package org.artifactory.ui.rest.service.admin.security.auth.login;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.artifactory.UiAuthenticationDetails;
import org.artifactory.addon.AddonsManager;
import org.artifactory.addon.OssAddonsManager;
import org.artifactory.addon.plugin.PluginsAddon;
import org.artifactory.api.context.ArtifactoryContext;
import org.artifactory.api.context.ContextHelper;
import org.artifactory.api.security.AuthorizationService;
import org.artifactory.api.security.SecurityService;
import org.artifactory.common.ConstantValues;
import org.artifactory.descriptor.config.CentralConfigDescriptor;
import org.artifactory.descriptor.security.sso.CrowdSettings;
import org.artifactory.rest.common.model.RestModel;
import org.artifactory.rest.common.service.ArtifactoryRestRequest;
import org.artifactory.rest.common.service.RestResponse;
import org.artifactory.security.AccessLogger;
import org.artifactory.security.ArtifactoryPermission;
import org.artifactory.security.AuthenticationHelper;
import org.artifactory.security.HttpAuthenticationDetails;
import org.artifactory.ui.rest.model.admin.security.general.SecurityConfig;
import org.artifactory.ui.rest.model.admin.security.login.UserLogin;
import org.artifactory.ui.rest.model.admin.security.user.BaseUser;
import org.artifactory.ui.rest.service.admin.security.general.GetSecurityConfigService;
import org.artifactory.util.SessionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.stereotype.Component;

@Scope("prototype")
@Component
/* loaded from: input_file:org/artifactory/ui/rest/service/admin/security/auth/login/LoginService.class */
public class LoginService extends AbstractLoginService {
    private static final Logger log = LoggerFactory.getLogger(LoginService.class);

    @Autowired
    private AddonsManager addonsManager;

    @Autowired
    private GetSecurityConfigService getSecurityConfigService;

    @Autowired
    private AuthorizationService authorizationService;

    @Override // org.artifactory.ui.rest.service.admin.security.auth.login.AbstractLoginService
    public void doExecute(ArtifactoryRestRequest artifactoryRestRequest, RestResponse restResponse) {
        UserLogin userLogin = (UserLogin) artifactoryRestRequest.getImodel();
        ArtifactoryContext artifactoryContext = ContextHelper.get();
        String user = userLogin.getUser();
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(user, userLogin.getPassword());
        this.getSecurityConfigService.execute(artifactoryRestRequest, restResponse);
        SecurityConfig securityConfig = (SecurityConfig) restResponse.getIModel();
        handleAnonymous(user, securityConfig);
        Authentication authenticateCredential = authenticateCredential(usernamePasswordAuthenticationToken, artifactoryContext, artifactoryRestRequest);
        if (authenticateCredential == null || uiViewBlocked(restResponse, userLogin)) {
            return;
        }
        updateSessionAndRememberMeServiceWithLoginData(artifactoryRestRequest, restResponse, userLogin, artifactoryContext, usernamePasswordAuthenticationToken, authenticateCredential);
        ((AddonsManager) ContextHelper.get().beanForType(AddonsManager.class)).addonByType(PluginsAddon.class).executeAdditiveRealmPlugins(new HttpLoginArtifactoryRequest(artifactoryRestRequest.getServletRequest()));
        updateResponseWithLoginUser(restResponse, userLogin, artifactoryContext, securityConfig);
        CrowdSettings crowdSettings = ContextHelper.get().getCentralConfig().getDescriptor().getSecurity().getCrowdSettings();
        if (crowdSettings == null || !crowdSettings.isEnableIntegration()) {
            return;
        }
        restResponse.getServletResponse().addHeader("x-jfrog-crowd-validation", String.valueOf(crowdSettings.getSessionValidationInterval()));
    }

    private void handleAnonymous(String str, SecurityConfig securityConfig) {
        if ("anonymous".equals(str) && !securityConfig.isAnonAccessEnabled()) {
            throw new AuthenticationServiceException("Cannot login with anonymous as a user");
        }
    }

    private boolean uiViewBlocked(RestResponse restResponse, UserLogin userLogin) {
        String first = this.userGroupService.findPropertiesForUser(userLogin.getUser()).getFirst("blockUiView");
        if (!StringUtils.isNotBlank(first) || !Boolean.valueOf(first).booleanValue()) {
            return false;
        }
        restResponse.error("UI Access is Disabled For This User").responseCode(401);
        return true;
    }

    private void updateSessionAndRememberMeServiceWithLoginData(ArtifactoryRestRequest artifactoryRestRequest, RestResponse restResponse, UserLogin userLogin, ArtifactoryContext artifactoryContext, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken, Authentication authentication) {
        updateRememberMeService(artifactoryContext, updateSessionAndDB(artifactoryContext, userLogin.getUser(), usernamePasswordAuthenticationToken, authentication, artifactoryRestRequest), artifactoryRestRequest, restResponse);
    }

    private void updateResponseWithLoginUser(RestResponse<RestModel> restResponse, UserLogin userLogin, ArtifactoryContext artifactoryContext, SecurityConfig securityConfig) {
        restResponse.iModel(getResponseModel(artifactoryContext, userLogin, securityConfig));
    }

    private BaseUser getResponseModel(ArtifactoryContext artifactoryContext, UserLogin userLogin, SecurityConfig securityConfig) {
        boolean z = false;
        if (!(this.addonsManager instanceof OssAddonsManager) && !this.addonsManager.isLicenseInstalled()) {
            z = true;
        }
        boolean z2 = true;
        CentralConfigDescriptor descriptor = ContextHelper.get().getCentralConfig().getDescriptor();
        if (ConstantValues.versionQueryEnabled.getBoolean() && !descriptor.isOfflineMode()) {
            z2 = false;
        }
        boolean isAdmin = this.authorizationService.isAdmin();
        boolean hasPermission = this.authorizationService.hasPermission(ArtifactoryPermission.MANAGE);
        boolean hasBuildBasicReadPermission = this.authorizationService.hasBuildBasicReadPermission();
        BaseUser baseUser = new BaseUser(userLogin.getUser(), isAdmin);
        baseUser.setCanCreateReleaseBundle(Boolean.valueOf(this.authorizationService.hasReleaseBundlePermission(ArtifactoryPermission.DEPLOY)));
        baseUser.setCanDeploy(Boolean.valueOf(baseUser.isCanCreateReleaseBundle().booleanValue() || this.authorizationService.hasPermission(ArtifactoryPermission.DEPLOY)));
        baseUser.setCanManage(Boolean.valueOf(hasPermission));
        baseUser.setBuildBasicView(Boolean.valueOf(hasBuildBasicReadPermission));
        baseUser.setProfileUpdatable(this.authorizationService.isUpdatableProfile());
        baseUser.setProWithoutLicense(z);
        baseUser.setOfflineMode(z2);
        baseUser.setRequireProfileUnlock(this.authorizationService.requireProfileUnlock());
        baseUser.setRequireProfilePassword(this.authorizationService.requireProfilePassword());
        baseUser.setExistsInDB(!this.authorizationService.isTransientUser());
        baseUser.setCurrentPasswordValidFor(securityConfig.getPasswordSettings().getExpirationPolicy().getCurrentPasswordValidFor());
        return baseUser;
    }

    private void updateRememberMeService(ArtifactoryContext artifactoryContext, boolean z, ArtifactoryRestRequest artifactoryRestRequest, RestResponse restResponse) {
        HttpServletRequest servletRequest = artifactoryRestRequest.getServletRequest();
        HttpServletResponse servletResponse = restResponse.getServletResponse();
        if (z) {
            RememberMeServices rememberMeServices = (RememberMeServices) artifactoryContext.beanForType("rememberMeServices", RememberMeServices.class);
            if (ConstantValues.securityDisableRememberMe.getBoolean()) {
                if (ConstantValues.securityDisableRememberMe.getBoolean()) {
                    return;
                }
                rememberMeServices.loginFail(servletRequest, servletResponse);
            } else {
                try {
                    rememberMeServices.loginSuccess(servletRequest, servletResponse, AuthenticationHelper.getAuthentication());
                } catch (UsernameNotFoundException e) {
                    log.warn("Remember Me service is not supported for transient external users.");
                }
            }
        }
    }

    private Authentication authenticateCredential(UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken, ArtifactoryContext artifactoryContext, ArtifactoryRestRequest artifactoryRestRequest) {
        usernamePasswordAuthenticationToken.setDetails(new UiAuthenticationDetails(artifactoryRestRequest.getServletRequest()));
        return ((AuthenticationManager) artifactoryContext.beanForType("authenticationManager", AuthenticationManager.class)).authenticate(usernamePasswordAuthenticationToken);
    }

    private boolean updateSessionAndDB(ArtifactoryContext artifactoryContext, String str, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken, Authentication authentication, ArtifactoryRestRequest artifactoryRestRequest) {
        boolean z = true;
        try {
            if (authentication.isAuthenticated()) {
                SecurityContext context = SecurityContextHolder.getContext();
                context.setAuthentication(usernamePasswordAuthenticationToken);
                setLoginDataToSessionAndDB(context, str, artifactoryContext, authentication, artifactoryRestRequest.getServletRequest());
            }
        } catch (AuthenticationException e) {
            z = false;
            AccessLogger.loginDenied(usernamePasswordAuthenticationToken);
            if (log.isDebugEnabled()) {
                log.debug("Failed to authenticate " + str, e);
            }
        }
        return z;
    }

    private void setLoginDataToSessionAndDB(SecurityContext securityContext, String str, ArtifactoryContext artifactoryContext, Authentication authentication, HttpServletRequest httpServletRequest) {
        setAuthentication(authentication, securityContext, httpServletRequest);
        if (!StringUtils.isNotBlank(str) || str.equals("anonymous")) {
            return;
        }
        ((SecurityService) artifactoryContext.beanForType(SecurityService.class)).updateUserLastLogin(str, System.currentTimeMillis(), new HttpAuthenticationDetails(httpServletRequest).getRemoteAddress());
    }

    void setAuthentication(Authentication authentication, SecurityContext securityContext, HttpServletRequest httpServletRequest) {
        if (authentication.isAuthenticated()) {
            if (!isAnonymous(authentication)) {
                AccessLogger.loggedIn(authentication);
            }
            SessionUtils.setAuthentication(httpServletRequest, authentication, true);
            bindAuthentication(securityContext, authentication);
        }
    }

    boolean isAnonymous(Authentication authentication) {
        return authentication != null && "anonymous".equals(authentication.getPrincipal().toString());
    }

    void bindAuthentication(SecurityContext securityContext, Authentication authentication) {
        securityContext.setAuthentication(authentication);
    }
}
