package se.unlogic.hierarchy.foregroundmodules.login;

import java.io.IOException;
import java.net.URLEncoder;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import se.unlogic.hierarchy.core.annotations.CheckboxSettingDescriptor;
import se.unlogic.hierarchy.core.annotations.ModuleSetting;
import se.unlogic.hierarchy.core.annotations.RadioButtonSettingDescriptor;
import se.unlogic.hierarchy.core.annotations.TextAreaSettingDescriptor;
import se.unlogic.hierarchy.core.annotations.TextFieldSettingDescriptor;
import se.unlogic.hierarchy.core.beans.MutableUser;
import se.unlogic.hierarchy.core.beans.SimpleProviderDescriptor;
import se.unlogic.hierarchy.core.beans.User;
import se.unlogic.hierarchy.core.enums.EventTarget;
import se.unlogic.hierarchy.core.interfaces.ForegroundModuleResponse;
import se.unlogic.hierarchy.core.interfaces.LoginProvider;
import se.unlogic.hierarchy.core.interfaces.ModuleDescriptor;
import se.unlogic.hierarchy.core.interfaces.ProviderDescriptor;
import se.unlogic.hierarchy.foregroundmodules.AnnotatedForegroundModule;
import se.unlogic.standardutils.string.StringUtils;
import se.unlogic.standardutils.validation.NonNegativeStringIntegerValidator;
import se.unlogic.standardutils.validation.PositiveStringIntegerValidator;
import se.unlogic.webutils.http.URIParser;

/* loaded from: input_file:se/unlogic/hierarchy/foregroundmodules/login/BaseSSOLoginProvider.class */
public abstract class BaseSSOLoginProvider extends AnnotatedForegroundModule implements LoginProvider {
    protected static final String LOGINFAILED_ATTRIBUTE = "SSOLoginFailed";

    @ModuleSetting
    @TextFieldSettingDescriptor(name = "User attribute to get user by", description = "The attribute to use when getting user from userhandler")
    protected String getUserAttribute;

    @ModuleSetting(allowsNull = true)
    @TextFieldSettingDescriptor(name = "Default redirect alias", description = "The full alias that users should be redirected to after login unless a redirect paramater is present in the URL. If this value is not set and no redirect paramater is present users will be redirected to the root of the context path.", required = false)
    protected String defaultRedirectAlias;

    @ModuleSetting(allowsNull = true)
    @TextAreaSettingDescriptor(name = "Allowed addresses", description = "If this field is set the only addresses specified here will be allowed to use this module")
    protected List<String> allowedAddresses;

    @ModuleSetting(allowsNull = true)
    @TextAreaSettingDescriptor(name = "Ignored addresses", description = "Addresses from which requests will be ignored by this module")
    protected List<String> ignoredAddresses;

    @ModuleSetting(allowsNull = true)
    @TextAreaSettingDescriptor(name = "Ignored header values", description = "Requests with these headers set will be ignored")
    protected List<String> ignoredHeaders;
    protected ProviderDescriptor providerDescriptor;

    @CheckboxSettingDescriptor(name = "Add to login handler", description = "Controls if this module should add itself to the login handler as a login provider")
    @ModuleSetting
    protected boolean addToLoginHandler = true;

    @ModuleSetting
    @RadioButtonSettingDescriptor(required = true, name = "Get user by", description = "Type of identification to use when getting user from userhandler", valueDescriptions = {"Username", "Email", "Attribute"}, values = {"USERNAME", "EMAIL", "ATTRIBUTE"})
    protected String getUserBy = "USERNAME";

    @ModuleSetting
    @TextFieldSettingDescriptor(name = "Session timeout", description = "Session timeout in minutes", formatValidator = PositiveStringIntegerValidator.class)
    protected Integer userSessionTimeout = 30;

    @ModuleSetting
    @TextFieldSettingDescriptor(name = "Session timeout (admin)", description = "Session timeout for admins, in minutes", formatValidator = PositiveStringIntegerValidator.class)
    protected int adminSessionTimeout = 60;

    @ModuleSetting
    @TextFieldSettingDescriptor(name = "Login provider priority", description = "The priority of the login provider from this module (lower value means higher priority)", required = true, formatValidator = NonNegativeStringIntegerValidator.class)
    protected int priority = 100;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // se.unlogic.hierarchy.basemodules.AnnotatedSectionModule
    public void moduleConfigured() throws Exception {
        if (this.addToLoginHandler) {
            this.sectionInterface.getSystemInterface().getLoginHandler().addProvider(this);
        } else {
            this.sectionInterface.getSystemInterface().getLoginHandler().removeProvider(this);
        }
        this.providerDescriptor = new SimpleProviderDescriptor((ModuleDescriptor) this.moduleDescriptor);
    }

    @Override // se.unlogic.hierarchy.foregroundmodules.AnnotatedForegroundModule
    public ForegroundModuleResponse defaultMethod(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, User user, URIParser uRIParser) throws Throwable {
        if (supportsRequest(httpServletRequest, uRIParser)) {
            String userIdentification = getUserIdentification(httpServletRequest, httpServletResponse, user, uRIParser);
            if (userIdentification != null) {
                User user2 = null;
                if (this.getUserBy.equals("USERNAME")) {
                    user2 = this.systemInterface.getUserHandler().getUserByUsername(userIdentification, true, true);
                } else if (this.getUserBy.equals("EMAIL")) {
                    user2 = this.systemInterface.getUserHandler().getUserByEmail(userIdentification, true, true);
                } else if (this.getUserBy.equals("ATTRIBUTE") && this.getUserAttribute != null) {
                    user2 = this.systemInterface.getUserHandler().getUserByAttribute(this.getUserAttribute, userIdentification, true, true);
                }
                if (user2 != null) {
                    setLoggedIn(httpServletRequest, uRIParser, user2);
                    this.systemInterface.getEventHandler().sendEvent(User.class, new LoginEvent(user2, httpServletRequest.getSession(true)), EventTarget.ALL);
                    sendLoggedInRedirect(httpServletRequest, httpServletResponse, user2, uRIParser);
                    return null;
                }
                this.log.warn("Failed SSO login using user identification " + userIdentification + " from address " + httpServletRequest.getRemoteHost());
            }
            httpServletRequest.setAttribute(LOGINFAILED_ATTRIBUTE, true);
        }
        if (httpServletResponse.isCommitted()) {
            return null;
        }
        this.systemInterface.getLoginHandler().processLoginRequest(httpServletRequest, httpServletResponse, uRIParser, false);
        return null;
    }

    protected abstract String getUserIdentification(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, User user, URIParser uRIParser) throws Throwable;

    protected void sendLoggedInRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, User user, URIParser uRIParser) throws IOException {
        httpServletResponse.sendRedirect(getRedirectURI(httpServletRequest));
    }

    protected void setLoggedIn(HttpServletRequest httpServletRequest, URIParser uRIParser, User user) throws SQLException {
        setLastLogin(user);
        HttpSession session = httpServletRequest.getSession(true);
        session.setAttribute("user", user);
        if (user.isAdmin()) {
            session.setMaxInactiveInterval(this.adminSessionTimeout * 60);
        } else {
            session.setMaxInactiveInterval(this.userSessionTimeout.intValue() * 60);
        }
        this.log.info("User " + user + " SSO logged in from address " + httpServletRequest.getRemoteHost());
        this.systemInterface.getEventHandler().sendEvent(User.class, new LoginEvent(user, session), EventTarget.ALL);
    }

    protected void setLastLogin(User user) throws SQLException {
        user.setCurrentLogin(new Timestamp(System.currentTimeMillis()));
        if (user instanceof MutableUser) {
            MutableUser mutableUser = (MutableUser) user;
            Timestamp lastLogin = user.getLastLogin();
            mutableUser.setLastLogin(user.getCurrentLogin());
            try {
                this.systemInterface.getUserHandler().updateUser(mutableUser, false, false, false);
            } catch (Exception e) {
                this.log.error("Unable to update user " + user, e);
            }
            mutableUser.setLastLogin(lastLogin);
        }
    }

    protected String getRedirectURI(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("redirect");
        return (parameter == null || !parameter.startsWith("/")) ? this.defaultRedirectAlias != null ? httpServletRequest.getContextPath() + this.defaultRedirectAlias : StringUtils.isEmpty(httpServletRequest.getContextPath()) ? "/" : httpServletRequest.getContextPath() : httpServletRequest.getContextPath() + parameter;
    }

    @Override // se.unlogic.hierarchy.core.interfaces.LoginProvider
    public void handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, URIParser uRIParser, String str) throws Throwable {
        if (str != null) {
            httpServletResponse.sendRedirect(getModuleURI(httpServletRequest) + "?redirect=" + URLEncoder.encode(str, "ISO-8859-1"));
        } else {
            redirectToDefaultMethod(httpServletRequest, httpServletResponse);
        }
    }

    @Override // se.unlogic.hierarchy.core.interfaces.LoginProvider
    public boolean supportsRequest(HttpServletRequest httpServletRequest, URIParser uRIParser) throws Throwable {
        if (this.ignoredHeaders != null) {
            Iterator<String> it = this.ignoredHeaders.iterator();
            while (it.hasNext()) {
                if (httpServletRequest.getHeader(it.next()) != null) {
                    return false;
                }
            }
        }
        if (this.allowedAddresses == null || this.allowedAddresses.contains(httpServletRequest.getRemoteAddr())) {
            return (this.ignoredAddresses == null || !this.ignoredAddresses.contains(httpServletRequest.getRemoteAddr())) && httpServletRequest.getAttribute(LOGINFAILED_ATTRIBUTE) == null;
        }
        return false;
    }

    @Override // se.unlogic.hierarchy.core.interfaces.LoginProvider
    public boolean loginUser(HttpServletRequest httpServletRequest, URIParser uRIParser, User user) throws Exception {
        return false;
    }

    @Override // se.unlogic.hierarchy.core.interfaces.Prioritized
    public int getPriority() {
        return this.priority;
    }

    @Override // se.unlogic.hierarchy.basemodules.AnnotatedSectionModule, se.unlogic.hierarchy.basemodules.BaseModule, se.unlogic.hierarchy.core.interfaces.Module
    public void unload() throws Exception {
        this.sectionInterface.getSystemInterface().getLoginHandler().removeProvider(this);
        super.unload();
    }

    @Override // se.unlogic.hierarchy.core.interfaces.LoginProvider
    public ProviderDescriptor getProviderDescriptor() {
        return this.providerDescriptor;
    }
}
