package org.crazyyak.demo.common.app;

import org.crazyyak.demo.common.app.domain.Account;
import org.crazyyak.demo.common.app.domain.AccountStore;
import org.crazyyak.dev.common.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/lib/yak-demo-common-app-3.1.0.jar:org/crazyyak/demo/common/app/DemoCommonSecurityProvider.class */
public class DemoCommonSecurityProvider extends AbstractUserDetailsAuthenticationProvider {
    private final AccountStore accountStore;

    @Autowired
    public DemoCommonSecurityProvider(AccountStore accountStore) {
        this.accountStore = accountStore;
    }

    @Override // org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        if (BeanUtils.objectsNotEqual(userDetails.getUsername(), usernamePasswordAuthenticationToken.getPrincipal())) {
            throw new UsernameNotFoundException(Account.INVALID_USER_NAME_OR_PASSWORD);
        }
        if (BeanUtils.objectsNotEqual(userDetails.getPassword(), usernamePasswordAuthenticationToken.getCredentials())) {
            throw new BadCredentialsException(Account.INVALID_USER_NAME_OR_PASSWORD);
        }
    }

    @Override // org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    protected UserDetails retrieveUser(String str, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        Account byEmailAddress = this.accountStore.getByEmailAddress(str);
        if (byEmailAddress == null || BeanUtils.objectsNotEqual(byEmailAddress.getEmailAddress(), str)) {
            throw new UsernameNotFoundException(Account.INVALID_USER_NAME_OR_PASSWORD);
        }
        return byEmailAddress.toUser();
    }
}
