package com.nazdaq.noms.app.auth.action;

import com.fasterxml.jackson.databind.node.ObjectNode;
import com.nazdaq.core.defines.acts.ActivityAction;
import com.nazdaq.core.helpers.AppConfig;
import com.nazdaq.core.helpers.NSystem;
import com.nazdaq.core.helpers.RequestHelper;
import com.nazdaq.core.helpers.TextHelper;
import com.nazdaq.core.security.Passwords;
import com.nazdaq.core.security.SecureToken;
import com.nazdaq.noms.acls.ACLNoPermissionException;
import com.nazdaq.noms.acls.ACLPermissionCheck;
import com.nazdaq.noms.app.auth.AutoLoginLink;
import com.nazdaq.noms.app.auth.GlobalController;
import com.nazdaq.noms.app.auth.UserLoginRedirectException;
import com.nazdaq.noms.app.auth.UserLogoutException;
import com.nazdaq.noms.app.auth.check.AuthApiCallCheck;
import com.nazdaq.noms.app.auth.check.AuthJWT;
import com.nazdaq.noms.app.auth.session.UserSession;
import com.nazdaq.noms.app.auth.session.UserSessionException;
import com.nazdaq.noms.webmodels.SuiteErrorType;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import javax.inject.Inject;
import models.acl.defines.ACLSubject;
import models.users.User;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import play.libs.Json;
import play.mvc.Action;
import play.mvc.Http;
import play.mvc.Result;

/* loaded from: input_file:com/nazdaq/noms/app/auth/action/AuthAction.class */
public class AuthAction extends Action<Authentication> {
    private static final Logger log = LoggerFactory.getLogger("logger");

    @Inject
    public AuthAction() {
    }

    public CompletionStage<Result> call(Http.Request request) {
        boolean z = RequestHelper.isAjax(request) || ((Authentication) this.configuration).response().equals(ResponseType.JSON);
        log.trace("Calling action for {}", request);
        try {
            if (GlobalController.isValidSys()) {
                return this.delegate.call(initRequestForUser(request, z, ((Authentication) this.configuration).silent()));
            }
            Thread.sleep(500L);
            return CompletableFuture.completedFuture(badRequest("You cannot login to B2Win Suite, Your license has been expired, Contact your administrator for help."));
        } catch (UserLoginRedirectException e) {
            return CompletableFuture.completedFuture(displayLogin(request, request.uri(), false, AutoLoginLink.MODE_HOME));
        } catch (UserLogoutException e2) {
            log.warn("Session logout exception: " + e2.getMessage());
            if (e2.getUser() != null) {
                log.info("Session was marked for logout, User: " + e2.getUser().getUsername() + ", logging out now ...");
                request = logoutUser(request, e2.getUser());
            }
            return z ? CompletableFuture.completedFuture(GlobalController.response(request, SessionStorage.SESSION_LOGIN, e2.getMessage(), null, SuiteErrorType.LOGINREQ).withNewSession()) : CompletableFuture.completedFuture(redirectToLogin(request.uri()).withNewSession().flashing("error", e2.getMessage()));
        } catch (Throwable th) {
            log.error("Calling action {} Failed:", request);
            log.error("- Error: " + th.getMessage());
            log.error("- Remote Address: {}", request.remoteAddress());
            log.error("- Request URI: {}", request.uri());
            log.error("- Request Method: {}", request.method());
            log.error("- Request Headers: {}", Json.stringify(Json.toJson(request.getHeaders())));
            log.error("- Request Data: {}", Json.stringify(Json.toJson(request.session().data())));
            log.error("End request error.", th);
            return CompletableFuture.completedFuture(displayLogin(request, request.uri(), z, th.getMessage()));
        }
    }

    private Http.Request initRequestForUser(Http.Request request, boolean z, boolean z2) throws Exception {
        User checkToken;
        long startTime = TextHelper.startTime();
        try {
            UUID uuid = SessionStorage.getUUID(request.session());
            if (SessionStorage.hasLoggedInCookies(request.session())) {
                int userId = SessionStorage.getUserId(request.session());
                if (userId <= 0) {
                    throw new UserLogoutException("No userid saved in browser storage.");
                }
                checkToken = User.getuserbyid(userId);
                if (UserSession.getOnlineSession(userId) == null) {
                    if (AppConfig.isProd && SessionStorage.isSessionVersionChange(request.session())) {
                        throw new UserLogoutException("The session has been expired or invalid due to server upgrade/restart.");
                    }
                    request = AddUserLogin(request, uuid, checkToken, true, AutoLoginLink.MODE_HOME);
                }
            } else if (AuthApiCallCheck.isApiRequest(request)) {
                checkToken = AuthApiCallCheck.isAPICallValid(request);
            } else {
                if (!AuthJWT.isJWTAuthRequest(request)) {
                    if (z) {
                        throw new UserLogoutException("No open session exists");
                    }
                    log.debug("Not logged in redirect to: " + request.uri());
                    throw new UserLoginRedirectException();
                }
                checkToken = AuthJWT.checkToken(RequestHelper.getHeaderValue(request, AuthJWT.HEADER_AUTH));
            }
            isValidCall(checkToken, uuid);
            request = request.addAttr(Attrs.ARG_USER, checkToken).addAttr(Attrs.AUTH_TIME, Long.valueOf(System.currentTimeMillis() - startTime));
        } catch (Exception e) {
            if (!z2) {
                throw e;
            }
        }
        return request;
    }

    private void isValidCall(User user, UUID uuid) throws Exception {
        if (uuid != null && !UserSession.isValidSession(user, uuid)) {
            throw new UserLogoutException(user, "Not a valid session");
        }
        if (((Authentication) this.configuration).perms().length > 0) {
            checkPermsArray(user, Arrays.asList(((Authentication) this.configuration).perms()));
        }
    }

    public static void checkPermsArray(User user, List<ACLSubject> list) throws ACLNoPermissionException {
        Iterator<ACLSubject> it = list.iterator();
        while (it.hasNext()) {
            ACLPermissionCheck.permSystemCheck(user, it.next(), false);
        }
    }

    public static boolean isLoggedIn(Http.Request request) {
        return request.attrs().containsKey(Attrs.ARG_USER);
    }

    public static User getCurrentUser(Http.Request request) {
        if (request.attrs().containsKey(Attrs.ARG_USER)) {
            return (User) request.attrs().get(Attrs.ARG_USER);
        }
        return null;
    }

    public static User checkActivation(User user) throws UserLogoutException {
        if (!user.isActivated()) {
            log.info("The User is de-activated, we are activating him now ...");
            if (!user.canActivate()) {
                throw new UserLogoutException("You cannot login to B2Win Suite, No more licenses, Contact your administrator for help.");
            }
            user.setActivated(true);
            user.save();
            log.info("The user: " + user.getId() + ":" + user.getDisplayName() + ", has been activated.");
            user.addActivity(ActivityAction.USER_ACTIVATE, 0L, 0L, new String[0]);
        }
        return user;
    }

    /* JADX WARN: Finally extract failed */
    public static Http.Request AddUserLogin(Http.Request request, UUID uuid, User user, boolean z, String str) throws UserLogoutException, UserSessionException {
        try {
            if (UserSession.lock.tryLock()) {
                log.debug("Locking the session: " + user.getUsername() + " ...");
            } else {
                log.debug("Session already Locked: {} other users is opening now, waiting for user: {}", Integer.valueOf(UserSession.lock.getHoldCount()), user.getUsername());
                UserSession.lock.lock();
                UserSession onlineSession = UserSession.getOnlineSession(user.getId());
                if (onlineSession != null && onlineSession.getUuid().equals(uuid)) {
                    Http.Request addAttr = request.addAttr(Attrs.ARG_USER, user);
                    log.debug("Wait Finished - Found logged in after release: " + user.getUsername());
                    if (UserSession.lock.isLocked()) {
                        UserSession.lock.unlock();
                        log.debug("Session Unlocked for user: " + user.getUsername() + ". Waiting: " + UserSession.lock.getQueueLength());
                    }
                    return addAttr;
                }
            }
            UserSession isSessionInUse = UserSession.isSessionInUse(user, uuid);
            if (isSessionInUse != null) {
                SecureToken generateToken = Passwords.generateToken(user.getId());
                long timestamp = generateToken.getTimestamp();
                String str2 = "/session/free/" + timestamp + "/" + timestamp + "/" + generateToken.getMainToken() + "/" + user.getId() + "?redirect=" + isSessionInUse.getUuid();
                log.warn("Generating a kill url for user: {}, Other Session: {}", user.getUsername(), isSessionInUse);
                throw new UserSessionException(str2, isSessionInUse.getIp());
            }
            checkActivation(user);
            UserSession createSession = UserSession.createSession(user, uuid, request, z);
            request.session().adding("last", NSystem.getRandomIdentifier(5));
            log.info("Adding user login to session user: {}, Session UUID: {}", user.getUsername(), createSession.getUuid());
            Http.Request addAttr2 = request.addAttr(Attrs.ARG_USER, user);
            if (UserSession.lock.isLocked()) {
                UserSession.lock.unlock();
                log.debug("Session Unlocked for user: " + user.getUsername() + ". Waiting: " + UserSession.lock.getQueueLength());
            }
            return addAttr2;
        } catch (Throwable th) {
            if (UserSession.lock.isLocked()) {
                UserSession.lock.unlock();
                log.debug("Session Unlocked for user: " + user.getUsername() + ". Waiting: " + UserSession.lock.getQueueLength());
            }
            throw th;
        }
    }

    public static Result displayLogin(Http.Request request, String str, boolean z, String str2) {
        String paramString = RequestHelper.hasParamNotEmpty(request, "tmpl") ? RequestHelper.getParamString(request, "tmpl") : null;
        if (z || (!(paramString == null || paramString.isEmpty()) || RequestHelper.isAjax(request))) {
            return GlobalController.response(request, SessionStorage.SESSION_LOGIN, str2, null, SuiteErrorType.LOGINREQ);
        }
        Result redirectToLogin = redirectToLogin(str);
        if (str2 != null && !str2.isEmpty()) {
            redirectToLogin = redirectToLogin.flashing("error", str2);
        }
        return redirectToLogin;
    }

    public static Http.Request logoutUser(Http.Request request, User user) {
        try {
            UUID uuid = SessionStorage.getUUID(request.session());
            if (UserSession.isValidSession(user, uuid)) {
                UserSession.removeSession(user.getId(), "Logged out");
            }
            UserSession.removedKilled(uuid);
            UserSession.removedKilledByUserName(user.getUsername());
        } catch (Exception e) {
            log.warn("Logging out user exception: " + e.getMessage());
        }
        Http.Request removeAttr = request.removeAttr(Attrs.ARG_USER);
        log.debug("Logging user '" + user.getUsername() + "' out and clearing the session storage.");
        return removeAttr;
    }

    public static Result redirectWithFlash(Http.Request request, String str, String str2, String str3, String str4, String str5, User user) {
        if (!RequestHelper.isAjax(request)) {
            if (str2.equals("error")) {
                return displayLogin(request, str3, false, str4);
            }
            if (str3 != null && !str3.isEmpty()) {
                log.debug("Redirecting to: " + str3);
            } else if (user != null) {
                str3 = redirectUrlForUser(user);
            }
            return redirect(str3).flashing("success", str4);
        }
        ObjectNode newObject = Json.newObject();
        newObject.put("title", "Login");
        newObject.put(GlobalController.MSG, str4);
        if (!str5.isEmpty()) {
            newObject.put("killsess", str5);
        }
        if (user != null) {
            newObject.put(SessionStorage.SESSION_USERID, user.getId());
        } else {
            newObject.put(SessionStorage.SESSION_USERID, 0);
        }
        if (str2.equals("error")) {
            newObject.put(GlobalController.STATUS, "error");
            return badRequest(newObject);
        }
        newObject.put(GlobalController.STATUS, "success");
        return ok(newObject);
    }

    private static String redirectUrlForUser(@NotNull User user) {
        String str;
        String homePage = user.getDefaults().getHomePage();
        if (homePage == null || homePage.isEmpty()) {
            try {
                if (GlobalController.hasB2Data()) {
                    str = ACLPermissionCheck.permSystemCheck(user, ACLSubject.B2DATA_REPORTS_ACCESS, true) ? "/" : "/b2output/apps";
                }
            } catch (Exception e) {
                str = "/b2output/apps";
            }
        } else {
            str = user.getDefaults().getHomePage();
        }
        return str;
    }

    @NotNull
    public static String redirectToLoginUrl(String str) {
        if (str == null || str.isEmpty() || str.equals("%2F") || str.equals("/")) {
            return "/user/login";
        }
        String str2 = str;
        if (!str.contains("%")) {
            str2 = URLEncoder.encode(str, StandardCharsets.UTF_8);
        }
        return "/user/login?redirect=" + str2;
    }

    public static Result redirectToLogin(String str) {
        return redirect(redirectToLoginUrl(str));
    }
}
