package org.dspace.app.rest;

import java.sql.SQLException;
import java.util.Arrays;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.dspace.app.rest.converter.ConverterService;
import org.dspace.app.rest.converter.EPersonConverter;
import org.dspace.app.rest.link.HalLinkService;
import org.dspace.app.rest.model.AuthenticationStatusRest;
import org.dspace.app.rest.model.AuthnRest;
import org.dspace.app.rest.model.EPersonRest;
import org.dspace.app.rest.model.hateoas.AuthenticationStatusResource;
import org.dspace.app.rest.model.hateoas.AuthnResource;
import org.dspace.app.rest.projection.Projection;
import org.dspace.app.rest.security.RestAuthenticationService;
import org.dspace.app.rest.utils.ContextUtil;
import org.dspace.app.rest.utils.Utils;
import org.dspace.core.Context;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.hateoas.Link;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/api/authn"})
@RestController
/* loaded from: input_file:org/dspace/app/rest/AuthenticationRestController.class */
public class AuthenticationRestController implements InitializingBean {
    private static final Logger log = LoggerFactory.getLogger(AuthenticationRestController.class);

    @Autowired
    DiscoverableEndpointsService discoverableEndpointsService;

    @Autowired
    private ConverterService converter;

    @Autowired
    private EPersonConverter ePersonConverter;

    @Autowired
    private HalLinkService halLinkService;

    @Autowired
    private RestAuthenticationService restAuthenticationService;

    @Autowired
    private Utils utils;

    public void afterPropertiesSet() {
        this.discoverableEndpointsService.register(this, Arrays.asList(new Link("/api/authn", "authn")));
    }

    @RequestMapping(method = {RequestMethod.GET})
    public AuthnResource authn() {
        AuthnRest authnRest = new AuthnRest();
        authnRest.setProjection(this.utils.obtainProjection());
        return (AuthnResource) this.converter.toResource(authnRest);
    }

    @RequestMapping(value = {"/status"}, method = {RequestMethod.GET})
    public AuthenticationStatusResource status(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SQLException {
        Context obtainContext = ContextUtil.obtainContext(httpServletRequest);
        EPersonRest ePersonRest = null;
        Projection obtainProjection = this.utils.obtainProjection();
        if (obtainContext.getCurrentUser() != null) {
            ePersonRest = (EPersonRest) this.converter.toRest(obtainContext.getCurrentUser(), obtainProjection);
        }
        AuthenticationStatusRest authenticationStatusRest = new AuthenticationStatusRest(ePersonRest);
        if (!authenticationStatusRest.isAuthenticated()) {
            httpServletResponse.setHeader("WWW-Authenticate", this.restAuthenticationService.getWwwAuthenticateHeaderValue(httpServletRequest, httpServletResponse));
        }
        authenticationStatusRest.setProjection(obtainProjection);
        return (AuthenticationStatusResource) this.converter.toResource(authenticationStatusRest);
    }

    @RequestMapping(value = {"/login"}, method = {RequestMethod.POST})
    public ResponseEntity login(HttpServletRequest httpServletRequest, @RequestParam(name = "user", required = false) String str, @RequestParam(name = "password", required = false) String str2) {
        return getLoginResponse(httpServletRequest, "Authentication failed for user " + str + ": The credentials you provided are not valid.");
    }

    @RequestMapping(value = {"/login"}, method = {RequestMethod.GET, RequestMethod.PUT, RequestMethod.PATCH, RequestMethod.DELETE})
    public ResponseEntity login() {
        return ResponseEntity.status(HttpStatus.METHOD_NOT_ALLOWED).body("Only POST is allowed for login requests.");
    }

    @RequestMapping(value = {"/logout"}, method = {RequestMethod.GET, RequestMethod.POST})
    public ResponseEntity logout() {
        return ResponseEntity.noContent().build();
    }

    protected ResponseEntity getLoginResponse(HttpServletRequest httpServletRequest, String str) {
        Context obtainContext = ContextUtil.obtainContext(httpServletRequest);
        return (obtainContext == null || obtainContext.getCurrentUser() == null) ? ResponseEntity.status(HttpStatus.FORBIDDEN).body(str) : ResponseEntity.ok().build();
    }
}
