package se.unlogic.hierarchy.foregroundmodules.login;

import java.net.URLEncoder;
import java.util.Arrays;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import se.unlogic.hierarchy.core.annotations.CheckboxSettingDescriptor;
import se.unlogic.hierarchy.core.annotations.ModuleSetting;
import se.unlogic.hierarchy.core.annotations.TextAreaSettingDescriptor;
import se.unlogic.hierarchy.core.annotations.TextFieldSettingDescriptor;
import se.unlogic.hierarchy.core.beans.SimpleForegroundModuleResponse;
import se.unlogic.hierarchy.core.beans.SimpleProviderDescriptor;
import se.unlogic.hierarchy.core.beans.User;
import se.unlogic.hierarchy.core.enums.EventTarget;
import se.unlogic.hierarchy.core.interfaces.ForegroundModuleDescriptor;
import se.unlogic.hierarchy.core.interfaces.ForegroundModuleResponse;
import se.unlogic.hierarchy.core.interfaces.LoginProvider;
import se.unlogic.hierarchy.core.interfaces.ModuleDescriptor;
import se.unlogic.hierarchy.core.interfaces.MutableSettingHandler;
import se.unlogic.hierarchy.core.interfaces.ProviderDescriptor;
import se.unlogic.hierarchy.foregroundmodules.AnnotatedForegroundModule;
import se.unlogic.standardutils.string.StringUtils;
import se.unlogic.standardutils.validation.NonNegativeStringIntegerValidator;
import se.unlogic.standardutils.validation.PositiveStringIntegerValidator;
import se.unlogic.standardutils.xml.XMLUtils;
import se.unlogic.webutils.http.URIParser;

/* loaded from: input_file:se/unlogic/hierarchy/foregroundmodules/login/BaseLoginModule.class */
public abstract class BaseLoginModule<UserType extends User> extends AnnotatedForegroundModule implements LoginProvider {

    @ModuleSetting(allowsNull = true)
    @TextFieldSettingDescriptor(name = "New password module alias", description = "The full alias of the new password module", required = false)
    protected String newPasswordModuleAlias;

    @ModuleSetting(allowsNull = true)
    @TextFieldSettingDescriptor(name = "Registration module alias", description = "The full alias of the registration module", required = false)
    protected String registrationModuleAlias;

    @ModuleSetting(allowsNull = true)
    @TextFieldSettingDescriptor(name = "Default redirect alias", description = "The full alias that users should be redirected to after login unless a redirect paramater is present in the URL. If this value is not set and no redirect paramater is present users will be redirected to the root of the context path.", required = false)
    protected String defaultRedirectAlias;
    protected RetryLimiter retryLimiter;
    protected List<String> logoutModuleAliasesList;
    protected ProviderDescriptor providerDescriptor;

    @ModuleSetting(id = "userTimeout")
    @TextFieldSettingDescriptor(id = "userTimeout", name = "User session timeout", description = "Session timeout for normal users (in minutes)", required = true, formatValidator = PositiveStringIntegerValidator.class)
    protected int userSessionTimeout = 30;

    @ModuleSetting(id = "adminTimeout")
    @TextFieldSettingDescriptor(id = "adminTimeout", name = "Admin session timeout", description = "Session timeout for administrators (in minutes)", required = true, formatValidator = PositiveStringIntegerValidator.class)
    protected int adminSessionTimeout = 60;

    @ModuleSetting
    @TextAreaSettingDescriptor(name = "Logout module aliases", description = "The aliases of the logout modules (one per line)", required = true)
    protected String logoutModuleAliases = "/logout\n/logout/logout";

    @CheckboxSettingDescriptor(id = "default", name = "Add to login handler", description = "Controls if this module should add itself to the login handler as a login provider")
    @ModuleSetting(id = "default")
    protected boolean addToLoginHandler = true;

    @ModuleSetting
    @TextFieldSettingDescriptor(name = "Login provider priority", description = "The priority of the login provider from this module (lower value means higher priority)", required = true, formatValidator = NonNegativeStringIntegerValidator.class)
    protected int priority = 100;

    @CheckboxSettingDescriptor(name = "Login retry lockout", description = "Should user be locked out after failed login attempts")
    @ModuleSetting
    protected boolean loginLockoutActivated = true;

    @ModuleSetting
    @TextFieldSettingDescriptor(name = "Login lockout time", description = "Time in seconds that the user will be locked out after failed attempts")
    protected int loginLockoutTime = 1800;

    @ModuleSetting
    @TextFieldSettingDescriptor(name = "Login retries", description = "Number of retries allowed in interval")
    protected int loginRetries = 10;

    @ModuleSetting
    @TextFieldSettingDescriptor(name = "Login retry interval", description = "Interval in seconds for failed attempts before lockout")
    protected int loginRetryInterval = 600;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // se.unlogic.hierarchy.basemodules.AnnotatedSectionModule
    public void parseSettings(MutableSettingHandler mutableSettingHandler) throws Exception {
        super.parseSettings(mutableSettingHandler);
        if (this.logoutModuleAliases != null) {
            this.logoutModuleAliasesList = Arrays.asList(this.logoutModuleAliases.split("\n"));
        }
        if (this.addToLoginHandler) {
            this.sectionInterface.getSystemInterface().getLoginHandler().addProvider(this);
        } else {
            this.sectionInterface.getSystemInterface().getLoginHandler().removeProvider(this);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // se.unlogic.hierarchy.basemodules.AnnotatedSectionModule
    public void moduleConfigured() throws Exception {
        this.retryLimiter = new RetryLimiter(this.loginLockoutActivated, this.loginLockoutTime, this.loginRetries, this.loginRetryInterval);
        this.providerDescriptor = new SimpleProviderDescriptor((ModuleDescriptor) this.moduleDescriptor);
    }

    @Override // se.unlogic.hierarchy.basemodules.AnnotatedSectionModule, se.unlogic.hierarchy.basemodules.BaseModule, se.unlogic.hierarchy.core.interfaces.Module
    public void unload() throws Exception {
        this.sectionInterface.getSystemInterface().getLoginHandler().removeProvider(this);
        super.unload();
    }

    @Override // se.unlogic.hierarchy.foregroundmodules.AnnotatedForegroundModule
    public ForegroundModuleResponse defaultMethod(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, User user, URIParser uRIParser) throws Exception {
        return processRequest(httpServletRequest, httpServletResponse, user, uRIParser);
    }

    @Override // se.unlogic.hierarchy.foregroundmodules.AnnotatedForegroundModule, se.unlogic.hierarchy.core.interfaces.ForegroundModule
    public SimpleForegroundModuleResponse processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, User user, URIParser uRIParser) throws Exception {
        String parameter = httpServletRequest.getParameter("username");
        String parameter2 = httpServletRequest.getParameter("password");
        if (StringUtils.isEmpty(parameter) || parameter2 == null) {
            this.log.info("User " + user + " requested login form");
            Document createDocument = createDocument(httpServletRequest, uRIParser);
            createDocument.getDocumentElement().appendChild(createDocument.createElement("Login"));
            return new SimpleForegroundModuleResponse(createDocument, ((ForegroundModuleDescriptor) this.moduleDescriptor).getName(), getDefaultBreadcrumb());
        }
        if (this.retryLimiter.isLocked(parameter)) {
            this.log.warn("Login refused for user " + parameter + " (account locked) accessing from address " + httpServletRequest.getRemoteHost());
            Document createDocument2 = createDocument(httpServletRequest, uRIParser);
            XMLUtils.appendNewElement(createDocument2, createDocument2.getDocumentElement(), "AccountLocked", Integer.valueOf(this.retryLimiter.getRemainingLockoutTime(parameter)));
            return new SimpleForegroundModuleResponse(createDocument2, ((ForegroundModuleDescriptor) this.moduleDescriptor).getName(), getDefaultBreadcrumb());
        }
        UserType findByUsernamePassword = findByUsernamePassword(parameter, parameter2);
        if (findByUsernamePassword != null) {
            this.retryLimiter.registerAuthSuccess(parameter);
            if (findByUsernamePassword.isEnabled()) {
                setLoggedIn(httpServletRequest, uRIParser, findByUsernamePassword);
                return sendRedirect(httpServletRequest, httpServletResponse, uRIParser, findByUsernamePassword);
            }
            this.log.warn("Login refused for user " + findByUsernamePassword + " (account disabled) accessing from address " + httpServletRequest.getRemoteHost());
            Document createDocument3 = createDocument(httpServletRequest, uRIParser);
            createDocument3.getDocumentElement().appendChild(createDocument3.createElement("AccountDisabled"));
            return new SimpleForegroundModuleResponse(createDocument3, ((ForegroundModuleDescriptor) this.moduleDescriptor).getName(), getDefaultBreadcrumb());
        }
        Document createDocument4 = createDocument(httpServletRequest, uRIParser);
        if (this.retryLimiter.registerAuthFailure(parameter)) {
            this.log.warn("Failed login attempt using username " + parameter + " from address " + httpServletRequest.getRemoteHost() + ", locking account");
            XMLUtils.appendNewElement(createDocument4, createDocument4.getDocumentElement(), "AccountLocked", Integer.valueOf(this.retryLimiter.getRemainingLockoutTime(parameter)));
            return new SimpleForegroundModuleResponse(createDocument4, ((ForegroundModuleDescriptor) this.moduleDescriptor).getName(), getDefaultBreadcrumb());
        }
        this.log.warn("Failed login attempt using username " + parameter + " from address " + httpServletRequest.getRemoteHost());
        createDocument4.getDocumentElement().appendChild(createDocument4.createElement("LoginFailed"));
        return new SimpleForegroundModuleResponse(createDocument4, ((ForegroundModuleDescriptor) this.moduleDescriptor).getName(), getDefaultBreadcrumb());
    }

    public void setLoggedIn(HttpServletRequest httpServletRequest, URIParser uRIParser, UserType usertype) throws Exception {
        setLastLogin(usertype);
        HttpSession session = httpServletRequest.getSession(true);
        session.setAttribute("user", usertype);
        session.removeAttribute("usedRetries");
        if (usertype.isAdmin()) {
            session.setMaxInactiveInterval(this.adminSessionTimeout * 60);
        } else {
            session.setMaxInactiveInterval(this.userSessionTimeout * 60);
        }
        this.log.info("User " + usertype + " logged in from address " + httpServletRequest.getRemoteHost());
        this.systemInterface.getEventHandler().sendEvent(User.class, new LoginEvent(usertype, session), EventTarget.ALL);
    }

    public SimpleForegroundModuleResponse sendRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, URIParser uRIParser, UserType usertype) throws Exception {
        String parameter = httpServletRequest.getParameter("redirect");
        if (parameter != null && parameter.startsWith("/")) {
            httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + parameter);
            return null;
        }
        if (this.defaultRedirectAlias != null) {
            httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + this.defaultRedirectAlias);
            return null;
        }
        if (StringUtils.isEmpty(httpServletRequest.getContextPath())) {
            httpServletResponse.sendRedirect("/");
            return null;
        }
        httpServletResponse.sendRedirect(httpServletRequest.getContextPath());
        return null;
    }

    protected abstract void setLastLogin(UserType usertype) throws Exception;

    protected abstract UserType findByUsernamePassword(String str, String str2) throws Exception;

    protected Document createDocument(HttpServletRequest httpServletRequest, URIParser uRIParser) {
        Document createDomDocument = XMLUtils.createDomDocument();
        Element createElement = createDomDocument.createElement("document");
        createDomDocument.appendChild(createElement);
        createElement.appendChild(((ForegroundModuleDescriptor) this.moduleDescriptor).toXML(createDomDocument));
        XMLUtils.appendNewCDATAElement(createDomDocument, createElement, "newPasswordModuleAlias", this.newPasswordModuleAlias);
        XMLUtils.appendNewCDATAElement(createDomDocument, createElement, "registrationModuleAlias", this.registrationModuleAlias);
        XMLUtils.appendNewCDATAElement(createDomDocument, createElement, "uri", httpServletRequest.getContextPath() + uRIParser.getFormattedURI());
        XMLUtils.appendNewCDATAElement(createDomDocument, createElement, "redirect", httpServletRequest.getParameter("redirect"));
        XMLUtils.appendNewCDATAElement(createDomDocument, createElement, "contextpath", httpServletRequest.getContextPath());
        return createDomDocument;
    }

    @Override // se.unlogic.hierarchy.core.interfaces.Prioritized
    public int getPriority() {
        return this.priority;
    }

    @Override // se.unlogic.hierarchy.core.interfaces.LoginProvider
    public boolean supportsRequest(HttpServletRequest httpServletRequest, URIParser uRIParser) throws Throwable {
        return true;
    }

    @Override // se.unlogic.hierarchy.core.interfaces.LoginProvider
    public void handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, URIParser uRIParser, String str) throws Throwable {
        if (str != null) {
            httpServletResponse.sendRedirect(getModuleURI(httpServletRequest) + "?redirect=" + URLEncoder.encode(str, "ISO-8859-1"));
        } else {
            redirectToDefaultMethod(httpServletRequest, httpServletResponse);
        }
    }

    public ForegroundModuleDescriptor getModuleDescriptor() {
        return (ForegroundModuleDescriptor) this.moduleDescriptor;
    }

    @Override // se.unlogic.hierarchy.core.interfaces.LoginProvider
    public ProviderDescriptor getProviderDescriptor() {
        return this.providerDescriptor;
    }
}
