package com.mware.web.auth.usernamepassword.routes;

import com.google.common.collect.ImmutableSet;
import com.google.inject.Inject;
import com.mware.core.exception.BcAccessDeniedException;
import com.mware.core.model.role.AuthorizationRepository;
import com.mware.core.model.user.UserNameAuthorizationContext;
import com.mware.core.model.user.UserPropertyPrivilegeRepository;
import com.mware.core.model.user.UserRepository;
import com.mware.core.security.AuditService;
import com.mware.core.user.SystemUser;
import com.mware.core.user.User;
import com.mware.security.ldap.LDAPAuthenticator;
import com.mware.web.CurrentUser;
import com.mware.web.framework.ParameterizedHandler;
import com.mware.web.framework.annotations.Handle;
import com.mware.web.framework.annotations.Required;
import com.mware.web.util.RemoteAddressUtil;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.json.JSONObject;

/* loaded from: input_file:com/mware/web/auth/usernamepassword/routes/Login.class */
public class Login implements ParameterizedHandler {
    private final UserRepository userRepository;
    private final AuditService auditService;
    private LDAPAuthenticator ldapAuthenticator;
    private AuthorizationRepository authorizationRepository;
    private final UserPropertyPrivilegeRepository privilegeRepository;

    @Inject
    public Login(UserRepository userRepository, AuditService auditService, LDAPAuthenticator lDAPAuthenticator, AuthorizationRepository authorizationRepository, UserPropertyPrivilegeRepository userPropertyPrivilegeRepository) {
        this.userRepository = userRepository;
        this.auditService = auditService;
        this.ldapAuthenticator = lDAPAuthenticator;
        this.authorizationRepository = authorizationRepository;
        this.privilegeRepository = userPropertyPrivilegeRepository;
    }

    @Handle
    public JSONObject handle(HttpServletRequest httpServletRequest, @Required(name = "username") String str, @Required(name = "password") String str2) {
        String trim = str.trim();
        String trim2 = str2.trim();
        User findByUsername = this.userRepository.findByUsername(trim);
        if (!this.ldapAuthenticator.isLdapEnabled()) {
            if (findByUsername == null || !this.userRepository.isPasswordValid(findByUsername, trim2)) {
                throw new BcAccessDeniedException("", findByUsername, (Object) null);
            }
            return loginUser(findByUsername, trim, httpServletRequest);
        }
        if (!this.ldapAuthenticator.isPasswordValid(trim, trim2)) {
            throw new BcAccessDeniedException("", findByUsername, (Object) null);
        }
        if (findByUsername == null) {
            findByUsername = this.userRepository.findOrAddUser(trim, trim, (String) null, trim2);
        }
        addRolesFromLdapGroups(findByUsername, this.ldapAuthenticator.getGroupMemberships(trim));
        if (this.ldapAuthenticator.hasAdminFlag(trim)) {
            this.privilegeRepository.setPrivileges(findByUsername, ImmutableSet.copyOf(new String[]{"READ", "COMMENT", "EDIT", "PUBLISH", "SEARCH_SAVE_GLOBAL", "HISTORY_READ", "ADMIN", "ONTOLOGY_ADD", "ONTOLOGY_PUBLISH"}), new SystemUser());
        }
        return loginUser(findByUsername, trim, httpServletRequest);
    }

    private void addRolesFromLdapGroups(User user, Set<String> set) {
        Set roleNames = this.authorizationRepository.getRoleNames(user);
        for (String str : set) {
            if (!roleNames.contains(str)) {
                this.authorizationRepository.addRoleToUser(user, str, new SystemUser());
            }
        }
    }

    private JSONObject loginUser(User user, String str, HttpServletRequest httpServletRequest) {
        this.userRepository.updateUser(user, new UserNameAuthorizationContext(str, RemoteAddressUtil.getClientIpAddr(httpServletRequest)));
        CurrentUser.set(httpServletRequest, user);
        this.auditService.auditLogin(user);
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("status", "OK");
        return jSONObject;
    }
}
