package leap.oauth2.webapp.logout;

import leap.core.annotation.Inject;
import leap.lang.Strings;
import leap.lang.http.QueryStringBuilder;
import leap.lang.intercepting.State;
import leap.lang.net.Urls;
import leap.oauth2.webapp.OAuth2Config;
import leap.oauth2.webapp.OAuth2Params;
import leap.web.Request;
import leap.web.Response;
import leap.web.security.SecurityConfig;
import leap.web.security.SecurityInterceptor;
import leap.web.security.authc.AuthenticationContext;
import leap.web.security.authc.AuthenticationManager;
import leap.web.security.logout.LogoutContext;
import leap.web.view.View;

/* loaded from: input_file:leap/oauth2/webapp/logout/OAuth2LogoutInterceptor.class */
public class OAuth2LogoutInterceptor implements SecurityInterceptor {
    protected static final String OAUTH2_LOGOUT = "oauth2_logout";

    @Inject
    protected OAuth2Config config;

    @Inject
    protected SecurityConfig sc;

    @Inject
    protected AuthenticationManager am;

    public State preResolveAuthentication(Request request, Response response, AuthenticationContext authenticationContext) throws Throwable {
        View view;
        if (this.config.isEnabled() && this.config.isLogout() && isLogoutFromServer(request)) {
            this.am.logoutImmediately(request, response);
            if (!Strings.isEmpty(this.config.getLogoutView()) && null != (view = request.getView(this.config.getLogoutView()))) {
                view.render(request, response);
                return State.INTERCEPTED;
            }
        }
        return State.CONTINUE;
    }

    public State preLogout(Request request, Response response, LogoutContext logoutContext) throws Throwable {
        if (!this.config.isEnabled() || !this.config.isLogout() || isLogoutFromServer(request)) {
            return State.CONTINUE;
        }
        response.sendRedirect(buildRemoteLogoutUrl(request));
        return State.INTERCEPTED;
    }

    protected boolean isLogoutFromServer(Request request) {
        return "1".equals(request.getParameter(OAUTH2_LOGOUT));
    }

    protected String buildRemoteLogoutUrl(Request request) {
        QueryStringBuilder queryStringBuilder = new QueryStringBuilder();
        queryStringBuilder.add(OAuth2Params.CLIENT_ID, this.config.getClientId());
        queryStringBuilder.add(OAuth2Params.POST_LOGOUT_REDIRECT_URI, buildLogoutRedirectUri(request));
        return Urls.appendQueryString(this.config.getLogoutUrl(), queryStringBuilder.build());
    }

    protected String buildLogoutRedirectUri(Request request) {
        return Urls.appendQueryString(request.getContextUrl() + this.sc.getLogoutAction(), "oauth2_logout=1");
    }
}
