package com.cenqua.fisheye.web;

import com.atlassian.core.util.thumbnail.Thumber;
import com.cenqua.fisheye.AppConfig;
import com.cenqua.fisheye.LicensePolicyException;
import com.cenqua.fisheye.cache.ViewMode;
import com.cenqua.fisheye.logging.Logs;
import com.cenqua.fisheye.rep.DbException;
import com.cenqua.fisheye.util.StringUtil;
import com.cenqua.fisheye.web.filters.JsonRewrite;
import com.cenqua.fisheye.web.parameterbeans.LoginServletParams;
import com.cenqua.fisheye.web.security.CaptchaManager;
import com.cenqua.fisheye.web.tags.DateTag;
import java.awt.image.BufferedImage;
import java.io.IOException;
import javax.imageio.ImageIO;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.mortbay.jetty.HttpHeaderValues;

/* loaded from: input_file:fecru-2.1.0.M1/fisheye.jar:com/cenqua/fisheye/web/LoginServlet.class */
public class LoginServlet extends HttpServlet {
    public static final String ORIG_URL_SESSION_KEY = LoginServlet.class.getName() + ".ORIG_URL";
    private static final String ORIG_URL_REQUEST_KEY = "origUrl";

    public static void redirectToLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (JsonRewrite.isAjaxRequest(httpServletRequest)) {
            httpServletRequest.getRequestDispatcher("/WEB-INF/jsp/login_json.jsp").forward(httpServletRequest, httpServletResponse);
            return;
        }
        if ("true".equalsIgnoreCase(httpServletRequest.getParameter("RSS")) || "true".equalsIgnoreCase(httpServletRequest.getParameter(DateTag.DATE_RSS))) {
            ServletUtils.send401(httpServletResponse);
            return;
        }
        httpServletRequest.getSession().setAttribute(ORIG_URL_SESSION_KEY, ServletUtils.getOriginalRequestURIAndQueryString(httpServletRequest));
        httpServletRequest.getRequestDispatcher("/WEB-INF/jsp/login.jsp").forward(httpServletRequest, httpServletResponse);
    }

    @Override // javax.servlet.http.HttpServlet
    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doGet(httpServletRequest, httpServletResponse);
    }

    @Override // javax.servlet.http.HttpServlet
    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        String parameter = httpServletRequest.getParameter("captcha");
        if (StringUtil.nullOrEmpty(parameter)) {
            doLogin(httpServletRequest, httpServletResponse);
        } else {
            sendCaptchaImage(httpServletRequest, httpServletResponse, parameter);
        }
    }

    private void sendCaptchaImage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        BufferedImage imageChallengeForID = CaptchaManager.getInstance().getImageChallengeForID(str, httpServletRequest.getLocale());
        httpServletResponse.setContentType(Thumber.PNG_MIME_TYPE);
        httpServletResponse.setHeader("Cache-Control", "no-store");
        httpServletResponse.setHeader("Pragma", HttpHeaderValues.NO_CACHE);
        httpServletResponse.setDateHeader("Expires", 0L);
        ImageIO.write(imageChallengeForID, Thumber.PNG_FORMAT, httpServletResponse.getOutputStream());
    }

    private void doLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (!login(httpServletRequest, httpServletResponse)) {
            httpServletRequest.getRequestDispatcher("/WEB-INF/jsp/login.jsp").forward(httpServletRequest, httpServletResponse);
            return;
        }
        String parameter = httpServletRequest.getParameter(ORIG_URL_REQUEST_KEY);
        if (StringUtil.nullOrEmpty(parameter)) {
            parameter = (String) httpServletRequest.getSession().getAttribute(ORIG_URL_SESSION_KEY);
            if (parameter == null) {
                parameter = httpServletRequest.getContextPath() + "/";
            }
        }
        if (parameter.endsWith("/logout")) {
            parameter = parameter.substring(0, parameter.length() - "/logout".length());
        }
        httpServletResponse.sendRedirect(parameter);
    }

    public static boolean login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String parameter = httpServletRequest.getParameter("username");
        String parameter2 = httpServletRequest.getParameter("password");
        boolean equals = "yes".equals(httpServletRequest.getParameter("rememberme"));
        LoginServletParams loginServletParams = new LoginServletParams();
        httpServletRequest.setAttribute(ViewMode.PHYSICAL, loginServletParams);
        if (parameter == null) {
            return false;
        }
        try {
            if (AppConfig.getsConfig().getUserManager().login(httpServletRequest, httpServletResponse, parameter, parameter2, equals) == null) {
                loginServletParams.setErrormsg("Password incorrect or unknown user");
                return false;
            }
            PreferenceManager.loadUserPreference(httpServletRequest);
            PreferenceManager.touchCookie(httpServletRequest, httpServletResponse);
            return true;
        } catch (LicensePolicyException e) {
            Logs.APP_LOG.warn("problem logging in user", e);
            loginServletParams.setErrormsg(e.getMessage());
            return false;
        } catch (DbException e2) {
            Logs.APP_LOG.warn("error checking password", e2);
            loginServletParams.setErrormsg("Password incorrect or unknown user");
            return false;
        }
    }
}
