package org.owasp.webgoat.controller;

import java.util.Iterator;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.owasp.webgoat.application.Application;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.session.WebgoatContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;

@Controller
/* loaded from: input_file:WebGoat.war:WEB-INF/classes/org/owasp/webgoat/controller/Start.class */
public class Start {
    final Logger logger = LoggerFactory.getLogger((Class<?>) Start.class);
    private static final String WELCOMED = "welcomed";

    @Autowired
    private ServletContext servletContext;

    @RequestMapping(value = {"start.mvc"}, method = {RequestMethod.GET, RequestMethod.POST})
    public ModelAndView start(HttpServletRequest httpServletRequest, @RequestParam(value = "error", required = false) String str, @RequestParam(value = "logout", required = false) String str2) {
        ModelAndView modelAndView = new ModelAndView();
        if (!checkWebSession(httpServletRequest.getSession())) {
            modelAndView.setViewName("redirect:/login.mvc");
            return modelAndView;
        }
        String role = getRole();
        String name = httpServletRequest.getUserPrincipal().getName();
        modelAndView.addObject("role", role);
        modelAndView.addObject("user", name);
        modelAndView.addObject("contactEmail", this.servletContext.getInitParameter(WebgoatContext.FEEDBACK_ADDRESS));
        modelAndView.addObject("emailList", this.servletContext.getInitParameter("emaillist"));
        Application application = Application.getInstance();
        this.logger.info("Setting application properties: " + application);
        modelAndView.addObject("version", application.getVersion());
        modelAndView.addObject("build", application.getBuild());
        modelAndView.setViewName("main_new");
        return modelAndView;
    }

    private String getRole() {
        String str = "N/A";
        Iterator<? extends GrantedAuthority> it = SecurityContextHolder.getContext().getAuthentication().getAuthorities().iterator();
        if (it.hasNext()) {
            GrantedAuthority next = it.next();
            next.getAuthority();
            str = StringUtils.remove(StringUtils.lowerCase(next.getAuthority()), "role_");
        }
        return str;
    }

    public boolean checkWebSession(HttpSession httpSession) {
        Object attribute = httpSession.getAttribute(WebSession.SESSION);
        if (attribute == null) {
            this.logger.error("No valid WebSession object found, has session timed out? [" + httpSession.getId() + "]");
            return false;
        }
        if (attribute instanceof WebSession) {
            return true;
        }
        this.logger.error("Invalid WebSession object found, this is probably a bug! [" + attribute.getClass() + " | " + httpSession.getId() + "]");
        return false;
    }
}
