package com.atlassian.stash.internal.web.auth;

import com.atlassian.stash.auth.RememberMeMode;
import com.atlassian.stash.exception.ServiceException;
import com.atlassian.stash.i18n.I18nService;
import com.atlassian.stash.internal.auth.AuthenticationHelper;
import com.atlassian.stash.nav.NavBuilder;
import com.atlassian.stash.server.ApplicationPropertiesService;
import com.atlassian.stash.user.Permission;
import com.atlassian.stash.user.PermissionService;
import com.atlassian.stash.user.StashAuthenticationContext;
import com.atlassian.stash.web.conditions.AbstractPermissionCondition;
import com.google.common.collect.ImmutableMap;
import java.util.Locale;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.view.RedirectView;

@RequestMapping({"/login"})
@Controller
/* loaded from: input_file:WEB-INF/classes/com/atlassian/stash/internal/web/auth/LoginController.class */
public class LoginController {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) LoginController.class);
    public static final String LOGIN = "stash.auth.login";
    public static final String LOGIN_EMBEDDED = "stash.auth.loginEmbedded";
    private final StashAuthenticationContext authenticationContext;
    private final AuthenticationHelper authenticationHelper;
    private final I18nService i18nService;
    private final NavBuilder navBuilder;
    private final PermissionService permissionService;
    private final ApplicationPropertiesService propertiesService;
    private final boolean showRememberMe;

    @Autowired
    public LoginController(StashAuthenticationContext stashAuthenticationContext, AuthenticationHelper authenticationHelper, I18nService i18nService, NavBuilder navBuilder, PermissionService permissionService, ApplicationPropertiesService applicationPropertiesService, @Value("${auth.remember-me.enabled}") String str) {
        this.authenticationContext = stashAuthenticationContext;
        this.authenticationHelper = authenticationHelper;
        this.i18nService = i18nService;
        this.navBuilder = navBuilder;
        this.permissionService = permissionService;
        this.propertiesService = applicationPropertiesService;
        this.showRememberMe = RememberMeMode.fromId(str) == RememberMeMode.OPTIONAL;
    }

    @RequestMapping(method = {RequestMethod.GET})
    public ModelAndView login(@RequestParam(value = "next", required = false) String str, @RequestParam(value = "permission", required = false) String str2, @RequestParam(value = "embedded", required = false) boolean z, HttpServletRequest httpServletRequest) {
        Permission parsePermission = parsePermission(str2);
        ModelAndView redirectIfAuthenticated = redirectIfAuthenticated(str, parsePermission);
        return redirectIfAuthenticated != null ? redirectIfAuthenticated : new ModelAndView(loginTemplate(z), buildContext(str, parsePermission, httpServletRequest));
    }

    private static String loginTemplate(boolean z) {
        return z ? LOGIN_EMBEDDED : LOGIN;
    }

    private void addRequiredPermission(ImmutableMap.Builder<String, Object> builder, Permission permission) {
        if (permission == null) {
            return;
        }
        builder.put(AbstractPermissionCondition.PERMISSION, permission.name());
        builder.put("warning", this.i18nService.getText("stash.web.login.permission.required", "Please log in as a user with the '{0}' permission to access this resource.", this.i18nService.getMessage(permission.getI18n().name())));
    }

    private Map<String, Object> buildContext(String str, Permission permission, HttpServletRequest httpServletRequest) {
        ImmutableMap.Builder<String, Object> builder = ImmutableMap.builder();
        AuthenticationException authenticationException = this.authenticationHelper.getAuthenticationException(httpServletRequest);
        if (authenticationException != null) {
            if (authenticationException.getCause() instanceof ServiceException) {
                builder.put("error", authenticationException.getCause().getLocalizedMessage());
            } else {
                builder.put("error", authenticationException.getLocalizedMessage());
                log.warn("Authentication failed with an unexpected error type", (Throwable) authenticationException);
            }
            this.authenticationHelper.setAuthenticationException(httpServletRequest, null);
        }
        String cachedUsername = this.authenticationHelper.getCachedUsername(httpServletRequest);
        if (StringUtils.isNotEmpty(cachedUsername)) {
            builder.put("lastUsername", cachedUsername);
        }
        builder.put("allowSignUp", Boolean.valueOf(this.propertiesService.isAllowPublicSignUp()));
        builder.put("showCaptcha", Boolean.valueOf(authenticationException instanceof LockedException));
        if (StringUtils.isNotEmpty(str)) {
            builder.put("nextUrl", str);
        }
        builder.put("showRememberMe", Boolean.valueOf(this.showRememberMe));
        addRequiredPermission(builder, permission);
        return builder.build();
    }

    private boolean hasRequiredPermission(Permission permission) {
        return permission == null || this.permissionService.hasGlobalPermission(permission);
    }

    private Permission parsePermission(String str) {
        if (str == null) {
            return null;
        }
        String upperCase = str.toUpperCase(Locale.ENGLISH);
        if (Permission.ADMIN.name().equals(upperCase)) {
            return Permission.ADMIN;
        }
        if (Permission.SYS_ADMIN.name().equals(upperCase)) {
            return Permission.SYS_ADMIN;
        }
        log.warn("Unsupported permission name passed as permission: {}, ignoring", str);
        return null;
    }

    private ModelAndView redirectIfAuthenticated(String str, Permission permission) {
        if (this.authenticationContext.isAuthenticated() && hasRequiredPermission(permission)) {
            return StringUtils.isNotBlank(str) ? new ModelAndView(new RedirectView(str, true)) : new ModelAndView(new RedirectView(this.navBuilder.buildAbsolute()));
        }
        return null;
    }
}
