package net.yadaframework.security.components;

import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import net.yadaframework.core.YadaConfiguration;
import net.yadaframework.security.TooManyFailedAttemptsException;
import net.yadaframework.security.persistence.entity.YadaUserCredentials;
import net.yadaframework.security.persistence.repository.YadaUserCredentialsDao;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.stereotype.Component;

@Scope("prototype")
@Component
/* loaded from: input_file:net/yadaframework/security/components/YadaAuthenticationFailureHandler.class */
public class YadaAuthenticationFailureHandler implements AuthenticationFailureHandler {
    public static final String REQUESTATTR_LOGINERRORFLAG = "loginErrorFlag";
    public static final String REQUESTATTR_PASSWORDERRORFLAG = "passwordError";
    public static final String REQUESTATTR_USERDISABLEDFLAG = "userDisabled";
    public static final String REQUESTATTR_USERNAMENOTFOUNDFLAG = "usernameNotFound";
    public static final String REQUESTATTR_CREDENTIALSEXPIREDFLAG = "credentialsExpiredException";
    public static final String REQUESTATTR_GENERICERRORFLAG = "loginError";
    public static final String REQUESTATTR_USERNAME = "username";
    public static final String REQUESTATTR_PASSWORD = "password";
    public static final String REQUESTATTR_LOCKOUTMINUTES = "lockoutMinutes";

    @Autowired
    private YadaUserCredentialsDao yadaUserCredentialsDao;

    @Autowired
    private YadaConfiguration yadaConfiguration;
    private final transient Logger log = LoggerFactory.getLogger(getClass());
    private String failureUrlAjaxRequest = null;
    private String failureUrlNormalRequest = null;

    private static void addIfNotNull(List<String> list, String str, HttpServletRequest httpServletRequest) {
        Object attribute = httpServletRequest.getAttribute(str);
        if (attribute == null) {
            attribute = httpServletRequest.getParameter(str);
        }
        if (attribute != null) {
            list.add(str);
            list.add((String) attribute);
        }
    }

    public static List<String> getLoginErrorParams(HttpServletRequest httpServletRequest) {
        ArrayList arrayList = new ArrayList();
        addIfNotNull(arrayList, REQUESTATTR_CREDENTIALSEXPIREDFLAG, httpServletRequest);
        addIfNotNull(arrayList, REQUESTATTR_GENERICERRORFLAG, httpServletRequest);
        addIfNotNull(arrayList, REQUESTATTR_LOCKOUTMINUTES, httpServletRequest);
        addIfNotNull(arrayList, REQUESTATTR_LOGINERRORFLAG, httpServletRequest);
        addIfNotNull(arrayList, REQUESTATTR_PASSWORDERRORFLAG, httpServletRequest);
        addIfNotNull(arrayList, REQUESTATTR_USERDISABLEDFLAG, httpServletRequest);
        addIfNotNull(arrayList, REQUESTATTR_USERNAME, httpServletRequest);
        addIfNotNull(arrayList, REQUESTATTR_USERNAMENOTFOUNDFLAG, httpServletRequest);
        return arrayList;
    }

    public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        httpServletRequest.setAttribute("SPRING_SECURITY_LAST_EXCEPTION", authenticationException);
        String parameter = httpServletRequest.getParameter(REQUESTATTR_USERNAME);
        httpServletRequest.setAttribute(REQUESTATTR_USERNAME, parameter);
        httpServletRequest.setAttribute(REQUESTATTR_LOGINERRORFLAG, REQUESTATTR_LOGINERRORFLAG);
        try {
            if (authenticationException instanceof BadCredentialsException) {
                httpServletRequest.setAttribute(REQUESTATTR_PASSWORDERRORFLAG, REQUESTATTR_PASSWORDERRORFLAG);
                this.yadaUserCredentialsDao.incrementFailedAttempts(parameter);
            } else if (authenticationException instanceof DisabledException) {
                httpServletRequest.setAttribute(REQUESTATTR_USERDISABLEDFLAG, REQUESTATTR_USERDISABLEDFLAG);
            } else if (authenticationException instanceof CredentialsExpiredException) {
                httpServletRequest.setAttribute(REQUESTATTR_CREDENTIALSEXPIREDFLAG, REQUESTATTR_CREDENTIALSEXPIREDFLAG);
                httpServletRequest.getRequestDispatcher("/pwdChange").forward(httpServletRequest, httpServletResponse);
                return;
            } else if (authenticationException instanceof TooManyFailedAttemptsException) {
                YadaUserCredentials findFirstByUsername = this.yadaUserCredentialsDao.findFirstByUsername(parameter.toLowerCase());
                if (findFirstByUsername != null) {
                    int passwordFailedAttemptsLockoutMinutes = this.yadaConfiguration.getPasswordFailedAttemptsLockoutMinutes();
                    if (findFirstByUsername.getLastFailedAttempt() != null) {
                        httpServletRequest.setAttribute(REQUESTATTR_LOCKOUTMINUTES, Long.valueOf(passwordFailedAttemptsLockoutMinutes - ((long) Math.ceil((System.currentTimeMillis() - r0.getTime()) / 60000))));
                    }
                }
            } else if (authenticationException instanceof UsernameNotFoundException) {
                httpServletRequest.setAttribute(REQUESTATTR_USERNAMENOTFOUNDFLAG, REQUESTATTR_USERNAMENOTFOUNDFLAG);
                httpServletRequest.setAttribute(REQUESTATTR_PASSWORD, httpServletRequest.getParameter(REQUESTATTR_PASSWORD));
            } else {
                httpServletRequest.setAttribute(REQUESTATTR_GENERICERRORFLAG, REQUESTATTR_GENERICERRORFLAG);
            }
        } catch (Exception e) {
            this.log.error("Failed to handle authentication failure (ignored)", e);
        }
        String str = "XMLHttpRequest".equals(httpServletRequest.getHeader("X-Requested-With")) ? this.failureUrlAjaxRequest : this.failureUrlNormalRequest;
        if (str == null) {
            this.log.debug("No failure URL set, sending 401 Unauthorized error");
            httpServletResponse.sendError(401, "Authentication Failed: " + authenticationException.getMessage());
        } else {
            this.log.debug("Forwarding to " + str);
            httpServletRequest.getRequestDispatcher(str).forward(httpServletRequest, httpServletResponse);
        }
    }

    public String getFailureUrlAjaxRequest() {
        return this.failureUrlAjaxRequest;
    }

    public void setFailureUrlAjaxRequest(String str) {
        this.failureUrlAjaxRequest = str;
    }

    public String getFailureUrlNormalRequest() {
        return this.failureUrlNormalRequest;
    }

    public void setFailureUrlNormalRequest(String str) {
        this.failureUrlNormalRequest = str;
    }
}
