package com.mapr.admin.controller;

import com.fasterxml.jackson.annotation.JsonInclude;
import com.mapr.admin.lib.SecurityUtils;
import com.mapr.admin.model.SimpleResource;
import com.mapr.baseutils.audit.AuditRecord;
import com.mapr.baseutils.audit.AuditRecordLogger;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.SwaggerDefinition;
import io.swagger.annotations.Tag;
import java.net.URI;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.StringUtils;
import org.apache.drill.exec.server.rest.LogInLogOutResources;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;

@Api("/")
@Path("/")
@SwaggerDefinition(tags = {@Tag(name = LogInLogOutResources.LOGIN_RESOURCE, description = "session management")})
/* loaded from: input_file:com/mapr/admin/controller/LoginController.class */
public class LoginController extends ResourceController {

    @ApiModel(description = "authentication details")
    /* loaded from: input_file:com/mapr/admin/controller/LoginController$Authentication.class */
    public static final class Authentication extends SimpleResource {

        @JsonInclude(JsonInclude.Include.ALWAYS)
        private boolean authenticated;

        @JsonInclude(JsonInclude.Include.NON_NULL)
        private final String id;

        public Authentication() {
            if (SecurityContextHolder.getContext().getAuthentication() != null) {
                this.authenticated = SecurityContextHolder.getContext().getAuthentication().isAuthenticated();
            }
            this.id = this.authenticated ? SecurityUtils.getCurrentUserName() : null;
            addLinks(LogInLogOutResources.LOGIN_RESOURCE, new String[0]);
            getLinks().put("root", "");
        }

        public boolean isAuthenticated() {
            return this.authenticated;
        }

        public String getId() {
            return this.id;
        }
    }

    @GET
    @Path(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL)
    @ApiOperation("Get login status")
    @Produces({"application/json"})
    public Authentication get() {
        return new Authentication();
    }

    @GET
    @Path(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL)
    @ApiOperation(value = "login form", hidden = true)
    @Produces({"text/html"})
    public String getForm() {
        return "<!doctype html><html><head><title>Login</title></head><body>\n<form enctype='application/x-www-form-urlencoded' method='POST'>\n<table>\n<tr><td>username:</td><td><input name='username'></td></tr>\n<tr><td>password:</td><td><input name='password' type='password'></td></tr>\n<tr><td>remember:</td><td><input name='rememberMe' type='checkbox' value='true'>&nbsp;&nbsp;<input type='submit' value='login'></td></tr>\n</table>\n</form></body></html>\n";
    }

    @Path(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL)
    @ApiOperation("Post credentials")
    @POST
    @Produces({"application/json"})
    public Response post(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, @FormParam("username") String str, @FormParam("password") String str2) {
        boolean z = false;
        try {
            org.springframework.security.core.Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            if (authentication != null && authentication.isAuthenticated() && StringUtils.isNotBlank(str) && authentication.getName().compareToIgnoreCase(str) != 0) {
                HttpSession session = httpServletRequest.getSession(false);
                SecurityContextHolder.clearContext();
                if (session != null) {
                    session.invalidate();
                }
            }
            if (authentication == null || !authentication.isAuthenticated()) {
                httpServletRequest.login(str, str2);
            }
            z = true;
            auditAuthentication(httpServletRequest, str, true);
        } catch (AuthenticationServiceException e) {
            auditAuthentication(httpServletRequest, str, false);
        } catch (Throwable th) {
            auditAuthentication(httpServletRequest, str, false);
            throw th;
        }
        return z ? Response.created(new URI("/")).entity(new Authentication()).build() : Response.status(Response.Status.UNAUTHORIZED).build();
    }

    private static void auditAuthentication(HttpServletRequest httpServletRequest, String str, boolean z) {
        AuditRecord auditRecord = new AuditRecord();
        String header = httpServletRequest.getHeader("X-FORWARDED-FOR");
        if (header == null) {
            header = httpServletRequest.getRemoteAddr();
        }
        auditRecord.init(header);
        auditRecord.setOp(AuditRecord.Op.passwordAuth);
        auditRecord.setResource("cluster");
        auditRecord.setUsername(str);
        if (z) {
            auditRecord.setStatus(200);
        } else {
            auditRecord.setStatus(401);
        }
        AuditRecordLogger.getInstance().logAuditRecord(auditRecord);
    }
}
