package com.gu.pandomainauth.action;

import com.gu.pandomainauth.PanDomain$;
import com.gu.pandomainauth.PanDomainAuthSettingsRefresher;
import com.gu.pandomainauth.model.Authenticated;
import com.gu.pandomainauth.model.AuthenticatedUser;
import com.gu.pandomainauth.model.AuthenticationStatus;
import com.gu.pandomainauth.model.Expired;
import com.gu.pandomainauth.model.GracePeriod;
import com.gu.pandomainauth.model.InvalidCookie;
import com.gu.pandomainauth.model.NotAuthenticated$;
import com.gu.pandomainauth.model.NotAuthorized;
import com.gu.pandomainauth.model.PanDomainAuthSettings;
import com.gu.pandomainauth.service.CookieUtils$;
import com.gu.pandomainauth.service.Google2FAGroupChecker;
import com.gu.pandomainauth.service.GoogleGroupChecker;
import com.gu.pandomainauth.service.OAuth;
import com.gu.pandomainauth.service.OAuthException;
import com.gu.pandomainauth.service.OAuthException$;
import play.api.Logger$;
import play.api.MarkerContext$;
import play.api.libs.ws.WSClient;
import play.api.mvc.ActionBuilder;
import play.api.mvc.AnyContent;
import play.api.mvc.BodyParser;
import play.api.mvc.ControllerComponents;
import play.api.mvc.Cookie;
import play.api.mvc.Cookie$;
import play.api.mvc.DiscardingCookie;
import play.api.mvc.DiscardingCookie$;
import play.api.mvc.Request;
import play.api.mvc.RequestHeader;
import play.api.mvc.Result;
import play.api.mvc.Results;
import play.api.mvc.Results$;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.concurrent.Future$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxesRunTime;

/* compiled from: Actions.scala */
@ScalaSignature(bytes = "\u0006\u0001\t=ga\u0002\u001d:!\u0003\r\tA\u0011\u0005\u0006\u0013\u0002!\tA\u0013\u0005\u0006\u001d\u00021\ta\u0014\u0005\u00069\u00021\t!\u0018\u0005\u0006I\u00021\t!\u001a\u0005\u0006U\u0002!Ia\u001b\u0005\u0006o\u0002!Ia\u001b\u0005\u0006q\u0002!I!\u001f\u0005\n\u0003\u0003\u0001!\u0019!C\u0006\u0003\u0007Aq!!\u0005\u0001\r\u0003\t\u0019\u0002C\u0004\u0002&\u0001!\t!a\n\t\u000f\u0005%\u0002\u0001\"\u0001\u0002,!1\u00111\u0007\u0001\u0007\u0002-D\u0011\"!\u000e\u0001\u0005\u0004%\t!a\u000e\t\u0013\u0005\u0015\u0003A1A\u0005\u0002\u0005\u001d\u0003\"CA+\u0001\t\u0007I\u0011AA,\u0011%\t\t\u0007\u0001b\u0001\n\u0003\t\u0019\u0007C\u0005\u0002t\u0001\u0011\r\u0011\"\u0001\u0002d!9\u0011Q\u000f\u0001\u0005\u0002\u0005]\u0004\"CAU\u0001E\u0005I\u0011AAV\u0011\u001d\t)\r\u0001C\u0001\u0003\u000fDq!a3\u0001\t\u0003\ti\rC\u0004\u0002X\u0002!\t!!7\t\u000f\u0005}\u0007\u0001\"\u0001\u0002b\"9\u0011q\u001d\u0001\u0005\u0002\u0005%\bbBAw\u0001\u0011\u0005\u0011q\u001e\u0005\b\u0003k\u0004A\u0011AA|\u0011\u001d\u0011\u0019\u0001\u0001C\u0001\u0005\u000bAqA!\u0003\u0001\t\u0003\u0011Y\u0001C\u0004\u0003\u0016\u0001!\tAa\u0006\t\u000f\tm\u0001\u0001\"\u0001\u0003\u001e\u001d9!q\u0005\u0001\t\u0002\t%ba\u0002B\u0017\u0001!\u0005!q\u0006\u0005\b\u0005\u000b\u0002C\u0011\u0001B$\u0011\u001d\u0011I\u0005\tC!\u0005\u0017BqAa\u0015!\t#\n\u0019\u0001C\u0004\u0003V\u0001\"\tEa\u0016\b\u000f\tU\u0004\u0001#\u0001\u0003x\u00199!\u0011\u0010\u0001\t\u0002\tm\u0004b\u0002B#M\u0011\u0005!Q\u001a\u0004\n\u0005W\u0003\u0001\u0013aA\u0001\u0005[CQ!\u0013\u0015\u0005\u0002)C\u0011Ba!)\u0005\u0004%\tAa,\t\u0013\t\u001d\u0005F1A\u0005\u0002\t=\u0006\"\u0003BEQ\t\u0007I\u0011\u0001BX\u0011%\u0011Y\t\u000bb\u0001\n\u0003\u0011yKB\u0005\u0003��\u0001\u0001\n1!\u0001\u0003\u0002\")\u0011J\fC\u0001\u0015\"9!\u0011\n\u0018\u0005B\t-\u0003b\u0002B*]\u0011E\u00131\u0001\u0005\n\u0005\u0007s#\u0019!D\u0001\u0005\u000bC\u0011Ba\"/\u0005\u00045\tA!\"\t\u0013\t%eF1A\u0007\u0002\t\u0015\u0005\"\u0003BF]\t\u0007i\u0011\u0001BC\u0011\u001d\u0011)F\fC!\u0005\u001bCqAa(/\t\u0003\u0011\tKA\u0006BkRD\u0017i\u0019;j_:\u001c(B\u0001\u001e<\u0003\u0019\t7\r^5p]*\u0011A(P\u0001\u000ea\u0006tGm\\7bS:\fW\u000f\u001e5\u000b\u0005yz\u0014AA4v\u0015\u0005\u0001\u0015aA2p[\u000e\u00011C\u0001\u0001D!\t!u)D\u0001F\u0015\u00051\u0015!B:dC2\f\u0017B\u0001%F\u0005\u0019\te.\u001f*fM\u00061A%\u001b8ji\u0012\"\u0012a\u0013\t\u0003\t2K!!T#\u0003\tUs\u0017\u000e^\u0001\toN\u001cE.[3oiV\t\u0001\u000b\u0005\u0002R56\t!K\u0003\u0002T)\u0006\u0011qo\u001d\u0006\u0003+Z\u000bA\u0001\\5cg*\u0011q\u000bW\u0001\u0004CBL'\"A-\u0002\tAd\u0017-_\u0005\u00037J\u0013\u0001bV*DY&,g\u000e^\u0001\u0015G>tGO]8mY\u0016\u00148i\\7q_:,g\u000e^:\u0016\u0003y\u0003\"a\u00182\u000e\u0003\u0001T!!\u0019,\u0002\u0007548-\u0003\u0002dA\n!2i\u001c8ue>dG.\u001a:D_6\u0004xN\\3oiN\f\u0011\u0003]1o\t>l\u0017-\u001b8TKR$\u0018N\\4t+\u00051\u0007CA4i\u001b\u0005Y\u0014BA5<\u0005y\u0001\u0016M\u001c#p[\u0006Lg.Q;uQN+G\u000f^5oON\u0014VM\u001a:fg\",'/\u0001\u0004tsN$X-\\\u000b\u0002YB\u0011Q\u000e\u001e\b\u0003]J\u0004\"a\\#\u000e\u0003AT!!]!\u0002\rq\u0012xn\u001c;?\u0013\t\u0019X)\u0001\u0004Qe\u0016$WMZ\u0005\u0003kZ\u0014aa\u0015;sS:<'BA:F\u0003\u0019!w.\\1j]\u0006A1/\u001a;uS:<7/F\u0001{!\tYh0D\u0001}\u0015\ti8(A\u0003n_\u0012,G.\u0003\u0002��y\n)\u0002+\u00198E_6\f\u0017N\\!vi\"\u001cV\r\u001e;j]\u001e\u001c\u0018AA3d+\t\t)\u0001\u0005\u0003\u0002\b\u00055QBAA\u0005\u0015\r\tY!R\u0001\u000bG>t7-\u001e:sK:$\u0018\u0002BA\b\u0003\u0013\u0011\u0001#\u0012=fGV$\u0018n\u001c8D_:$X\r\u001f;\u0002\u0019Y\fG.\u001b3bi\u0016,6/\u001a:\u0015\t\u0005U\u00111\u0004\t\u0004\t\u0006]\u0011bAA\r\u000b\n9!i\\8mK\u0006t\u0007bBA\u000f\u0013\u0001\u0007\u0011qD\u0001\u000bCV$\b.\u001a3Vg\u0016\u0014\bcA>\u0002\"%\u0019\u00111\u0005?\u0003#\u0005+H\u000f[3oi&\u001c\u0017\r^3e+N,'/A\bdC\u000eDWMV1mS\u0012\fG/[8o+\t\t)\"\u0001\bba&<%/Y2f!\u0016\u0014\u0018n\u001c3\u0016\u0005\u00055\u0002c\u0001#\u00020%\u0019\u0011\u0011G#\u0003\t1{gnZ\u0001\u0010CV$\bnQ1mY\n\f7m[+sY\u0006)q*Q;uQV\u0011\u0011\u0011\b\t\u0005\u0003w\t\t%\u0004\u0002\u0002>)\u0019\u0011qH\u001e\u0002\u000fM,'O^5dK&!\u00111IA\u001f\u0005\u0015y\u0015)\u001e;i\u0003IiW\u000f\u001c;jM\u0006\u001cGo\u001c:DQ\u0016\u001c7.\u001a:\u0016\u0005\u0005%\u0003#\u0002#\u0002L\u0005=\u0013bAA'\u000b\n1q\n\u001d;j_:\u0004B!a\u000f\u0002R%!\u00111KA\u001f\u0005U9un\\4mKJ2\u0015i\u0012:pkB\u001c\u0005.Z2lKJ\fAb\u001a:pkB\u001c\u0005.Z2lKJ,\"!!\u0017\u0011\u000b\u0011\u000bY%a\u0017\u0011\t\u0005m\u0012QL\u0005\u0005\u0003?\niD\u0001\nH_><G.Z$s_V\u00048\t[3dW\u0016\u0014\u0018\u0001\u0005'P\u000f&sul\u0014*J\u000f&sulS#Z+\t\t)\u0007\u0005\u0003\u0002h\u0005ETBAA5\u0015\u0011\tY'!\u001c\u0002\t1\fgn\u001a\u0006\u0003\u0003_\nAA[1wC&\u0019Q/!\u001b\u0002!\u0005sE+S0G\u001fJ;UIU-`\u0017\u0016K\u0016aC:f]\u00124uN]!vi\",B!!\u001f\u0002\u0018R1\u00111PAD\u0003#\u0003b!a\u0002\u0002~\u0005\u0005\u0015\u0002BA@\u0003\u0013\u0011aAR;ukJ,\u0007cA0\u0002\u0004&\u0019\u0011Q\u00111\u0003\rI+7/\u001e7u\u0011\u001d\tII\u0005a\u0002\u0003\u0017\u000bqA]3rk\u0016\u001cH\u000fE\u0002`\u0003\u001bK1!a$a\u00055\u0011V-];fgRDU-\u00193fe\"I\u00111\u0013\n\u0011\u0002\u0003\u000f\u0011QS\u0001\u0006K6\f\u0017\u000e\u001c\t\u0005\t\u0006-C\u000eB\u0004\u0002\u001aJ\u0011\r!a'\u0003\u0003\u0005\u000bB!!(\u0002$B\u0019A)a(\n\u0007\u0005\u0005VIA\u0004O_RD\u0017N\\4\u0011\u0007\u0011\u000b)+C\u0002\u0002(\u0016\u00131!\u00118z\u0003U\u0019XM\u001c3G_J\fU\u000f\u001e5%I\u00164\u0017-\u001e7uII*B!!,\u0002DV\u0011\u0011q\u0016\u0016\u0005\u0003+\u000b\tl\u000b\u0002\u00024B!\u0011QWA`\u001b\t\t9L\u0003\u0003\u0002:\u0006m\u0016!C;oG\",7m[3e\u0015\r\ti,R\u0001\u000bC:tw\u000e^1uS>t\u0017\u0002BAa\u0003o\u0013\u0011#\u001e8dQ\u0016\u001c7.\u001a3WCJL\u0017M\\2f\t\u001d\tIj\u0005b\u0001\u00037\u000b\u0001c\u00195fG.lU\u000f\u001c;jM\u0006\u001cGo\u001c:\u0015\t\u0005U\u0011\u0011\u001a\u0005\b\u0003;!\u0002\u0019AA\u0010\u0003M\u0019\bn\\<V]\u0006,H\u000f[3e\u001b\u0016\u001c8/Y4f)\u0011\ty-a5\u0015\t\u0005\u0005\u0015\u0011\u001b\u0005\b\u0003\u0013+\u00029AAF\u0011\u0019\t).\u0006a\u0001Y\u00069Q.Z:tC\u001e,\u0017AE5om\u0006d\u0017\u000eZ+tKJlUm]:bO\u0016$2\u0001\\An\u0011\u001d\tiN\u0006a\u0001\u0003?\t1b\u00197bS6,G-Q;uQ\u0006!\u0002O]8dKN\u001cx*Q;uQ\u000e\u000bG\u000e\u001c2bG.$\"!a9\u0015\t\u0005m\u0014Q\u001d\u0005\b\u0003\u0013;\u00029AAF\u00035\u0001(o\\2fgNdunZ8viR!\u0011\u0011QAv\u0011\u001d\tI\t\u0007a\u0002\u0003\u0017\u000bQC]3bI\u0006+H\u000f[3oi&\u001c\u0017\r^3e+N,'\u000f\u0006\u0003\u0002r\u0006M\b#\u0002#\u0002L\u0005}\u0001bBAE3\u0001\u0007\u00111R\u0001\u000be\u0016\fGmQ8pW&,G\u0003BA}\u0005\u0003\u0001R\u0001RA&\u0003w\u00042aXA\u007f\u0013\r\ty\u0010\u0019\u0002\u0007\u0007>|7.[3\t\u000f\u0005%%\u00041\u0001\u0002\f\u0006qq-\u001a8fe\u0006$XmQ8pW&,G\u0003BA~\u0005\u000fAq!!\b\u001c\u0001\u0004\ty\"A\u000bj]\u000edW\u000fZ3TsN$X-\\%o\u0007>|7.[3\u0015\t\t5!1\u0003\u000b\u0005\u0003\u0003\u0013y\u0001C\u0004\u0003\u0012q\u0001\r!!!\u0002\rI,7/\u001e7u\u0011\u001d\ti\u0002\ba\u0001\u0003?\t1B\u001a7vg\"\u001cun\\6jKR!\u0011\u0011\u0011B\r\u0011\u001d\u0011\t\"\ba\u0001\u0003\u0003\u000b1\"\u001a=ue\u0006\u001cG/Q;uQR!!q\u0004B\u0013!\rY(\u0011E\u0005\u0004\u0005Ga(\u0001F!vi\",g\u000e^5dCRLwN\\*uCR,8\u000fC\u0004\u0002\nz\u0001\r!a#\u0002\u0015\u0005+H\u000f[!di&|g\u000eE\u0002\u0003,\u0001j\u0011\u0001\u0001\u0002\u000b\u0003V$\b.Q2uS>t7\u0003\u0002\u0011D\u0005c\u0001ra\u0018B\u001a\u0005o\u0011y$C\u0002\u00036\u0001\u0014Q\"Q2uS>t')^5mI\u0016\u0014\b\u0003\u0002B\u001d\u0005wi\u0011!O\u0005\u0004\u0005{I$aC+tKJ\u0014V-];fgR\u00042a\u0018B!\u0013\r\u0011\u0019\u0005\u0019\u0002\u000b\u0003:L8i\u001c8uK:$\u0018A\u0002\u001fj]&$h\b\u0006\u0002\u0003*\u00051\u0001/\u0019:tKJ,\"A!\u0014\u0011\u000b}\u0013yEa\u0010\n\u0007\tE\u0003M\u0001\u0006C_\u0012L\b+\u0019:tKJ\f\u0001#\u001a=fGV$\u0018n\u001c8D_:$X\r\u001f;\u0002\u0017%tgo\\6f\u00052|7m[\u000b\u0005\u00053\u00129\u0007\u0006\u0004\u0002|\tm#\u0011\u000e\u0005\b\u0003\u0013#\u0003\u0019\u0001B/!\u0015y&q\fB2\u0013\r\u0011\t\u0007\u0019\u0002\b%\u0016\fX/Z:u!\u0011\u0011)Ga\u001a\r\u0001\u00119\u0011\u0011\u0014\u0013C\u0002\u0005m\u0005b\u0002B6I\u0001\u0007!QN\u0001\u0006E2|7m\u001b\t\b\t\n=$1OA>\u0013\r\u0011\t(\u0012\u0002\n\rVt7\r^5p]F\u0002bA!\u000f\u0003<\t\r\u0014!D!Q\u0013\u0006+H\u000f[!di&|g\u000eE\u0002\u0003,\u0019\u0012Q\"\u0011)J\u0003V$\b.Q2uS>t7C\u0002\u0014D\u0005{\u0012I\u000bE\u0002\u0003,9\u0012Q#\u00112tiJ\f7\r^!qS\u0006+H\u000f[!di&|gn\u0005\u0003/\u0007\nE\u0012A\u00068pi\u0006+H\u000f[3oi&\u001c\u0017\r^3e%\u0016\u001cX\u000f\u001c;\u0016\u0005\u0005\u0005\u0015aE5om\u0006d\u0017\u000eZ\"p_.LWMU3tk2$\u0018!D3ya&\u0014X\r\u001a*fgVdG/A\no_R\fU\u000f\u001e5pe&TX\r\u001a*fgVdG/\u0006\u0003\u0003\u0010\n]ECBA>\u0005#\u0013I\nC\u0004\u0002\nZ\u0002\rAa%\u0011\u000b}\u0013yF!&\u0011\t\t\u0015$q\u0013\u0003\b\u000333$\u0019AAN\u0011\u001d\u0011YG\u000ea\u0001\u00057\u0003r\u0001\u0012B8\u0005;\u000bY\b\u0005\u0004\u0003:\tm\"QS\u0001\u0019e\u0016\u001c\bo\u001c8tK^KG\u000f[*zgR,WnQ8pW&,GCBA>\u0005G\u00139\u000bC\u0004\u0003&^\u0002\r!a\u001f\u0002\u0011I,7\u000f]8og\u0016Dq!!\b8\u0001\u0004\ty\u0002E\u0002\u0003,!\u00121\u0003\u00157bS:,%O]8s%\u0016\u001c\bo\u001c8tKN\u001c\"\u0001K\"\u0016\u0005\tE\u0006\u0003\u0002BZ\u0005\u000btAA!.\u0003B:!!q\u0017B`\u001d\u0011\u0011IL!0\u000f\u0007=\u0014Y,C\u0001Z\u0013\t9\u0006,\u0003\u0002b-&\u0019!1\u00191\u0002\u000fI+7/\u001e7ug&!!q\u0019Be\u0005\u0019\u0019F/\u0019;vg&\u0019!1\u001a1\u0003\u000fI+7/\u001e7ugR\u0011!q\u000f")
/* loaded from: input_file:com/gu/pandomainauth/action/AuthActions.class */
public interface AuthActions {

    /* compiled from: Actions.scala */
    /* loaded from: input_file:com/gu/pandomainauth/action/AuthActions$AbstractApiAuthAction.class */
    public interface AbstractApiAuthAction extends ActionBuilder<UserRequest, AnyContent> {
        default BodyParser<AnyContent> parser() {
            return com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().controllerComponents().parsers().default();
        }

        default ExecutionContext executionContext() {
            return com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().controllerComponents().executionContext();
        }

        /* renamed from: notAuthenticatedResult */
        Result mo4notAuthenticatedResult();

        /* renamed from: invalidCookieResult */
        Result mo3invalidCookieResult();

        /* renamed from: expiredResult */
        Result mo2expiredResult();

        /* renamed from: notAuthorizedResult */
        Result mo1notAuthorizedResult();

        default <A> Future<Result> invokeBlock(Request<A> request, Function1<UserRequest<A>, Future<Result>> function1) {
            Future<Result> responseWithSystemCookie;
            InvalidCookie extractAuth = com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().extractAuth(request);
            if (NotAuthenticated$.MODULE$.equals(extractAuth)) {
                Logger$.MODULE$.debug(() -> {
                    return new StringBuilder(36).append("user not authed against ").append(this.com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().com$gu$pandomainauth$action$AuthActions$$domain()).append(", return 401").toString();
                }, MarkerContext$.MODULE$.NoMarker());
                responseWithSystemCookie = Future$.MODULE$.apply(() -> {
                    return this.mo4notAuthenticatedResult();
                }, com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().com$gu$pandomainauth$action$AuthActions$$ec());
            } else if (extractAuth instanceof InvalidCookie) {
                Exception exception = extractAuth.exception();
                Logger$.MODULE$.warn(() -> {
                    return "error checking user's auth, clear cookie and return 401";
                }, () -> {
                    return exception;
                }, MarkerContext$.MODULE$.NoMarker());
                responseWithSystemCookie = Future$.MODULE$.apply(() -> {
                    return this.mo3invalidCookieResult();
                }, com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().com$gu$pandomainauth$action$AuthActions$$ec()).map(result -> {
                    return this.com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().flushCookie(result);
                }, com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().com$gu$pandomainauth$action$AuthActions$$ec());
            } else if (extractAuth instanceof Expired) {
                AuthenticatedUser authedUser = ((Expired) extractAuth).authedUser();
                Logger$.MODULE$.debug(() -> {
                    return new StringBuilder(31).append("user ").append(authedUser.user().email()).append(" login expired, return 419").toString();
                }, MarkerContext$.MODULE$.NoMarker());
                responseWithSystemCookie = Future$.MODULE$.apply(() -> {
                    return this.mo2expiredResult();
                }, com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().com$gu$pandomainauth$action$AuthActions$$ec());
            } else if (extractAuth instanceof GracePeriod) {
                AuthenticatedUser authedUser2 = ((GracePeriod) extractAuth).authedUser();
                Logger$.MODULE$.debug(() -> {
                    return new StringBuilder(43).append("user ").append(authedUser2.user().email()).append(" login expired but is in grace period.").toString();
                }, MarkerContext$.MODULE$.NoMarker());
                responseWithSystemCookie = responseWithSystemCookie((Future) function1.apply(new UserRequest(authedUser2.user(), request)), authedUser2);
            } else if (extractAuth instanceof NotAuthorized) {
                AuthenticatedUser authedUser3 = ((NotAuthorized) extractAuth).authedUser();
                Logger$.MODULE$.debug(() -> {
                    return "user not authorized, return 403";
                }, MarkerContext$.MODULE$.NoMarker());
                Logger$.MODULE$.debug(() -> {
                    return this.com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().invalidUserMessage(authedUser3);
                }, MarkerContext$.MODULE$.NoMarker());
                responseWithSystemCookie = Future$.MODULE$.apply(() -> {
                    return this.mo1notAuthorizedResult();
                }, com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().com$gu$pandomainauth$action$AuthActions$$ec());
            } else {
                if (!(extractAuth instanceof Authenticated)) {
                    throw new MatchError(extractAuth);
                }
                AuthenticatedUser authedUser4 = ((Authenticated) extractAuth).authedUser();
                responseWithSystemCookie = responseWithSystemCookie((Future) function1.apply(new UserRequest(authedUser4.user(), request)), authedUser4);
            }
            return responseWithSystemCookie;
        }

        default Future<Result> responseWithSystemCookie(Future<Result> future, AuthenticatedUser authenticatedUser) {
            if (authenticatedUser.authenticatedIn().apply(com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().com$gu$pandomainauth$action$AuthActions$$system())) {
                return future;
            }
            Logger$.MODULE$.debug(() -> {
                return new StringBuilder(51).append("user ").append(authenticatedUser.user().email()).append(" from other system valid: adding validity in ").append(this.com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().com$gu$pandomainauth$action$AuthActions$$system()).append(".").toString();
            }, MarkerContext$.MODULE$.NoMarker());
            return future.map(result -> {
                return this.com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().includeSystemInCookie(authenticatedUser, result);
            }, com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer().com$gu$pandomainauth$action$AuthActions$$ec());
        }

        /* synthetic */ AuthActions com$gu$pandomainauth$action$AuthActions$AbstractApiAuthAction$$$outer();

        static void $init$(AbstractApiAuthAction abstractApiAuthAction) {
        }
    }

    /* compiled from: Actions.scala */
    /* loaded from: input_file:com/gu/pandomainauth/action/AuthActions$PlainErrorResponses.class */
    public interface PlainErrorResponses {
        void com$gu$pandomainauth$action$AuthActions$PlainErrorResponses$_setter_$notAuthenticatedResult_$eq(Results.Status status);

        void com$gu$pandomainauth$action$AuthActions$PlainErrorResponses$_setter_$invalidCookieResult_$eq(Results.Status status);

        void com$gu$pandomainauth$action$AuthActions$PlainErrorResponses$_setter_$expiredResult_$eq(Results.Status status);

        void com$gu$pandomainauth$action$AuthActions$PlainErrorResponses$_setter_$notAuthorizedResult_$eq(Results.Status status);

        Results.Status notAuthenticatedResult();

        Results.Status invalidCookieResult();

        Results.Status expiredResult();

        Results.Status notAuthorizedResult();

        /* synthetic */ AuthActions com$gu$pandomainauth$action$AuthActions$PlainErrorResponses$$$outer();

        static void $init$(PlainErrorResponses plainErrorResponses) {
            plainErrorResponses.com$gu$pandomainauth$action$AuthActions$PlainErrorResponses$_setter_$notAuthenticatedResult_$eq(Results$.MODULE$.Unauthorized());
            plainErrorResponses.com$gu$pandomainauth$action$AuthActions$PlainErrorResponses$_setter_$invalidCookieResult_$eq(Results$.MODULE$.Unauthorized());
            plainErrorResponses.com$gu$pandomainauth$action$AuthActions$PlainErrorResponses$_setter_$expiredResult_$eq(new Results.Status(Results$.MODULE$, 419));
            plainErrorResponses.com$gu$pandomainauth$action$AuthActions$PlainErrorResponses$_setter_$notAuthorizedResult_$eq(Results$.MODULE$.Forbidden());
        }
    }

    AuthActions$AuthAction$ AuthAction();

    AuthActions$APIAuthAction$ APIAuthAction();

    void com$gu$pandomainauth$action$AuthActions$_setter_$com$gu$pandomainauth$action$AuthActions$$ec_$eq(ExecutionContext executionContext);

    void com$gu$pandomainauth$action$AuthActions$_setter_$OAuth_$eq(OAuth oAuth);

    void com$gu$pandomainauth$action$AuthActions$_setter_$multifactorChecker_$eq(Option<Google2FAGroupChecker> option);

    void com$gu$pandomainauth$action$AuthActions$_setter_$groupChecker_$eq(Option<GoogleGroupChecker> option);

    void com$gu$pandomainauth$action$AuthActions$_setter_$LOGIN_ORIGIN_KEY_$eq(String str);

    void com$gu$pandomainauth$action$AuthActions$_setter_$ANTI_FORGERY_KEY_$eq(String str);

    WSClient wsClient();

    ControllerComponents controllerComponents();

    PanDomainAuthSettingsRefresher panDomainSettings();

    default String com$gu$pandomainauth$action$AuthActions$$system() {
        return panDomainSettings().system();
    }

    default String com$gu$pandomainauth$action$AuthActions$$domain() {
        return panDomainSettings().domain();
    }

    private default PanDomainAuthSettings settings() {
        return panDomainSettings().settings();
    }

    ExecutionContext com$gu$pandomainauth$action$AuthActions$$ec();

    boolean validateUser(AuthenticatedUser authenticatedUser);

    default boolean cacheValidation() {
        return false;
    }

    default long apiGracePeriod() {
        return 0L;
    }

    String authCallbackUrl();

    OAuth OAuth();

    Option<Google2FAGroupChecker> multifactorChecker();

    Option<GoogleGroupChecker> groupChecker();

    String LOGIN_ORIGIN_KEY();

    String ANTI_FORGERY_KEY();

    default <A> Future<Result> sendForAuth(RequestHeader requestHeader, Option<String> option) {
        String generateAntiForgeryToken = OAuth().generateAntiForgeryToken();
        return OAuth().redirectToOAuthProvider(generateAntiForgeryToken, option, com$gu$pandomainauth$action$AuthActions$$ec(), requestHeader, wsClient()).map(result -> {
            return result.withSession(requestHeader.session().$plus(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(this.ANTI_FORGERY_KEY()), generateAntiForgeryToken)).$plus(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(this.LOGIN_ORIGIN_KEY()), requestHeader.uri())));
        }, com$gu$pandomainauth$action$AuthActions$$ec());
    }

    default <A> Option<String> sendForAuth$default$2() {
        return None$.MODULE$;
    }

    default boolean checkMultifactor(AuthenticatedUser authenticatedUser) {
        return multifactorChecker().exists(google2FAGroupChecker -> {
            return BoxesRunTime.boxToBoolean($anonfun$checkMultifactor$1(authenticatedUser, google2FAGroupChecker));
        });
    }

    default Result showUnauthedMessage(String str, RequestHeader requestHeader) {
        Logger$.MODULE$.info(() -> {
            return str;
        }, MarkerContext$.MODULE$.NoMarker());
        return Results$.MODULE$.Forbidden();
    }

    default String invalidUserMessage(AuthenticatedUser authenticatedUser) {
        return new StringBuilder(20).append("user ").append(authenticatedUser.user().email()).append(" not valid for ").append(com$gu$pandomainauth$action$AuthActions$$system()).toString();
    }

    default Future<Result> processOAuthCallback(RequestHeader requestHeader) {
        String str = (String) requestHeader.session().get(ANTI_FORGERY_KEY()).getOrElse(() -> {
            throw new OAuthException("missing anti forgery token", OAuthException$.MODULE$.$lessinit$greater$default$2());
        });
        String str2 = (String) requestHeader.session().get(LOGIN_ORIGIN_KEY()).getOrElse(() -> {
            throw new OAuthException("missing original url", OAuthException$.MODULE$.$lessinit$greater$default$2());
        });
        Option<Cookie> readCookie = readCookie(requestHeader);
        return OAuth().validatedUserIdentity(str, requestHeader, com$gu$pandomainauth$action$AuthActions$$ec(), wsClient()).map(authenticatedUser -> {
            AuthenticatedUser copy;
            if (readCookie instanceof Some) {
                AuthenticatedUser parseCookieData = CookieUtils$.MODULE$.parseCookieData(((Cookie) ((Some) readCookie).value()).value(), this.settings().publicKey());
                Logger$.MODULE$.debug(() -> {
                    return "user re-authed, merging auth data";
                }, MarkerContext$.MODULE$.NoMarker());
                copy = authenticatedUser.copy(authenticatedUser.copy$default$1(), this.com$gu$pandomainauth$action$AuthActions$$system(), parseCookieData.authenticatedIn().$plus$plus(Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new String[]{this.com$gu$pandomainauth$action$AuthActions$$system()}))), authenticatedUser.copy$default$4(), this.checkMultifactor(authenticatedUser));
            } else {
                if (!None$.MODULE$.equals(readCookie)) {
                    throw new MatchError(readCookie);
                }
                Logger$.MODULE$.debug(() -> {
                    return "fresh user login";
                }, MarkerContext$.MODULE$.NoMarker());
                copy = authenticatedUser.copy(authenticatedUser.copy$default$1(), authenticatedUser.copy$default$2(), authenticatedUser.copy$default$3(), authenticatedUser.copy$default$4(), this.checkMultifactor(authenticatedUser));
            }
            AuthenticatedUser authenticatedUser = copy;
            if (!this.validateUser(authenticatedUser)) {
                return this.showUnauthedMessage(this.invalidUserMessage(authenticatedUser), requestHeader);
            }
            return Results$.MODULE$.Redirect(str2, Results$.MODULE$.Redirect$default$2(), Results$.MODULE$.Redirect$default$3()).withCookies(Predef$.MODULE$.wrapRefArray(new Cookie[]{this.generateCookie(authenticatedUser)})).withSession(requestHeader.session().$minus(this.ANTI_FORGERY_KEY()).$minus(this.LOGIN_ORIGIN_KEY()));
        }, com$gu$pandomainauth$action$AuthActions$$ec());
    }

    default Result processLogout(RequestHeader requestHeader) {
        return flushCookie(showUnauthedMessage("logged out", requestHeader));
    }

    default Option<AuthenticatedUser> readAuthenticatedUser(RequestHeader requestHeader) {
        return readCookie(requestHeader).map(cookie -> {
            return CookieUtils$.MODULE$.parseCookieData(cookie.value(), this.settings().publicKey());
        });
    }

    default Option<Cookie> readCookie(RequestHeader requestHeader) {
        return requestHeader.cookies().get(settings().cookieSettings().cookieName());
    }

    default Cookie generateCookie(AuthenticatedUser authenticatedUser) {
        return new Cookie(settings().cookieSettings().cookieName(), CookieUtils$.MODULE$.generateCookieData(authenticatedUser, settings().privateKey()), Cookie$.MODULE$.apply$default$3(), Cookie$.MODULE$.apply$default$4(), new Some(com$gu$pandomainauth$action$AuthActions$$domain()), true, true, Cookie$.MODULE$.apply$default$8());
    }

    default Result includeSystemInCookie(AuthenticatedUser authenticatedUser, Result result) {
        return result.withCookies(Predef$.MODULE$.wrapRefArray(new Cookie[]{generateCookie(authenticatedUser.copy(authenticatedUser.copy$default$1(), authenticatedUser.copy$default$2(), authenticatedUser.authenticatedIn().$plus(com$gu$pandomainauth$action$AuthActions$$system()), authenticatedUser.copy$default$4(), authenticatedUser.copy$default$5()))}));
    }

    default Result flushCookie(Result result) {
        return result.discardingCookies(Predef$.MODULE$.wrapRefArray(new DiscardingCookie[]{new DiscardingCookie(settings().cookieSettings().cookieName(), DiscardingCookie$.MODULE$.apply$default$2(), new Some(com$gu$pandomainauth$action$AuthActions$$domain()), true)}));
    }

    default AuthenticationStatus extractAuth(RequestHeader requestHeader) {
        return (AuthenticationStatus) readCookie(requestHeader).map(cookie -> {
            return PanDomain$.MODULE$.authStatus(cookie.value(), this.settings().publicKey(), authenticatedUser -> {
                return BoxesRunTime.boxToBoolean(this.validateUser(authenticatedUser));
            }, this.apiGracePeriod(), this.com$gu$pandomainauth$action$AuthActions$$system(), this.cacheValidation());
        }).getOrElse(() -> {
            return NotAuthenticated$.MODULE$;
        });
    }

    static /* synthetic */ boolean $anonfun$checkMultifactor$1(AuthenticatedUser authenticatedUser, Google2FAGroupChecker google2FAGroupChecker) {
        return google2FAGroupChecker.checkMultifactor(authenticatedUser);
    }

    static void $init$(AuthActions authActions) {
        authActions.com$gu$pandomainauth$action$AuthActions$_setter_$com$gu$pandomainauth$action$AuthActions$$ec_$eq(authActions.controllerComponents().executionContext());
        authActions.com$gu$pandomainauth$action$AuthActions$_setter_$OAuth_$eq(new OAuth(authActions.settings().oAuthSettings(), authActions.com$gu$pandomainauth$action$AuthActions$$system(), authActions.authCallbackUrl()));
        authActions.com$gu$pandomainauth$action$AuthActions$_setter_$multifactorChecker_$eq(authActions.settings().google2FAGroupSettings().map(google2FAGroupSettings -> {
            return new Google2FAGroupChecker(google2FAGroupSettings, authActions.panDomainSettings().bucketName(), authActions.panDomainSettings().s3Client());
        }));
        authActions.com$gu$pandomainauth$action$AuthActions$_setter_$groupChecker_$eq(authActions.settings().google2FAGroupSettings().map(google2FAGroupSettings2 -> {
            return new GoogleGroupChecker(google2FAGroupSettings2, authActions.panDomainSettings().bucketName(), authActions.panDomainSettings().s3Client());
        }));
        authActions.com$gu$pandomainauth$action$AuthActions$_setter_$LOGIN_ORIGIN_KEY_$eq("loginOriginUrl");
        authActions.com$gu$pandomainauth$action$AuthActions$_setter_$ANTI_FORGERY_KEY_$eq("antiForgeryToken");
    }
}
