package org.codehaus.plexus.redback.struts2.action;

import java.util.Arrays;
import java.util.Date;
import org.apache.struts2.ServletActionContext;
import org.codehaus.plexus.redback.authentication.AuthenticationDataSource;
import org.codehaus.plexus.redback.authentication.AuthenticationException;
import org.codehaus.plexus.redback.authentication.AuthenticationResult;
import org.codehaus.plexus.redback.authentication.PasswordBasedAuthenticationDataSource;
import org.codehaus.plexus.redback.authentication.TokenBasedAuthenticationDataSource;
import org.codehaus.plexus.redback.configuration.UserConfiguration;
import org.codehaus.plexus.redback.keys.AuthenticationKey;
import org.codehaus.plexus.redback.keys.KeyManagerException;
import org.codehaus.plexus.redback.keys.KeyNotFoundException;
import org.codehaus.plexus.redback.policy.AccountLockedException;
import org.codehaus.plexus.redback.policy.MustChangePasswordException;
import org.codehaus.plexus.redback.system.SecuritySession;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.redback.users.User;
import org.codehaus.plexus.redback.users.UserNotFoundException;
import org.codehaus.plexus.util.StringUtils;
import org.codehaus.redback.integration.interceptor.SecureActionBundle;
import org.codehaus.redback.integration.interceptor.SecureActionException;
import org.codehaus.redback.integration.util.AutoLoginCookies;

/* loaded from: input_file:org/codehaus/plexus/redback/struts2/action/LoginAction.class */
public class LoginAction extends AbstractSecurityAction implements CancellableAction {
    private static final String LOGIN_SUCCESS = "security-login-success";
    private static final String PASSWORD_CHANGE = "security-must-change-password";
    private static final String ACCOUNT_LOCKED = "security-login-locked";
    protected SecuritySystem securitySystem;
    private String username;
    private String password;
    private String validateMe;
    private String resetPassword;
    private boolean rememberMe;
    private AutoLoginCookies autologinCookies;
    private UserConfiguration config;

    public String show() {
        return "input";
    }

    public String login() {
        if (StringUtils.isNotEmpty(this.validateMe)) {
            return validated();
        }
        if (StringUtils.isNotEmpty(this.resetPassword)) {
            return resetPassword();
        }
        if (StringUtils.isEmpty(this.username)) {
            addFieldError("username", getText("username.required"));
            return "error";
        }
        PasswordBasedAuthenticationDataSource passwordBasedAuthenticationDataSource = new PasswordBasedAuthenticationDataSource();
        passwordBasedAuthenticationDataSource.setPrincipal(this.username);
        passwordBasedAuthenticationDataSource.setPassword(this.password);
        return webLogin(passwordBasedAuthenticationDataSource, this.rememberMe);
    }

    public String resetPassword() {
        if (StringUtils.isEmpty(this.resetPassword)) {
            addActionError(getText("reset.password.missing"));
            return "error";
        }
        try {
            AuthenticationKey findKey = this.securitySystem.getKeyManager().findKey(this.resetPassword);
            User findUser = this.securitySystem.getUserManager().findUser(findKey.getForPrincipal());
            findUser.setPasswordChangeRequired(true);
            findUser.setEncodedPassword("");
            TokenBasedAuthenticationDataSource tokenBasedAuthenticationDataSource = new TokenBasedAuthenticationDataSource();
            tokenBasedAuthenticationDataSource.setPrincipal(findUser.getPrincipal().toString());
            tokenBasedAuthenticationDataSource.setToken(findKey.getKey());
            tokenBasedAuthenticationDataSource.setEnforcePasswordChange(false);
            this.securitySystem.getUserManager().updateUser(findUser);
            AuditEvent auditEvent = new AuditEvent(getText("log.password.change"));
            auditEvent.setAffectedUser(this.username);
            auditEvent.log();
            return webLogin(tokenBasedAuthenticationDataSource, false);
        } catch (KeyNotFoundException e) {
            this.log.info("Invalid key requested: " + this.resetPassword);
            addActionError(getText("cannot.find.key"));
            return "error";
        } catch (UserNotFoundException e2) {
            addActionError(getText("cannot.find.user"));
            return "error";
        } catch (KeyManagerException e3) {
            addActionError(getText("cannot.find.key.at.the.moment"));
            this.log.warn("Key Manager error: ", e3);
            return "error";
        }
    }

    public String validated() {
        if (StringUtils.isEmpty(this.validateMe)) {
            addActionError(getText("validation.failure.key.missing"));
            return "error";
        }
        try {
            AuthenticationKey findKey = this.securitySystem.getKeyManager().findKey(this.validateMe);
            User findUser = this.securitySystem.getUserManager().findUser(findKey.getForPrincipal());
            findUser.setValidated(true);
            findUser.setLocked(false);
            findUser.setPasswordChangeRequired(true);
            findUser.setEncodedPassword("");
            TokenBasedAuthenticationDataSource tokenBasedAuthenticationDataSource = new TokenBasedAuthenticationDataSource();
            tokenBasedAuthenticationDataSource.setPrincipal(findUser.getPrincipal().toString());
            tokenBasedAuthenticationDataSource.setToken(findKey.getKey());
            tokenBasedAuthenticationDataSource.setEnforcePasswordChange(false);
            this.securitySystem.getUserManager().updateUser(findUser);
            String currentUser = getCurrentUser();
            AuditEvent auditEvent = new AuditEvent(getText("log.account.validation"));
            auditEvent.setAffectedUser(this.username);
            auditEvent.setCurrentUser(currentUser);
            auditEvent.log();
            return webLogin(tokenBasedAuthenticationDataSource, false);
        } catch (KeyNotFoundException e) {
            this.log.info("Invalid key requested: " + this.validateMe);
            addActionError(getText("cannot.find.key"));
            return "error";
        } catch (UserNotFoundException e2) {
            addActionError(getText("cannot.find.user"));
            return "error";
        } catch (KeyManagerException e3) {
            addActionError(getText("cannot.find.key.at.the.momment"));
            return "error";
        }
    }

    @Override // org.codehaus.plexus.redback.struts2.action.CancellableAction
    public String cancel() {
        return CancellableAction.CANCEL;
    }

    public String getUsername() {
        return this.username;
    }

    public void setUsername(String str) {
        this.username = str;
    }

    public String getPassword() {
        return this.password;
    }

    public void setPassword(String str) {
        this.password = str;
    }

    public String getValidateMe() {
        return this.validateMe;
    }

    public void setValidateMe(String str) {
        this.validateMe = str;
    }

    @Override // org.codehaus.plexus.redback.struts2.action.AbstractSecurityAction
    public SecureActionBundle initSecureActionBundle() throws SecureActionException {
        return SecureActionBundle.OPEN;
    }

    public String getResetPassword() {
        return this.resetPassword;
    }

    public void setResetPassword(String str) {
        this.resetPassword = str;
    }

    public boolean isRememberMe() {
        return this.rememberMe;
    }

    public void setRememberMe(boolean z) {
        this.rememberMe = z;
    }

    private String webLogin(AuthenticationDataSource authenticationDataSource, boolean z) {
        setAuthTokens(null);
        clearErrorsAndMessages();
        try {
            SecuritySession authenticate = this.securitySystem.authenticate(authenticationDataSource);
            if (!authenticate.isAuthenticated()) {
                this.log.debug("Login Action failed against principal : " + authenticate.getAuthenticationResult().getPrincipal(), authenticate.getAuthenticationResult().getException());
                AuthenticationResult authenticationResult = authenticate.getAuthenticationResult();
                if (authenticationResult.getExceptionsMap() == null || authenticationResult.getExceptionsMap().isEmpty()) {
                    addActionError(getText("authentication.failed"));
                } else if (authenticationResult.getExceptionsMap().get("1") != null) {
                    addActionError(getText("incorrect.username.password"));
                } else {
                    addActionError(getText("authentication.failed"));
                }
                AuditEvent auditEvent = new AuditEvent(getText("log.login.fail"));
                auditEvent.setAffectedUser(this.username);
                auditEvent.log();
                return "error";
            }
            setAuthTokens(authenticate);
            if (this.securitySystem.getPolicy().getUserValidationSettings().isEmailValidationRequired() && !authenticate.getUser().getUsername().equals(this.config.getString("redback.default.admin")) && !authenticate.getUser().isValidated()) {
                setAuthTokens(null);
                addActionError(getText("account.validation.required"));
                return "error";
            }
            setCookies(authenticationDataSource, z);
            AuditEvent auditEvent2 = new AuditEvent(getText("log.login.success"));
            auditEvent2.setAffectedUser(this.username);
            auditEvent2.log();
            User user = authenticate.getUser();
            user.setLastLoginDate(new Date());
            this.securitySystem.getUserManager().updateUser(user);
            if (!StringUtils.isNotEmpty(this.validateMe)) {
                return LOGIN_SUCCESS;
            }
            try {
                this.securitySystem.getKeyManager().deleteKey(this.validateMe);
                return LOGIN_SUCCESS;
            } catch (KeyManagerException e) {
                addActionError(getText("cannot.find.key.at.the.momment"));
                return "error";
            }
        } catch (MustChangePasswordException e2) {
            setCookies(authenticationDataSource, z);
            AuditEvent auditEvent3 = new AuditEvent(getText("log.login.fail.locked"));
            auditEvent3.setAffectedUser(this.username);
            auditEvent3.log();
            return PASSWORD_CHANGE;
        } catch (AccountLockedException e3) {
            addActionError(getText("account.locked"));
            AuditEvent auditEvent4 = new AuditEvent(getText("log.login.fail.locked"));
            auditEvent4.setAffectedUser(this.username);
            auditEvent4.log();
            return ACCOUNT_LOCKED;
        } catch (UserNotFoundException e4) {
            addActionError(getText("user.not.found.exception", Arrays.asList(this.username, e4.getMessage())));
            AuditEvent auditEvent5 = new AuditEvent(getText("log.login.fail"));
            auditEvent5.setAffectedUser(this.username);
            auditEvent5.log();
            return "error";
        } catch (AuthenticationException e5) {
            addActionError(getText("authentication.exception", Arrays.asList(e5.getMessage())));
            return "error";
        }
    }

    private void setCookies(AuthenticationDataSource authenticationDataSource, boolean z) {
        if (z) {
            this.autologinCookies.setRememberMeCookie(authenticationDataSource.getPrincipal(), ServletActionContext.getResponse(), ServletActionContext.getRequest());
        }
        this.autologinCookies.setSignonCookie(authenticationDataSource.getPrincipal(), ServletActionContext.getResponse(), ServletActionContext.getRequest());
    }
}
