package cronapp.framework.security;

import cronapp.framework.api.ApiManager;
import cronapp.framework.api.User;
import cronapp.framework.i18n.Messages;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import lombok.Generated;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.core.log.LogMessage;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:cronapp/framework/security/ApiAuthenticationFailureHandler.class */
public class ApiAuthenticationFailureHandler implements AuthenticationFailureHandler {

    @Generated
    private static final Log log = LogFactory.getLog(ApiAuthenticationFailureHandler.class);
    private static final String USER_LOCKED = "UserLocked";
    private static final String USER_LOCKED_10_MIN = "UserLocked10Min";
    private static final String USER_OR_PASSWORD_INVALID = "UserOrPassordInvalids";
    private static final String AUTH_ERROR = "AuthError";

    public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        if (!(authenticationException instanceof BadCredentialsException)) {
            if (authenticationException instanceof UsernameNotFoundException) {
                httpServletResponse.sendError(401, Messages.getString(USER_OR_PASSWORD_INVALID));
                return;
            } else if (authenticationException instanceof LockedException) {
                httpServletResponse.sendError(401, Messages.getString(USER_LOCKED));
                return;
            } else {
                httpServletResponse.sendError(401, Messages.getString(AUTH_ERROR));
                log.error("Error trying to authenticate an user", authenticationException);
                return;
            }
        }
        boolean z = false;
        try {
            User user = ApiManager.byUser(httpServletRequest.getParameter("username")).getUser();
            if (user != null) {
                ApiManager.attemptFailed(user);
                z = ApiManager.isUserLocked(user);
            }
        } catch (Exception e) {
            log.error(LogMessage.format("Error updating the user failed attempts after authentication failure: %s", e.getMessage()), e);
        }
        if (z) {
            httpServletResponse.sendError(401, Messages.getString(USER_LOCKED_10_MIN));
        } else {
            httpServletResponse.sendError(401, Messages.getString(USER_OR_PASSWORD_INVALID));
        }
    }
}
