013\t!HH\u0001\u0010QC:$u.\\1j]\u0006+H\u000f[*fiRLgnZ:SK\u001a\u0014Xm\u001d5fe\u000611/_:uK6,\u0012a\u001e\t\u0003q~t!!_?\u0011\u0005i4U\"A>\u000b\u0005q\u0014\u0015A\u0002\u001fs_>$h(\u0003\u0002\u007f\r\u00061\u0001K]3eK\u001aLA!!\u0001\u0002\u0004\t11\u000b\u001e:j]\u001eT!A $\u0002\r\u0011|W.Y5o\u0003!\u0019X\r\u001e;j]\u001e\u001cXCAA\u0006!\u0011\ti!a\u0005\u000e\u0005\u0005=!bAA\ty\u0005)Qn\u001c3fY&!\u0011QCA\b\u0005U\u0001\u0016M\u001c#p[\u0006Lg.Q;uQN+G\u000f^5oON\f!!Z2\u0016\u0005\u0005m\u0001\u0003BA\u000f\u0003Gi!!a\b\u000b\u0007\u0005\u0005b)\u0001\u0006d_:\u001cWO\u001d:f]RLA!!\n\u0002 \t\u0001R\t_3dkRLwN\\\"p]R,\u0007\u0010^\u0001\rm\u0006d\u0017\u000eZ1uKV\u001bXM\u001d\u000b\u0005\u0003W\t\t\u0004E\u0002F\u0003[I1!a\fG\u0005\u001d\u0011un\u001c7fC:Dq!a\r\u000b\u0001\u0004\t)$\u0001\u0006bkRDW\rZ+tKJ\u0004B!!\u0004\u00028%!\u0011\u0011HA\b\u0005E\tU\u000f\u001e5f]RL7-\u0019;fIV\u001bXM]\u0001\u0010G\u0006\u001c\u0007.\u001a,bY&$\u0017\r^5p]V\u0011\u00111F\u0001\u000fCBLwI]1dKB+'/[8e+\t\t\u0019\u0005E\u0002F\u0003\u000bJ1!a\u0012G\u0005\u0011auN\\4\u0002\u001f\u0005,H\u000f[\"bY2\u0014\u0017mY6Ve2\fQaT!vi\",\"!a\u0014\u0011\t\u0005E\u0013qK\u0007\u0003\u0003'R1!!\u0016=\u0003\u001d\u0019XM\u001d<jG\u0016LA!!\u0017\u0002T\t)q*Q;uQ\u0006y\u0011\r\u001d9mS\u000e\fG/[8o\u001d\u0006lW-\u0001\nnk2$\u0018NZ1di>\u00148\t[3dW\u0016\u0014XCAA1!\u0015)\u00151MA4\u0013\r\t)G\u0012\u0002\u0007\u001fB$\u0018n\u001c8\u0011\t\u0005E\u0013\u0011N\u0005\u0005\u0003W\n\u0019FA\u000bH_><G.\u001a\u001aG\u0003\u001e\u0013x.\u001e9DQ\u0016\u001c7.\u001a:\u0002!1{u)\u0013(`\u001fJKu)\u0013(`\u0017\u0016KVCAA9!\u0011\t\u0019(! \u000e\u0005\u0005U$\u0002BA<\u0003s\nA\u0001\\1oO*\u0011\u00111P\u0001\u0005U\u00064\u0018-\u0003\u0003\u0002\u0002\u0005U\u0014\u0001E!O)&{fi\u0014*H\u000bJKvlS#Z\u0003-\u0019XM\u001c3G_J\fU\u000f\u001e5\u0016\t\u0005\u0015\u00151\u0015\u000b\u0007\u0003\u000f\u000b\u0019*!(\u0011\r\u0005u\u0011\u0011RAG\u0013\u0011\tY)a\b\u0003\r\u0019+H/\u001e:f!\rQ\u0017qR\u0005\u0004\u0003#['A\u0002*fgVdG\u000fC\u0004\u0002\u0016N\u0001\u001d!a&\u0002\u000fI,\u0017/^3tiB\u0019!.!'\n\u0007\u0005m5NA\u0007SKF,Xm\u001d;IK\u0006$WM\u001d\u0005\n\u0003?\u001b\u0002\u0013!a\u0002\u0003C\u000bQ!Z7bS2\u0004B!RA2o\u00129\u0011QU\nC\u0002\u0005\u001d&!A!\u0012\t\u0005%\u0016q\u0016\t\u0004\u000b\u0006-\u0016bAAW\r\n9aj\u001c;iS:<\u0007cA#\u00022&\u0019\u00111\u0017$\u0003\u0007\u0005s\u00170A\u000btK:$gi\u001c:BkRDG\u0005Z3gCVdG\u000f\n\u001a\u0016\t\u0005e\u0016qZ\u000b\u0003\u0003wSC!!)\u0002>.\u0012\u0011q\u0018\t\u0005\u0003\u0003\fY-\u0004\u0002\u0002D*!\u0011QYAd\u0003%)hn\u00195fG.,GMC\u0002\u0002J\u001a\u000b!\"\u00198o_R\fG/[8o\u0013\u0011\ti-a1\u0003#Ut7\r[3dW\u0016$g+\u0019:jC:\u001cW\rB\u0004\u0002&R\u0011\r!a*\u0002!\rDWmY6Nk2$\u0018NZ1di>\u0014H\u0003BA\u0016\u0003+Dq!a\r\u0016\u0001\u0004\t)$A\ntQ><XK\\1vi\",G-T3tg\u0006<W\r\u0006\u0003\u0002\\\u0006}G\u0003BAG\u0003;Dq!!&\u0017\u0001\b\t9\n\u0003\u0004\u0002bZ\u0001\ra^\u0001\b[\u0016\u001c8/Y4f\u0003IIgN^1mS\u0012,6/\u001a:NKN\u001c\u0018mZ3\u0015\u0007]\f9\u000fC\u0004\u0002j^\u0001\r!!\u000e\u0002\u0017\rd\u0017-[7fI\u0006+H\u000f[\u0001\u0015aJ|7-Z:t\u001f\u0006+H\u000f[\"bY2\u0014\u0017mY6\u0015\u0005\u0005=H\u0003BAD\u0003cDq!!&\u0019\u0001\b\t9*A\u0007qe>\u001cWm]:M_\u001e|W\u000f\u001e\u000b\u0005\u0003\u001b\u000b9\u0010C\u0004\u0002\u0016f\u0001\u001d!a&\u0002+I,\u0017\rZ!vi\",g\u000e^5dCR,G-V:feR!\u0011Q`A��!\u0015)\u00151MA\u001b\u0011\u001d\t)J\u0007a\u0001\u0003/\u000b!B]3bI\u000e{wn[5f)\u0011\u0011)A!\u0004\u0011\u000b\u0015\u000b\u0019Ga\u0002\u0011\u0007)\u0014I!C\u0002\u0003\f-\u0014aaQ8pW&,\u0007bBAK7\u0001\u0007\u0011qS\u0001\u000fO\u0016tWM]1uK\u000e{wn[5f)\u0011\u00119Aa\u0005\t\u000f\u0005MB\u00041\u0001\u00026\u0005)\u0012N\\2mk\u0012,7+_:uK6LenQ8pW&,G\u0003\u0002B\r\u0005?!B!!$\u0003\u001c!9!QD\u000fA\u0002\u00055\u0015A\u0002:fgVdG\u000fC\u0004\u00024u\u0001\r!!\u000e\u0002\u0017\u0019dWo\u001d5D_>\\\u0017.\u001a\u000b\u0005\u0003\u001b\u0013)\u0003C\u0004\u0003\u001ey\u0001\r!!$\u0002\u0017\u0015DHO]1di\u0006+H\u000f\u001b\u000b\u0005\u0005W\u0011\t\u0004\u0005\u0003\u0002\u000e\t5\u0012\u0002\u0002B\u0018\u0003\u001f\u0011A#Q;uQ\u0016tG/[2bi&|gn\u0015;biV\u001c\bbBAK?\u0001\u0007\u0011qS\u0001\u000b\u0003V$\b.Q2uS>t\u0007c\u0001B\u001cC5\t\u0001A\u0001\u0006BkRD\u0017i\u0019;j_:\u001cB!\t#\u0003>A9!Na\u0010\u0003D\t-\u0013b\u0001B!W\ni\u0011i\u0019;j_:\u0014U/\u001b7eKJ\u0004BA!\u0012\u0003H5\t!(C\u0002\u0003Ji\u00121\"V:feJ+\u0017/^3tiB\u0019!N!\u0014\n\u0007\t=3N\u0001\u0006B]f\u001cuN\u001c;f]R\fa\u0001P5oSRtDC\u0001B\u001b\u0003\u0019\u0001\u0018M]:feV\u0011!\u0011\f\t\u0006U\nm#1J\u0005\u0004\u0005;Z'A\u0003\"pIf\u0004\u0016M]:fe\u0006\u0001R\r_3dkRLwN\\\"p]R,\u0007\u0010^\u0001\fS:4xn[3CY>\u001c7.\u0006\u0003\u0003f\tMDCBAD\u0005O\u0012)\bC\u0004\u0002\u0016\u0016\u0002\rA!\u001b\u0011\u000b)\u0014YGa\u001c\n\u0007\t54NA\u0004SKF,Xm\u001d;\u0011\t\tE$1\u000f\u0007\u0001\t\u001d\t)+\nb\u0001\u0003OCqAa\u001e&\u0001\u0004\u0011I(A\u0003cY>\u001c7\u000eE\u0004F\u0005w\u0012y(a\"\n\u0007\tudIA\u0005Gk:\u001cG/[8ocA1!Q\tB$\u0005_\nQ\"\u0011)J\u0003V$\b.Q2uS>t\u0007c\u0001B\u001cO\ti\u0011\tU%BkRD\u0017i\u0019;j_:\u001cba\n#\u0003\n\nU\u0006c\u0001B\u001c_\t)\u0012IY:ue\u0006\u001cG/\u00119j\u0003V$\b.Q2uS>t7\u0003B\u0018E\u0005{\taC\\8u\u0003V$\b.\u001a8uS\u000e\fG/\u001a3SKN,H\u000e^\u000b\u0003\u0003\u001b\u000b1#\u001b8wC2LGmQ8pW&,'+Z:vYR\fQ\"\u001a=qSJ,GMU3tk2$\u0018a\u00058pi\u0006+H\u000f[8sSj,GMU3tk2$X\u0003\u0002BN\u0005G#b!a\"\u0003\u001e\n\u0015\u0006bBAKo\u0001\u0007!q\u0014\t\u0006U\n-$\u0011\u0015\t\u0005\u0005c\u0012\u0019\u000bB\u0004\u0002&^\u0012\r!a*\t\u000f\t]t\u00071\u0001\u0003(B9QIa\u001f\u0003*\u0006\u001d\u0005C\u0002B#\u0005\u000f\u0012\t+\u0001\rsKN\u0004xN\\:f/&$\bnU=ti\u0016l7i\\8lS\u0016$b!a\"\u00030\nM\u0006b\u0002BYq\u0001\u0007\u0011qQ\u0001\te\u0016\u001c\bo\u001c8tK\"9\u00111\u0007\u001dA\u0002\u0005U\u0002c\u0001B\u001cS\t\u0019\u0002\u000b\\1j]\u0016\u0013(o\u001c:SKN\u0004xN\\:fgN\u0011\u0011\u0006R\u000b\u0003\u0005{\u0003BAa0\u0003R:!!\u0011\u0019Bg\u001d\u0011\u0011\u0019Ma3\u000f\t\t\u0015'\u0011\u001a\b\u0004u\n\u001d\u0017\"\u00013\n\u0005\t\u001c\u0017B\u00017b\u0013\r\u0011ym[\u0001\b%\u0016\u001cX\u000f\u001c;t\u0013\u0011\u0011\u0019N!6\u0003\rM#\u0018\r^;t\u0013\r\u00119n\u001b\u0002\b%\u0016\u001cX\u000f\u001c;t)\t\u0011\u0019\t")
/* loaded from: input_file:com/gu/pandomainauth/action/AuthActions.class */
public interface AuthActions {

    /* compiled from: Actions.scala */
    /* loaded from: input_file:com/gu/pandomainauth/action/AuthActions$AbstractApiAuthAction.class */
    public interface AbstractApiAuthAction extends ActionBuilder<UserRequest, AnyContent> {
        default BodyParser<AnyContent> parser() {
            return com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().controllerComponents().parsers().default();
        }

        default ExecutionContext executionContext() {
            return com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().controllerComponents().executionContext();
        }

        /* renamed from: notAuthenticatedResult */
        Result mo4notAuthenticatedResult();

        /* renamed from: invalidCookieResult */
        Result mo3invalidCookieResult();

        /* renamed from: expiredResult */
        Result mo2expiredResult();

        /* renamed from: notAuthorizedResult */
        Result mo1notAuthorizedResult();

        default <A> Future<Result> invokeBlock(Request<A> request, Function1<UserRequest<A>, Future<Result>> function1) {
            Future<Result> responseWithSystemCookie;
            InvalidCookie extractAuth = com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().extractAuth(request);
            if (NotAuthenticated$.MODULE$.equals(extractAuth)) {
                com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().com$gu$pandomainauth$action$AuthActions$$logger().debug(new StringBuilder(36).append("user not authed against ").append(com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().com$gu$pandomainauth$action$AuthActions$$domain()).append(", return 401").toString());
                responseWithSystemCookie = Future$.MODULE$.apply(() -> {
                    return this.mo4notAuthenticatedResult();
                }, com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().com$gu$pandomainauth$action$AuthActions$$ec());
            } else if (extractAuth instanceof InvalidCookie) {
                com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().com$gu$pandomainauth$action$AuthActions$$logger().warn("error checking user's auth, clear cookie and return 401", extractAuth.exception());
                responseWithSystemCookie = Future$.MODULE$.apply(() -> {
                    return this.mo3invalidCookieResult();
                }, com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().com$gu$pandomainauth$action$AuthActions$$ec()).map(result -> {
                    return this.com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().flushCookie(result);
                }, com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().com$gu$pandomainauth$action$AuthActions$$ec());
            } else if (extractAuth instanceof Expired) {
                com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().com$gu$pandomainauth$action$AuthActions$$logger().debug(new StringBuilder(31).append("user ").append(((Expired) extractAuth).authedUser().user().email()).append(" login expired, return 419").toString());
                responseWithSystemCookie = Future$.MODULE$.apply(() -> {
                    return this.mo2expiredResult();
                }, com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().com$gu$pandomainauth$action$AuthActions$$ec());
            } else if (extractAuth instanceof GracePeriod) {
                AuthenticatedUser authedUser = ((GracePeriod) extractAuth).authedUser();
                com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().com$gu$pandomainauth$action$AuthActions$$logger().debug(new StringBuilder(43).append("user ").append(authedUser.user().email()).append(" login expired but is in grace period.").toString());
                responseWithSystemCookie = responseWithSystemCookie((Future) function1.apply(new UserRequest(authedUser.user(), request)), authedUser);
            } else if (extractAuth instanceof NotAuthorized) {
                AuthenticatedUser authedUser2 = ((NotAuthorized) extractAuth).authedUser();
                com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().com$gu$pandomainauth$action$AuthActions$$logger().debug("user not authorized, return 403");
                com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().com$gu$pandomainauth$action$AuthActions$$logger().debug(com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().invalidUserMessage(authedUser2));
                responseWithSystemCookie = Future$.MODULE$.apply(() -> {
                    return this.mo1notAuthorizedResult();
                }, com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().com$gu$pandomainauth$action$AuthActions$$ec());
            } else {
                if (!(extractAuth instanceof Authenticated)) {
                    throw new MatchError(extractAuth);
                }
                AuthenticatedUser authedUser3 = ((Authenticated) extractAuth).authedUser();
                responseWithSystemCookie = responseWithSystemCookie((Future) function1.apply(new UserRequest(authedUser3.user(), request)), authedUser3);
            }
            return responseWithSystemCookie;
        }

        default Future<Result> responseWithSystemCookie(Future<Result> future, AuthenticatedUser authenticatedUser) {
            if (authenticatedUser.authenticatedIn().apply(com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().com$gu$pandomainauth$action$AuthActions$$system())) {
                return future;
            }
            com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().com$gu$pandomainauth$action$AuthActions$$logger().debug(new StringBuilder(51).append("user ").append(authenticatedUser.user().email()).append(" from other system valid: adding validity in ").append(com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().com$gu$pandomainauth$action$AuthActions$$system()).append(".").toString());
            return future.map(result -> {
                return this.com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().includeSystemInCookie(authenticatedUser, result);
            }, com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().com$gu$pandomainauth$action$AuthActions$$ec());
        }

        /* synthetic */ AuthActions com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer();

        static void $init$(AbstractApiAuthAction abstractApiAuthAction) {
        }
    }

    /* compiled from: Actions.scala */
    /* loaded from: input_file:com/gu/pandomainauth/action/AuthActions$PlainErrorResponses.class */
    public interface PlainErrorResponses {
        void com$gu$pandomainauth$action$AuthActions$PlainErrorResponses$_setter_$notAuthenticatedResult_$eq(Results.Status status);

        void com$gu$pandomainauth$action$AuthActions$PlainErrorResponses$_setter_$invalidCookieResult_$eq(Results.Status status);

        void com$gu$pandomainauth$action$AuthActions$PlainErrorResponses$_setter_$expiredResult_$eq(Results.Status status);

        void com$gu$pandomainauth$action$AuthActions$PlainErrorResponses$_setter_$notAuthorizedResult_$eq(Results.Status status);

        Results.Status notAuthenticatedResult();

        Results.Status invalidCookieResult();

        Results.Status expiredResult();

        Results.Status notAuthorizedResult();

        /* synthetic */ AuthActions com$gu$pandomainauth$action$AuthActions$PlainErrorResponses$$$outer();

        static void $init$(PlainErrorResponses plainErrorResponses) {
            plainErrorResponses.com$gu$pandomainauth$action$AuthActions$PlainErrorResponses$_setter_$notAuthenticatedResult_$eq(Results$.MODULE$.Unauthorized());
            plainErrorResponses.com$gu$pandomainauth$action$AuthActions$PlainErrorResponses$_setter_$invalidCookieResult_$eq(Results$.MODULE$.Unauthorized());
            plainErrorResponses.com$gu$pandomainauth$action$AuthActions$PlainErrorResponses$_setter_$expiredResult_$eq(new Results.Status(Results$.MODULE$, 419));
            plainErrorResponses.com$gu$pandomainauth$action$AuthActions$PlainErrorResponses$_setter_$notAuthorizedResult_$eq(Results$.MODULE$.Forbidden());
        }
    }

    AuthActions$AuthAction$ AuthAction();

    AuthActions$APIAuthAction$ APIAuthAction();

    void com$gu$pandomainauth$action$AuthActions$_setter_$com$gu$pandomainauth$action$AuthActions$$logger_$eq(Logger logger);

    void com$gu$pandomainauth$action$AuthActions$_setter_$com$gu$pandomainauth$action$AuthActions$$ec_$eq(ExecutionContext executionContext);

    void com$gu$pandomainauth$action$AuthActions$_setter_$OAuth_$eq(OAuth oAuth);

    void com$gu$pandomainauth$action$AuthActions$_setter_$applicationName_$eq(String str);

    void com$gu$pandomainauth$action$AuthActions$_setter_$multifactorChecker_$eq(Option<Google2FAGroupChecker> option);

    void com$gu$pandomainauth$action$AuthActions$_setter_$LOGIN_ORIGIN_KEY_$eq(String str);

    void com$gu$pandomainauth$action$AuthActions$_setter_$ANTI_FORGERY_KEY_$eq(String str);

    Logger com$gu$pandomainauth$action$AuthActions$$logger();

    WSClient wsClient();

    ControllerComponents controllerComponents();

    PanDomainAuthSettingsRefresher panDomainSettings();

    default String com$gu$pandomainauth$action$AuthActions$$system() {
        return panDomainSettings().system();
    }

    default String com$gu$pandomainauth$action$AuthActions$$domain() {
        return panDomainSettings().domain();
    }

    private default PanDomainAuthSettings settings() {
        return panDomainSettings().settings();
    }

    ExecutionContext com$gu$pandomainauth$action$AuthActions$$ec();

    boolean validateUser(AuthenticatedUser authenticatedUser);

    default boolean cacheValidation() {
        return false;
    }

    default long apiGracePeriod() {
        return 0L;
    }

    String authCallbackUrl();

    OAuth OAuth();

    String applicationName();

    Option<Google2FAGroupChecker> multifactorChecker();

    String LOGIN_ORIGIN_KEY();

    String ANTI_FORGERY_KEY();

    default <A> Future<Result> sendForAuth(RequestHeader requestHeader, Option<String> option) {
        String generateAntiForgeryToken = OAuth().generateAntiForgeryToken();
        return OAuth().redirectToOAuthProvider(generateAntiForgeryToken, option, com$gu$pandomainauth$action$AuthActions$$ec(), requestHeader, wsClient()).map(result -> {
            return result.withSession(requestHeader.session().$plus(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(this.ANTI_FORGERY_KEY()), generateAntiForgeryToken)).$plus(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(this.LOGIN_ORIGIN_KEY()), requestHeader.uri())));
        }, com$gu$pandomainauth$action$AuthActions$$ec());
    }

    default <A> Option<String> sendForAuth$default$2() {
        return None$.MODULE$;
    }

    default boolean checkMultifactor(AuthenticatedUser authenticatedUser) {
        return multifactorChecker().exists(google2FAGroupChecker -> {
            return BoxesRunTime.boxToBoolean($anonfun$checkMultifactor$1(authenticatedUser, google2FAGroupChecker));
        });
    }

    default Result showUnauthedMessage(String str, RequestHeader requestHeader) {
        com$gu$pandomainauth$action$AuthActions$$logger().info(str);
        return Results$.MODULE$.Forbidden();
    }

    default String invalidUserMessage(AuthenticatedUser authenticatedUser) {
        return new StringBuilder(20).append("user ").append(authenticatedUser.user().email()).append(" not valid for ").append(com$gu$pandomainauth$action$AuthActions$$system()).toString();
    }

    default Future<Result> processOAuthCallback(RequestHeader requestHeader) {
        String str = (String) requestHeader.session().get(ANTI_FORGERY_KEY()).getOrElse(() -> {
            throw new OAuthException("missing anti forgery token", OAuthException$.MODULE$.$lessinit$greater$default$2());
        });
        String str2 = (String) requestHeader.session().get(LOGIN_ORIGIN_KEY()).getOrElse(() -> {
            throw new OAuthException("missing original url", OAuthException$.MODULE$.$lessinit$greater$default$2());
        });
        Option<Cookie> readCookie = readCookie(requestHeader);
        return OAuth().validatedUserIdentity(str, requestHeader, com$gu$pandomainauth$action$AuthActions$$ec(), wsClient()).map(authenticatedUser -> {
            AuthenticatedUser copy;
            if (readCookie instanceof Some) {
                AuthenticatedUser parseCookieData = CookieUtils$.MODULE$.parseCookieData(((Cookie) ((Some) readCookie).value()).value(), this.settings().publicKey());
                this.com$gu$pandomainauth$action$AuthActions$$logger().debug("user re-authed, merging auth data");
                copy = authenticatedUser.copy(authenticatedUser.copy$default$1(), this.com$gu$pandomainauth$action$AuthActions$$system(), parseCookieData.authenticatedIn().$plus$plus(Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new String[]{this.com$gu$pandomainauth$action$AuthActions$$system()}))), authenticatedUser.copy$default$4(), this.checkMultifactor(authenticatedUser));
            } else {
                if (!None$.MODULE$.equals(readCookie)) {
                    throw new MatchError(readCookie);
                }
                this.com$gu$pandomainauth$action$AuthActions$$logger().debug("fresh user login");
                copy = authenticatedUser.copy(authenticatedUser.copy$default$1(), authenticatedUser.copy$default$2(), authenticatedUser.copy$default$3(), authenticatedUser.copy$default$4(), this.checkMultifactor(authenticatedUser));
            }
            AuthenticatedUser authenticatedUser = copy;
            if (!this.validateUser(authenticatedUser)) {
                return this.showUnauthedMessage(this.invalidUserMessage(authenticatedUser), requestHeader);
            }
            return Results$.MODULE$.Redirect(str2, Results$.MODULE$.Redirect$default$2(), Results$.MODULE$.Redirect$default$3()).withCookies(Predef$.MODULE$.wrapRefArray(new Cookie[]{this.generateCookie(authenticatedUser)})).withSession(requestHeader.session().$minus(this.ANTI_FORGERY_KEY()).$minus(this.LOGIN_ORIGIN_KEY()));
        }, com$gu$pandomainauth$action$AuthActions$$ec());
    }

    default Result processLogout(RequestHeader requestHeader) {
        return flushCookie(showUnauthedMessage("logged out", requestHeader));
    }

    default Option<AuthenticatedUser> readAuthenticatedUser(RequestHeader requestHeader) {
        return readCookie(requestHeader).map(cookie -> {
            return CookieUtils$.MODULE$.parseCookieData(cookie.value(), this.settings().publicKey());
        });
    }

    default Option<Cookie> readCookie(RequestHeader requestHeader) {
        return requestHeader.cookies().get(settings().cookieSettings().cookieName());
    }

    default Cookie generateCookie(AuthenticatedUser authenticatedUser) {
        return new Cookie(settings().cookieSettings().cookieName(), CookieUtils$.MODULE$.generateCookieData(authenticatedUser, settings().privateKey()), Cookie$.MODULE$.apply$default$3(), Cookie$.MODULE$.apply$default$4(), new Some(com$gu$pandomainauth$action$AuthActions$$domain()), true, true, Cookie$.MODULE$.apply$default$8());
    }

    default Result includeSystemInCookie(AuthenticatedUser authenticatedUser, Result result) {
        return result.withCookies(Predef$.MODULE$.wrapRefArray(new Cookie[]{generateCookie(authenticatedUser.copy(authenticatedUser.copy$default$1(), authenticatedUser.copy$default$2(), authenticatedUser.authenticatedIn().$plus(com$gu$pandomainauth$action$AuthActions$$system()), authenticatedUser.copy$default$4(), authenticatedUser.copy$default$5()))}));
    }

    default Result flushCookie(Result result) {
        return result.discardingCookies(Predef$.MODULE$.wrapRefArray(new DiscardingCookie[]{new DiscardingCookie(settings().cookieSettings().cookieName(), DiscardingCookie$.MODULE$.apply$default$2(), new Some(com$gu$pandomainauth$action$AuthActions$$domain()), true)}));
    }

    default AuthenticationStatus extractAuth(RequestHeader requestHeader) {
        return (AuthenticationStatus) readCookie(requestHeader).map(cookie -> {
            return PanDomain$.MODULE$.authStatus(cookie.value(), this.settings().publicKey(), authenticatedUser -> {
                return BoxesRunTime.boxToBoolean(this.validateUser(authenticatedUser));
            }, this.apiGracePeriod(), this.com$gu$pandomainauth$action$AuthActions$$system(), this.cacheValidation());
        }).getOrElse(() -> {
            return NotAuthenticated$.MODULE$;
        });
    }

    static /* synthetic */ boolean $anonfun$checkMultifactor$1(AuthenticatedUser authenticatedUser, Google2FAGroupChecker google2FAGroupChecker) {
        return google2FAGroupChecker.checkMultifactor(authenticatedUser);
    }

    static void $init$(AuthActions authActions) {
        authActions.com$gu$pandomainauth$action$AuthActions$_setter_$com$gu$pandomainauth$action$AuthActions$$logger_$eq(LoggerFactory.getLogger(authActions.getClass()));
        authActions.com$gu$pandomainauth$action$AuthActions$_setter_$com$gu$pandomainauth$action$AuthActions$$ec_$eq(authActions.controllerComponents().executionContext());
        authActions.com$gu$pandomainauth$action$AuthActions$_setter_$OAuth_$eq(new OAuth(authActions.settings().oAuthSettings(), authActions.com$gu$pandomainauth$action$AuthActions$$system(), authActions.authCallbackUrl()));
        authActions.com$gu$pandomainauth$action$AuthActions$_setter_$applicationName_$eq(new StringBuilder(26).append("pan-domain-authentication-").append(authActions.com$gu$pandomainauth$action$AuthActions$$system()).toString());
        authActions.com$gu$pandomainauth$action$AuthActions$_setter_$multifactorChecker_$eq(authActions.settings().google2FAGroupSettings().map(google2FAGroupSettings -> {
            return new Google2FAGroupChecker(google2FAGroupSettings, authActions.panDomainSettings().bucketName(), authActions.panDomainSettings().s3Client(), authActions.applicationName());
        }));
        authActions.com$gu$pandomainauth$action$AuthActions$_setter_$LOGIN_ORIGIN_KEY_$eq("loginOriginUrl");
        authActions.com$gu$pandomainauth$action$AuthActions$_setter_$ANTI_FORGERY_KEY_$eq("antiForgeryToken");
    }
}
