package io.datarouter.auth.web.service;

import io.datarouter.auth.authenticate.authenticator.DatarouterAuthenticator;
import io.datarouter.auth.config.DatarouterAuthPaths;
import io.datarouter.auth.config.DatarouterAuthenticationConfig;
import io.datarouter.auth.exception.InvalidCredentialsException;
import io.datarouter.auth.service.DatarouterUserService;
import io.datarouter.auth.storage.user.datarouteruser.DatarouterUser;
import io.datarouter.auth.storage.user.datarouteruser.DatarouterUserDao;
import io.datarouter.auth.storage.user.datarouteruser.cache.DatarouterUserByUsernameCache;
import io.datarouter.auth.storage.user.session.DatarouterSession;
import io.datarouter.types.MilliTime;
import io.datarouter.util.BooleanTool;
import io.datarouter.util.lang.ObjectTool;
import io.datarouter.util.string.StringTool;
import io.datarouter.web.exception.IncorrectPasswordException;
import io.datarouter.web.user.authenticate.saml.DatarouterSamlSettings;
import io.datarouter.web.util.http.RequestTool;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:io/datarouter/auth/web/service/DatarouterSigninFormAuthenticator.class */
public class DatarouterSigninFormAuthenticator implements DatarouterAuthenticator {
    private static final Logger logger = LoggerFactory.getLogger(DatarouterSigninFormAuthenticator.class);

    @Inject
    private DatarouterAuthenticationConfig authenticationConfig;

    @Inject
    private DatarouterUserDao datarouterUserDao;

    @Inject
    private DatarouterSamlSettings samlSettings;

    @Inject
    private DatarouterUserByUsernameCache datarouterUserByUsernameCache;

    @Inject
    private DatarouterUserService datarouterUserService;

    @Inject
    private DatarouterAuthPaths paths;

    public DatarouterSession getSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (ObjectTool.notEquals(httpServletRequest.getServletPath(), this.paths.signin.submit.toSlashedString())) {
            return null;
        }
        String str = RequestTool.get(httpServletRequest, this.authenticationConfig.getUsernameParam(), (String) null);
        String str2 = RequestTool.get(httpServletRequest, this.authenticationConfig.getPasswordParam(), (String) null);
        if (ObjectTool.anyNull(new Object[]{str, str2})) {
            return null;
        }
        if (this.samlSettings.getShouldProcess().booleanValue()) {
            logger.info("Sign in form disabled.");
            return null;
        }
        DatarouterUser lookupAndValidateUser = lookupAndValidateUser(str, str2);
        lookupAndValidateUser.setLastLoggedIn(MilliTime.now());
        this.datarouterUserDao.put(lookupAndValidateUser);
        return DatarouterSession.createFromUser(lookupAndValidateUser);
    }

    private DatarouterUser lookupAndValidateUser(String str, String str2) {
        if (StringTool.isEmpty(str)) {
            throw new InvalidCredentialsException("no username specified");
        }
        DatarouterUser datarouterUser = (DatarouterUser) this.datarouterUserByUsernameCache.getOrThrow(str);
        if (BooleanTool.isFalseOrNull(datarouterUser.getEnabled())) {
            throw new InvalidCredentialsException("user not enabled (" + str + ")");
        }
        if (StringTool.isEmpty(str2)) {
            throw new InvalidCredentialsException("password cannot be empty (" + str + ")");
        }
        if (this.datarouterUserService.isPasswordCorrect(datarouterUser, str2)) {
            return datarouterUser;
        }
        throw new IncorrectPasswordException("invalid password (" + str + ")");
    }
}
