package tv.hd3g.authkit.mod.controller;

import java.time.Duration;
import java.util.Optional;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.Valid;
import javax.validation.constraints.NotEmpty;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.MessageSource;
import org.springframework.context.i18n.LocaleContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
import tv.hd3g.authkit.mod.ControllerInterceptor;
import tv.hd3g.authkit.mod.dto.LoginRequestContentDto;
import tv.hd3g.authkit.mod.dto.validated.LoginFormDto;
import tv.hd3g.authkit.mod.dto.validated.ResetPasswordFormDto;
import tv.hd3g.authkit.mod.dto.validated.TOTPLogonCodeFormDto;
import tv.hd3g.authkit.mod.exception.BlockedUserException;
import tv.hd3g.authkit.mod.exception.NotAcceptableSecuredTokenException;
import tv.hd3g.authkit.mod.exception.ResetWithSamePasswordException;
import tv.hd3g.authkit.mod.exception.UserCantLoginException;
import tv.hd3g.authkit.mod.service.AuthenticationService;
import tv.hd3g.authkit.mod.service.CookieService;
import tv.hd3g.authkit.mod.service.SecuredTokenService;
import tv.hd3g.commons.authkit.AuditAfter;
import tv.hd3g.commons.authkit.CheckBefore;

@Controller
/* loaded from: input_file:tv/hd3g/authkit/mod/controller/ControllerLogin.class */
public class ControllerLogin {
    public static final String TOKEN_FORMNAME_LOGIN = "login";
    public static final String TOKEN_FORMNAME_RESET_PSD = "reset-password";
    public static final String TOKEN_FORMNAME_ENTER_TOTP = "totp-code";
    public static final String TOKEN_REDIRECT_RESET_PSD = "rpasswd";
    private static final String BOUNCETO = "bounceto";
    private static final String TMPL_NAME_LOGIN = "login";
    private static final String TMPL_NAME_RESET_PSD = "reset-password";
    private static final String TMPL_NAME_TOTP = "totp-challenge";
    private static final String TMPL_ATTR_ERROR = "error";
    private static final String TMPL_ATTR_FORMTOKEN = "formtoken";

    @Autowired
    private SecuredTokenService tokenService;

    @Autowired
    private MessageSource messageSource;

    @Autowired
    private AuthenticationService authenticationService;

    @Autowired
    private CookieService cookieService;

    @Value("${authkit.maxLoginTime:5m}")
    private Duration expirationDuration;

    @Value("${authkit.redirectToAfterLogin:/}")
    private String redirectToAfterLogin;

    @Value("${authkit.redirectToAfterLogout:/login}")
    private String redirectToAfterLogout;

    private String makeToken() {
        return this.tokenService.simpleFormGenerateToken("login", this.expirationDuration);
    }

    @GetMapping({"/login"})
    public String login(Model model) {
        model.addAttribute(TMPL_ATTR_FORMTOKEN, makeToken());
        return "login";
    }

    @PostMapping({"/login"})
    @AuditAfter(useSecurity = true, value = "Auth login page")
    public String doLogin(Model model, @ModelAttribute @Valid LoginFormDto loginFormDto, BindingResult bindingResult, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (bindingResult.hasErrors()) {
            return sendLoginBindingError(model, httpServletResponse);
        }
        try {
            this.tokenService.simpleFormCheckToken("login", loginFormDto.getSecuretoken());
            return prepareResponseAfterLogon(model, httpServletRequest, httpServletResponse, this.authenticationService.userLoginRequest(httpServletRequest, loginFormDto));
        } catch (NotAcceptableSecuredTokenException e) {
            return sendErrorExpiredFormTokenDuringLogin(model, httpServletResponse, e);
        } catch (UserCantLoginException.TOTPUserCantLoginException e2) {
            String userFormGenerateToken = this.tokenService.userFormGenerateToken(TOKEN_FORMNAME_ENTER_TOTP, e2.getUserUUID(), this.expirationDuration);
            model.addAttribute("shorttime", loginFormDto.getShorttime());
            model.addAttribute(TMPL_ATTR_FORMTOKEN, userFormGenerateToken);
            return TMPL_NAME_TOTP;
        } catch (UserCantLoginException.UserMustChangePasswordException e3) {
            model.addAttribute(TMPL_ATTR_FORMTOKEN, this.tokenService.userFormGenerateToken("reset-password", e3.getUserUUID(), this.expirationDuration));
            return "reset-password";
        } catch (UserCantLoginException e4) {
            return sendErrorDisabledBlockedUserDuringLogin(model, httpServletResponse, e4);
        }
    }

    @GetMapping({"/logout"})
    @CheckBefore
    public String logout(Model model, HttpServletResponse httpServletResponse) {
        Cookie deleteLogonCookie = this.cookieService.deleteLogonCookie();
        deleteLogonCookie.setSecure(true);
        httpServletResponse.addCookie(deleteLogonCookie);
        model.addAttribute(BOUNCETO, ServletUriComponentsBuilder.fromCurrentContextPath().path(this.redirectToAfterLogout).toUriString());
        return "bounce-logout";
    }

    @GetMapping({"/reset-password/{token}"})
    public String resetPassword(@PathVariable("token") @NotEmpty String str, Model model, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            model.addAttribute(TMPL_ATTR_FORMTOKEN, this.tokenService.userFormGenerateToken("reset-password", this.tokenService.securedRedirectRequestExtractToken(str, TOKEN_REDIRECT_RESET_PSD), this.expirationDuration));
            return "reset-password";
        } catch (NotAcceptableSecuredTokenException e) {
            httpServletResponse.setStatus(400);
            model.addAttribute(TMPL_ATTR_FORMTOKEN, makeToken());
            return "login";
        }
    }

    @PostMapping({"/reset-password"})
    @AuditAfter(useSecurity = true, value = "Reset password", changeSecurity = true)
    public String doResetPassword(Model model, @ModelAttribute @Valid ResetPasswordFormDto resetPasswordFormDto, BindingResult bindingResult, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (bindingResult.hasErrors()) {
            httpServletResponse.setStatus(400);
            model.addAttribute(TMPL_ATTR_ERROR, this.messageSource.getMessage("authkit.reset-password.form-error", (Object[]) null, LocaleContextHolder.getLocale()));
            model.addAttribute(TMPL_ATTR_FORMTOKEN, resetPasswordFormDto.getSecuretoken());
            return "reset-password";
        }
        if (!resetPasswordFormDto.checkSamePasswords()) {
            httpServletResponse.setStatus(400);
            model.addAttribute(TMPL_ATTR_ERROR, this.messageSource.getMessage("authkit.reset-password.form-error.notsamepass", (Object[]) null, LocaleContextHolder.getLocale()));
            model.addAttribute(TMPL_ATTR_FORMTOKEN, resetPasswordFormDto.getSecuretoken());
            return "reset-password";
        }
        try {
            this.authenticationService.changeUserPassword(this.tokenService.userFormExtractTokenUUID("reset-password", resetPasswordFormDto.getSecuretoken()), resetPasswordFormDto.getNewuserpassword());
            model.addAttribute("actionDone", this.messageSource.getMessage("authkit.reset-password.done", (Object[]) null, LocaleContextHolder.getLocale()));
            model.addAttribute(TMPL_ATTR_FORMTOKEN, makeToken());
            return "login";
        } catch (BlockedUserException e) {
            httpServletResponse.setStatus(401);
            model.addAttribute(TMPL_ATTR_ERROR, this.messageSource.getMessage("authkit.reset-password.blockeduser", (Object[]) null, LocaleContextHolder.getLocale()));
            model.addAttribute(TMPL_ATTR_FORMTOKEN, makeToken());
            return "login";
        } catch (NotAcceptableSecuredTokenException e2) {
            httpServletResponse.setStatus(400);
            model.addAttribute(TMPL_ATTR_ERROR, this.messageSource.getMessage("authkit.reset-password.form-error", (Object[]) null, LocaleContextHolder.getLocale()));
            model.addAttribute(TMPL_ATTR_FORMTOKEN, makeToken());
            return "login";
        } catch (ResetWithSamePasswordException e3) {
            httpServletResponse.setStatus(400);
            model.addAttribute(TMPL_ATTR_ERROR, this.messageSource.getMessage("authkit.reset-password.invalidpassword", (Object[]) null, LocaleContextHolder.getLocale()));
            model.addAttribute(TMPL_ATTR_FORMTOKEN, resetPasswordFormDto.getSecuretoken());
            return "reset-password";
        }
    }

    @PostMapping({"/login-2auth"})
    @AuditAfter(useSecurity = true, value = "TOTP Logon", changeSecurity = false)
    public String doTOTPLogin(Model model, @ModelAttribute @Valid TOTPLogonCodeFormDto tOTPLogonCodeFormDto, BindingResult bindingResult, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (bindingResult.hasErrors()) {
            return sendLoginBindingError(model, httpServletResponse);
        }
        try {
            return prepareResponseAfterLogon(model, httpServletRequest, httpServletResponse, this.authenticationService.userLoginRequest(httpServletRequest, tOTPLogonCodeFormDto));
        } catch (NotAcceptableSecuredTokenException e) {
            return sendErrorExpiredFormTokenDuringLogin(model, httpServletResponse, e);
        } catch (UserCantLoginException e2) {
            return sendErrorDisabledBlockedUserDuringLogin(model, httpServletResponse, e2);
        }
    }

    private String sendLoginBindingError(Model model, HttpServletResponse httpServletResponse) {
        httpServletResponse.setStatus(400);
        model.addAttribute(TMPL_ATTR_ERROR, this.messageSource.getMessage("authkit.login.form-error", (Object[]) null, LocaleContextHolder.getLocale()));
        model.addAttribute(TMPL_ATTR_FORMTOKEN, makeToken());
        return "login";
    }

    private String prepareResponseAfterLogon(Model model, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, LoginRequestContentDto loginRequestContentDto) {
        model.addAttribute("jwtsession", loginRequestContentDto.getUserSessionToken());
        Cookie userSessionCookie = loginRequestContentDto.getUserSessionCookie();
        userSessionCookie.setSecure(true);
        httpServletResponse.addCookie(userSessionCookie);
        Optional<String> pathToRedirectToAfterLogin = ControllerInterceptor.getPathToRedirectToAfterLogin(httpServletRequest);
        if (pathToRedirectToAfterLogin.isPresent()) {
            Cookie deleteRedirectAfterLoginCookie = this.cookieService.deleteRedirectAfterLoginCookie();
            deleteRedirectAfterLoginCookie.setSecure(true);
            httpServletResponse.addCookie(deleteRedirectAfterLoginCookie);
        }
        model.addAttribute(BOUNCETO, (String) pathToRedirectToAfterLogin.map(str -> {
            ServletUriComponentsBuilder fromCurrentRequest = ServletUriComponentsBuilder.fromCurrentRequest();
            int indexOf = str.indexOf("?");
            return (indexOf <= 0 || indexOf + 1 >= str.length()) ? fromCurrentRequest.replacePath(str) : fromCurrentRequest.replacePath(str.substring(0, indexOf)).query(str.substring(indexOf + 1));
        }).map((v0) -> {
            return v0.toUriString();
        }).orElseGet(() -> {
            return ServletUriComponentsBuilder.fromCurrentContextPath().path(this.redirectToAfterLogin).toUriString();
        }));
        return "bounce-session";
    }

    private String sendErrorExpiredFormTokenDuringLogin(Model model, HttpServletResponse httpServletResponse, NotAcceptableSecuredTokenException notAcceptableSecuredTokenException) {
        httpServletResponse.setStatus(400);
        model.addAttribute(TMPL_ATTR_ERROR, this.messageSource.getMessage(notAcceptableSecuredTokenException.getClass().getSimpleName(), (Object[]) null, LocaleContextHolder.getLocale()));
        model.addAttribute(TMPL_ATTR_FORMTOKEN, makeToken());
        return "login";
    }

    private String sendErrorDisabledBlockedUserDuringLogin(Model model, HttpServletResponse httpServletResponse, UserCantLoginException userCantLoginException) {
        httpServletResponse.setStatus(userCantLoginException.getHttpReturnCode());
        model.addAttribute(TMPL_ATTR_ERROR, this.messageSource.getMessage(userCantLoginException.getClass().getSimpleName(), (Object[]) null, LocaleContextHolder.getLocale()));
        model.addAttribute(TMPL_ATTR_FORMTOKEN, makeToken());
        return "login";
    }
}
