package cronapp.framework.authentication.token;

import com.google.gson.JsonObject;
import cronapi.Var;
import cronapp.framework.api.ApiManager;
import cronapp.framework.api.EventsManager;
import cronapp.framework.api.User;
import cronapp.framework.authentication.security.Permission;
import cronapp.framework.authentication.social.SocialConfig;
import cronapp.framework.i18n.Messages;
import cronapp.framework.tenant.TenantComponent;
import java.util.Date;
import java.util.Set;
import java.util.StringJoiner;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.mobile.device.Device;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"auth"})
@RestController
/* loaded from: input_file:cronapp/framework/authentication/token/AuthenticationController.class */
public class AuthenticationController {
    private static final Logger log = LoggerFactory.getLogger(AuthenticationController.class);
    private final PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired(required = false)
    private TenantComponent tenantComponent;

    @RequestMapping(method = {RequestMethod.POST})
    public ResponseEntity<AuthenticationResponse> authenticationRequest(@RequestParam String str, String str2, Device device, @RequestHeader(name = "X-AUTH-TOKEN", required = false) String str3) {
        return auth(str, str2, device, "local", str3, null);
    }

    public ResponseEntity<AuthenticationResponse> auth(String str, String str2, Device device, String str3, String str4, JsonObject jsonObject) throws AuthenticationException {
        if (str4 != null) {
            String providerFromToken = TokenUtils.getProviderFromToken(str4);
            if (str3 != null && !"local".equals(providerFromToken) && str.equals("#OAUTH#")) {
                str = TokenUtils.getUsernameFromToken(str4);
                str3 = providerFromToken;
            }
        }
        boolean z = !"local".equals(str3);
        ApiManager byUserAndPassword = ApiManager.byUserAndPassword(str, str2, str3, SocialConfig.isAutoSignUp(), jsonObject);
        try {
            User user = byUserAndPassword.getUser();
            if (user == null) {
                throw new UsernameNotFoundException(Messages.getString("UserNotFound"));
            }
            if (!z && !byUserAndPassword.passwordMatches(str2, user.getPassword())) {
                throw new BadCredentialsException(Messages.getString("UserOrPassordInvalids"));
            }
            Set<GrantedAuthority> authorities = byUserAndPassword.getAuthorities();
            org.springframework.security.core.userdetails.User user2 = new org.springframework.security.core.userdetails.User(str, "password", true, true, true, true, authorities);
            String generateToken = TokenUtils.generateToken(user2, device, str3);
            Date expirationDateFromToken = TokenUtils.getExpirationDateFromToken(generateToken);
            SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(user2, "password", authorities));
            StringJoiner stringJoiner = new StringJoiner(",");
            stringJoiner.add("Public");
            stringJoiner.add("Authenticated");
            boolean z2 = false;
            for (GrantedAuthority grantedAuthority : authorities) {
                stringJoiner.add(grantedAuthority.getAuthority());
                if (grantedAuthority.getAuthority().equalsIgnoreCase(Permission.ROOT_ROLE)) {
                    z2 = true;
                }
            }
            if (this.tenantComponent != null) {
                this.tenantComponent.authenticationTenant(user.getUsername());
            }
            User resetPassword = user.resetPassword();
            if (EventsManager.hasEvent("onLogin")) {
                EventsManager.executeEventOnTransaction("onLogin", Var.valueOf(str));
            }
            return ResponseEntity.ok(new AuthenticationResponse(resetPassword, generateToken, expirationDateFromToken.getTime(), stringJoiner.toString(), z2));
        } catch (Exception e) {
            log.error(Messages.getString("AuthError", e.getMessage()), e);
            throw new AuthenticationServiceException(Messages.getString("AuthError", e.getMessage()));
        }
    }

    @RequestMapping(value = {"refresh"}, method = {RequestMethod.GET})
    public ResponseEntity<?> authenticationRequest(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(TokenUtils.AUTH_HEADER_NAME);
        if (!TokenUtils.canTokenBeRefreshed(header, TokenUtils.getExpirationDateFromToken(header))) {
            return ResponseEntity.badRequest().body((Object) null);
        }
        String refreshToken = TokenUtils.refreshToken(header);
        Date expirationDateFromToken = TokenUtils.getExpirationDateFromToken(header);
        String usernameFromToken = TokenUtils.getUsernameFromToken(header);
        ApiManager byUser = ApiManager.byUser(usernameFromToken);
        StringJoiner stringJoiner = new StringJoiner(",");
        stringJoiner.add("Public");
        stringJoiner.add("Authenticated");
        boolean z = false;
        for (GrantedAuthority grantedAuthority : byUser.getAuthorities()) {
            stringJoiner.add(grantedAuthority.getAuthority());
            if (grantedAuthority.getAuthority().equalsIgnoreCase(Permission.ROOT_ROLE)) {
                z = true;
            }
        }
        return ResponseEntity.ok(new AuthenticationResponse(new User(usernameFromToken), refreshToken, expirationDateFromToken.getTime(), stringJoiner.toString(), z));
    }
}
