package com.atlassian.stash.internal.auth;

import com.atlassian.bitbucket.auth.HttpAuthenticationContext;
import com.atlassian.bitbucket.auth.HttpAuthenticationSuccessContext;
import com.atlassian.bitbucket.auth.HttpAuthenticationSuccessHandler;
import com.atlassian.bitbucket.nav.NavBuilder;
import com.atlassian.bitbucket.server.FeatureManager;
import com.atlassian.bitbucket.server.StandardFeature;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.util.UrlUtils;
import com.atlassian.fugue.Option;
import com.atlassian.stash.internal.ApplicationConstants;
import com.atlassian.stash.internal.user.InternalUserSettingsService;
import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import javax.annotation.Nonnull;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;

/* loaded from: input_file:WEB-INF/lib/bitbucket-service-impl-5.16.0.jar:com/atlassian/stash/internal/auth/RedirectingAuthenticationSuccessHandler.class */
public class RedirectingAuthenticationSuccessHandler implements HttpAuthenticationSuccessHandler {
    private static final String KEY_NEXT_URL = "next";
    private final NavBuilder navBuilder;
    private final InternalUserSettingsService userSettingsService;
    private final FeatureManager featureManager;
    private final RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
    private final RequestCache requestCache = new HttpSessionRequestCache();

    public RedirectingAuthenticationSuccessHandler(@Nonnull NavBuilder navBuilder, @Nonnull InternalUserSettingsService internalUserSettingsService, @Nonnull FeatureManager featureManager) {
        this.navBuilder = navBuilder;
        this.userSettingsService = internalUserSettingsService;
        this.featureManager = featureManager;
    }

    @Override // com.atlassian.bitbucket.auth.HttpAuthenticationSuccessHandler
    public boolean onAuthenticationSuccess(@Nonnull HttpAuthenticationSuccessContext httpAuthenticationSuccessContext) throws ServletException, IOException {
        if (!HttpAuthenticationContext.METHOD_FORM.equals(httpAuthenticationSuccessContext.getMethod())) {
            return false;
        }
        HttpServletRequest request = httpAuthenticationSuccessContext.getRequest();
        HttpServletResponse response = httpAuthenticationSuccessContext.getResponse();
        SavedRequest request2 = this.requestCache.getRequest(request, response);
        String redirectUrl = getRedirectUrl(request);
        if (StringUtils.isNotBlank(redirectUrl)) {
            if (request2 != null) {
                this.requestCache.removeRequest(request, response);
            }
        } else if (request2 != null) {
            redirectUrl = stripServletPath(request2.getRedirectUrl(), this.navBuilder.buildAbsolute());
        } else if (redirectUrl == null) {
            redirectUrl = this.navBuilder.buildAbsolute();
        }
        redirectSafely(request, response, resolvePendingRedirect(httpAuthenticationSuccessContext.getUser(), redirectUrl));
        return true;
    }

    protected String getRedirectUrl(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter("next");
    }

    protected void redirectSafely(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletResponse.setHeader("Cache-Control", "private, max-age=0, no-cache");
        httpServletResponse.setDateHeader("Expires", 0L);
        this.redirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, UrlUtils.safeUrlForRedirect(str, this.navBuilder.buildAbsolute(), this.navBuilder.buildAbsolute()));
    }

    private String contextRelative(String str) {
        String buildRelative = this.navBuilder.buildRelative();
        return str.startsWith(buildRelative) ? str : buildRelative + str;
    }

    private String resolvePendingRedirect(ApplicationUser applicationUser, String str) {
        if (this.featureManager.isEnabled(StandardFeature.GETTING_STARTED) && this.userSettingsService.getUserSettings(applicationUser).getBoolean(ApplicationConstants.SHOW_GETTING_STARTED_PAGE_KEY).getOrElse((Option<Boolean>) false).booleanValue()) {
            str = this.navBuilder.gettingStarted().next(contextRelative(UrlUtils.getPathAndQuery(str))).buildRelNoContext();
        }
        return str;
    }

    @VisibleForTesting
    static String stripServletPath(String str, String str2) {
        if (str.startsWith(str2 + "/mvc/")) {
            str = str2 + "/" + str.substring(str2.length() + "/mvc/".length());
        }
        return str;
    }
}
