package com.suncode.pwfl.web.security.internal;

import com.plusmpm.security.WorkflowPrincipal;
import com.plusmpm.security.authentication.AuthenticationInterceptor;
import com.plusmpm.security.authentication.LdapAuthenticator;
import com.plusmpm.security.authentication.SharkAuthenticator;
import com.suncode.pwfl.administration.user.Domain;
import com.suncode.pwfl.administration.user.DomainService;
import com.suncode.pwfl.administration.user.User;
import com.suncode.pwfl.administration.user.UserService;
import com.suncode.pwfl.administration.user.security.PasswordPolicyProfile;
import com.suncode.pwfl.administration.user.security.captcha.service.CaptchaService;
import com.suncode.pwfl.administration.user.security.service.BlockedUserService;
import com.suncode.pwfl.administration.user.security.service.PasswordPolicyResolverService;
import com.suncode.pwfl.administration.user.security.service.SelfUnblockUserService;
import com.suncode.pwfl.administration.user.security.service.UserPasswordHistoryService;
import com.suncode.pwfl.i18n.MessageHelper;
import com.suncode.pwfl.license.LicenseVerificator;
import com.suncode.pwfl.license.exceptions.NextSessionNotAllowedException;
import com.suncode.pwfl.web.security.UserAuthorization;
import com.suncode.pwfl.web.security.exception.BlockedUserException;
import com.suncode.pwfl.web.security.exception.CaptchaRequiredException;
import com.suncode.pwfl.web.security.exception.PasswordExpiredException;
import com.suncode.pwfl.web.security.exception.PasswordProfileRequirementsException;
import com.suncode.pwfl.web.security.exception.UserAuthorizationException;
import java.util.Optional;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/suncode/pwfl/web/security/internal/UserAuthorizationImpl.class */
public class UserAuthorizationImpl implements UserAuthorization {
    private static final Logger log = LoggerFactory.getLogger(UserAuthorizationImpl.class);

    @Autowired
    private UserService userService;

    @Autowired
    private DomainService ds;

    @Autowired
    private CaptchaService captchaService;

    @Autowired
    private BlockedUserService blockedUserService;

    @Autowired
    private PasswordPolicyResolverService passwordProfileResolver;

    @Autowired
    private SelfUnblockUserService selfUnblockUserService;

    @Autowired
    private UserPasswordHistoryService passwordHistoryService;

    @Override // com.suncode.pwfl.web.security.UserAuthorization
    public String authorizeUser(String str, String str2, HttpSession httpSession) {
        return authorizeUser(str, str2, null, httpSession);
    }

    @Override // com.suncode.pwfl.web.security.UserAuthorization
    public String authorizeUser(String str, String str2, Long l, HttpSession httpSession) {
        return authorizeUser(str, str2, l, httpSession, false);
    }

    @Override // com.suncode.pwfl.web.security.UserAuthorization
    public String authorizeUser(String str, String str2, Long l, HttpSession httpSession, boolean z) {
        SharkAuthenticator ldapAuthenticator;
        String userId = getUserId(str, l);
        String validateOnLogin = LicenseVerificator.validateOnLogin();
        if (StringUtils.isNotEmpty(validateOnLogin) && !userId.equals("admin")) {
            String str3 = MessageHelper.getMessage("Wystapil_problem_z_licencja_systemu") + ". " + MessageHelper.getMessage("Skontaktuj_sie_z_administratorem_systemu") + ".";
            log.warn("Wystąpił problem z licencją systemu: {}", validateOnLogin);
            return str3;
        }
        if (!LicenseVerificator.isNextSessionAllowed()) {
            NextSessionNotAllowedException nextSessionNotAllowedException = new NextSessionNotAllowedException();
            log.debug(nextSessionNotAllowedException.getMessageTranslated());
            log.warn("Limit zalogowanych użytkowników wykorzystany.");
            return nextSessionNotAllowedException.getMessageTranslated();
        }
        if (l == null) {
            ldapAuthenticator = new SharkAuthenticator(new WorkflowPrincipal(str, str2), httpSession, AuthenticationInterceptor.LoginType.PLUSWORKFLOW);
        } else {
            Domain domain = this.ds.getDomain(l);
            ldapAuthenticator = new LdapAuthenticator(new WorkflowPrincipal(str, str2, domain.getId().toString(), domain.getDomainName()), httpSession);
        }
        if (l == null) {
            if (this.captchaService.requireCaptcha(httpSession)) {
                log.debug("Captcha is required for current session");
                throw new CaptchaRequiredException("Captcha is required for current session");
            }
            if (this.captchaService.requireCaptcha(userId)) {
                String str4 = "Captcha is required for user " + userId;
                log.debug(str4);
                throw new CaptchaRequiredException(str4);
            }
            User user = this.userService.getUser(userId, new String[]{"groups"});
            if (user != null) {
                Optional forUser = this.passwordProfileResolver.getForUser(user);
                log.debug("Checking if user {} is blocked", userId);
                if (this.blockedUserService.isUserBlocked(user)) {
                    String str5 = "User " + userId + " is blocked";
                    log.warn(str5);
                    if (((PasswordPolicyProfile) forUser.get()).getSendUnblockingEmail().booleanValue() || userId.equals("admin")) {
                        new Thread(() -> {
                            try {
                                this.selfUnblockUserService.sendSelfUnblockEmail(user);
                            } catch (Exception e) {
                                log.error("Error while sending self unblock email to user " + userId, e);
                            }
                        }).start();
                    }
                    throw new BlockedUserException(str5);
                }
                if (forUser.isPresent()) {
                    PasswordPolicyProfile passwordPolicyProfile = (PasswordPolicyProfile) forUser.get();
                    if (user.getPassword().equals(this.userService.hashPassword(str2))) {
                        log.debug("Checking requirements with current password for user {}", userId);
                        try {
                            this.passwordProfileResolver.validatePasswordFulfillingRequirements(passwordPolicyProfile, str2);
                        } catch (IllegalArgumentException e) {
                            String str6 = "Current password for user " + userId + " is not fulfilling password profile requirements";
                            log.warn(str6);
                            httpSession.setAttribute("changePasswordUser", userId);
                            throw new PasswordProfileRequirementsException(str6);
                        }
                    }
                    log.debug("Checking password expiration for user {}", userId);
                    if (this.passwordHistoryService.hasExpiredPassword(passwordPolicyProfile, user)) {
                        String str7 = "User " + userId + " has expired password";
                        log.warn(str7);
                        httpSession.setAttribute("changePasswordUser", userId);
                        throw new PasswordExpiredException(str7);
                    }
                }
            } else {
                log.warn("User {} not found", userId);
            }
        }
        if (ldapAuthenticator.authenticate()) {
            if (l == null) {
                this.blockedUserService.invalidateFailedLogins(userId);
                this.captchaService.invalidateFailedLogins(httpSession.getId(), userId, z);
            }
            log.debug("Uwierzytelnienie użytkownika: " + str + " w domenie: " + l + " powiodło się.");
            return userId;
        }
        if (l == null) {
            this.blockedUserService.registerFailedLoginAttempt(userId);
            this.captchaService.registerFailedLoginAttempt(httpSession.getId(), userId, z);
        }
        log.warn("Uwierzytelnienie użytkownika: " + str + " w domenie: " + l + " nie powiodło się.");
        throw new UserAuthorizationException();
    }

    public String getUserId(String str, Long l) {
        if (l == null) {
            return str;
        }
        return this.ds.getDomain(l).getDomainName() + "/" + str;
    }
}
