package org.craftercms.security.processors.impl;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.BooleanUtils;
import org.craftercms.commons.http.HttpUtils;
import org.craftercms.commons.http.RequestContext;
import org.craftercms.security.authentication.Authentication;
import org.craftercms.security.authentication.AuthenticationManager;
import org.craftercms.security.authentication.LoginFailureHandler;
import org.craftercms.security.authentication.LoginSuccessHandler;
import org.craftercms.security.authentication.RememberMeManager;
import org.craftercms.security.exception.AuthenticationException;
import org.craftercms.security.exception.BadCredentialsException;
import org.craftercms.security.processors.RequestSecurityProcessor;
import org.craftercms.security.processors.RequestSecurityProcessorChain;
import org.craftercms.security.utils.SecurityUtils;
import org.craftercms.security.utils.tenant.TenantsResolver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Required;

/* loaded from: input_file:WEB-INF/lib/crafter-security-provider-3.1.26.jar:org/craftercms/security/processors/impl/LoginProcessor.class */
public class LoginProcessor implements RequestSecurityProcessor {
    public static final Logger logger = LoggerFactory.getLogger(LoginProcessor.class);
    public static final String DEFAULT_LOGIN_URL = "/crafter-security-login";
    public static final String DEFAULT_LOGIN_METHOD = "POST";
    public static final String DEFAULT_USERNAME_PARAM = "username";
    public static final String DEFAULT_PASSWORD_PARAM = "password";
    public static final String DEFAULT_REMEMBER_ME_PARAM = "rememberMe";
    protected String loginUrl = DEFAULT_LOGIN_URL;
    protected String loginMethod = "POST";
    protected String usernameParameter = "username";
    protected String passwordParameter = "password";
    protected String rememberMeParameter = DEFAULT_REMEMBER_ME_PARAM;
    protected TenantsResolver tenantsResolver;
    protected AuthenticationManager authenticationManager;
    protected LoginSuccessHandler loginSuccessHandler;
    protected LoginFailureHandler loginFailureHandler;
    protected RememberMeManager rememberMeManager;

    public void setLoginUrl(String str) {
        this.loginUrl = str;
    }

    public void setLoginMethod(String str) {
        this.loginMethod = str;
    }

    public void setPasswordParameter(String str) {
        this.passwordParameter = str;
    }

    public void setUsernameParameter(String str) {
        this.usernameParameter = str;
    }

    public void setRememberMeParameter(String str) {
        this.rememberMeParameter = str;
    }

    @Required
    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    @Required
    public void setLoginSuccessHandler(LoginSuccessHandler loginSuccessHandler) {
        this.loginSuccessHandler = loginSuccessHandler;
    }

    @Required
    public void setLoginFailureHandler(LoginFailureHandler loginFailureHandler) {
        this.loginFailureHandler = loginFailureHandler;
    }

    @Required
    public void setRememberMeManager(RememberMeManager rememberMeManager) {
        this.rememberMeManager = rememberMeManager;
    }

    @Required
    public void setTenantsResolver(TenantsResolver tenantsResolver) {
        this.tenantsResolver = tenantsResolver;
    }

    @Override // org.craftercms.security.processors.RequestSecurityProcessor
    public void processRequest(RequestContext requestContext, RequestSecurityProcessorChain requestSecurityProcessorChain) throws Exception {
        HttpServletRequest request = requestContext.getRequest();
        if (!isLoginRequest(request)) {
            requestSecurityProcessorChain.processRequest(requestContext);
            return;
        }
        logger.debug("Processing login request");
        String[] tenants = this.tenantsResolver.getTenants();
        if (ArrayUtils.isEmpty(tenants)) {
            throw new IllegalArgumentException("No tenants resolved for authentication");
        }
        String username = getUsername(request);
        String password = getPassword(request);
        if (username == null) {
            username = "";
        }
        if (password == null) {
            password = "";
        }
        try {
            logger.debug("Attempting authentication of user '{}' with tenants {}", username, tenants);
            Authentication authenticateUser = this.authenticationManager.authenticateUser(tenants, username, password);
            if (getRememberMe(request)) {
                this.rememberMeManager.enableRememberMe(authenticateUser, requestContext);
            } else {
                this.rememberMeManager.disableRememberMe(requestContext);
            }
            onLoginSuccess(requestContext, authenticateUser);
        } catch (AuthenticationException e) {
            onLoginFailure(requestContext, e);
        }
    }

    protected boolean isLoginRequest(HttpServletRequest httpServletRequest) {
        return HttpUtils.getRequestUriWithoutContextPath(httpServletRequest).equals(this.loginUrl) && httpServletRequest.getMethod().equals(this.loginMethod);
    }

    protected String getUsername(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(this.usernameParameter);
    }

    protected String getPassword(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(this.passwordParameter);
    }

    protected boolean getRememberMe(HttpServletRequest httpServletRequest) {
        return BooleanUtils.toBoolean(httpServletRequest.getParameter(this.rememberMeParameter));
    }

    protected void onLoginSuccess(RequestContext requestContext, Authentication authentication) throws Exception {
        logger.info("Login successful for user '" + authentication.getProfile().getUsername() + "'");
        HttpServletRequest request = requestContext.getRequest();
        clearSession(request);
        SecurityUtils.setAuthentication(request, authentication);
        this.loginSuccessHandler.handle(requestContext, authentication);
    }

    protected void onLoginFailure(RequestContext requestContext, AuthenticationException authenticationException) throws Exception {
        logger.debug("Login failed", (Throwable) authenticationException);
        saveException(requestContext.getRequest(), authenticationException);
        this.loginFailureHandler.handle(requestContext, authenticationException);
    }

    protected void saveException(HttpServletRequest httpServletRequest, AuthenticationException authenticationException) {
        logger.debug("Saving authentication exception in session for later use");
        HttpSession session = httpServletRequest.getSession(true);
        if (authenticationException instanceof BadCredentialsException) {
            session.setAttribute(SecurityUtils.BAD_CREDENTIALS_EXCEPTION_SESSION_ATTRIBUTE, authenticationException);
        } else {
            session.setAttribute(SecurityUtils.AUTHENTICATION_EXCEPTION_SESSION_ATTRIBUTE, authenticationException);
        }
    }

    protected void clearSession(HttpServletRequest httpServletRequest) {
        logger.debug("Removing any authentication exceptions from session, not needed anymore");
        try {
            httpServletRequest.getSession().invalidate();
        } catch (IllegalStateException e) {
            logger.debug("Session was already invalidated");
        }
        httpServletRequest.getSession(true);
    }
}
