package org.akaza.openclinica.web.filter;

import java.util.Date;
import java.util.Locale;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.sql.DataSource;
import org.akaza.openclinica.bean.login.UserAccountBean;
import org.akaza.openclinica.control.login.AccountConfigurationException;
import org.akaza.openclinica.core.CRFLocker;
import org.akaza.openclinica.dao.hibernate.AuditUserLoginDao;
import org.akaza.openclinica.dao.hibernate.ConfigurationDao;
import org.akaza.openclinica.dao.login.UserAccountDAO;
import org.akaza.openclinica.domain.technicaladmin.AuditUserLoginBean;
import org.akaza.openclinica.domain.technicaladmin.LoginStatus;
import org.akaza.openclinica.i18n.util.ResourceBundleProvider;
import org.akaza.openclinica.service.otp.MailNotificationService;
import org.akaza.openclinica.service.otp.TwoFactorService;
import org.apache.commons.lang.StringUtils;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.util.TextEscapeUtils;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/classes/org/akaza/openclinica/web/filter/OpenClinicaUsernamePasswordAuthenticationFilter.class */
public class OpenClinicaUsernamePasswordAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
    public static final String SPRING_SECURITY_LAST_USERNAME_KEY = "SPRING_SECURITY_LAST_USERNAME";
    public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "j_username";
    public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "j_password";
    public static final String SPRING_SECURITY_FORM_FACTOR = "j_factor";
    private static final String BAD_CREDENTIALS_MESSAGE = "Bad Credentials";
    private String usernameParameter;
    private String passwordParameter;
    private boolean postOnly;
    private AuditUserLoginDao auditUserLoginDao;
    private ConfigurationDao configurationDao;
    private TwoFactorService factorService;
    private UserAccountDAO userAccountDao;
    private DataSource dataSource;
    private CRFLocker crfLocker;
    private MailNotificationService mailNotificationService;

    public OpenClinicaUsernamePasswordAuthenticationFilter() {
        super("/j_spring_security_check");
        this.usernameParameter = "j_username";
        this.passwordParameter = "j_password";
        this.postOnly = true;
    }

    public void setFactorService(TwoFactorService twoFactorService) {
        this.factorService = twoFactorService;
    }

    public void setMailNotificationService(MailNotificationService mailNotificationService) {
        this.mailNotificationService = mailNotificationService;
    }

    @Override // org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException {
        if (this.postOnly && !httpServletRequest.getMethod().equals("POST")) {
            throw new AuthenticationServiceException("Authentication method not supported: " + httpServletRequest.getMethod());
        }
        String obtainUsername = obtainUsername(httpServletRequest);
        String obtainPassword = obtainPassword(httpServletRequest);
        if (StringUtils.isBlank(obtainUsername) || StringUtils.isBlank(obtainPassword)) {
            throw new BadCredentialsException(BAD_CREDENTIALS_MESSAGE);
        }
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(obtainUsername.trim(), obtainPassword);
        if (httpServletRequest.getSession(false) != null || getAllowSessionCreation()) {
            httpServletRequest.getSession().setAttribute(SPRING_SECURITY_LAST_USERNAME_KEY, TextEscapeUtils.escapeEntities(obtainUsername));
        }
        setDetails(httpServletRequest, usernamePasswordAuthenticationToken);
        ResourceBundleProvider.updateLocale(new Locale("en_US"));
        try {
            UserAccountBean findByUserName = getUserAccountDao().findByUserName(obtainUsername);
            if (!findByUserName.isActive()) {
                throw new BadCredentialsException(BAD_CREDENTIALS_MESSAGE);
            }
            if (this.factorService.getTwoFactorActivated() && findByUserName.isTwoFactorActivated()) {
                if (!this.factorService.verify(findByUserName.getAuthsecret(), httpServletRequest.getParameter(SPRING_SECURITY_FORM_FACTOR))) {
                    throw new BadCredentialsException(BAD_CREDENTIALS_MESSAGE);
                }
            }
            if (this.factorService.isTwoFactorActivatedLetterAndOutDated() && !findByUserName.isTwoFactorActivated()) {
                notifyDeniedLogin(findByUserName);
                throw new AccountConfigurationException();
            }
            if (findByUserName.getStatus().isLocked()) {
                throw new LockedException("locked");
            }
            Authentication authenticate = getAuthenticationManager().authenticate(usernamePasswordAuthenticationToken);
            auditUserLogin(obtainUsername, LoginStatus.SUCCESSFUL_LOGIN, findByUserName);
            resetLockCounter(obtainUsername, LoginStatus.SUCCESSFUL_LOGIN, findByUserName);
            httpServletRequest.getSession().setAttribute("userBean", findByUserName);
            this.crfLocker.unlockAllForUser(findByUserName.getId());
            if (this.mailNotificationService.isMailNotificationEnabled(findByUserName.getActiveStudyId())) {
                this.mailNotificationService.sendSuccessfulLoginMail(findByUserName);
            }
            return authenticate;
        } catch (BadCredentialsException e) {
            auditUserLogin(obtainUsername, LoginStatus.FAILED_LOGIN, null);
            lockAccount(obtainUsername, LoginStatus.FAILED_LOGIN, null);
            notifyDeniedLogin(null);
            throw e;
        } catch (LockedException e2) {
            auditUserLogin(obtainUsername, LoginStatus.FAILED_LOGIN_LOCKED, null);
            notifyDeniedLogin(null);
            throw e2;
        } catch (AuthenticationException e3) {
            auditUserLogin(obtainUsername, LoginStatus.FAILED_LOGIN, null);
            lockAccount(obtainUsername, LoginStatus.FAILED_LOGIN, null);
            notifyDeniedLogin(null);
            throw e3;
        }
    }

    private void notifyDeniedLogin(UserAccountBean userAccountBean) {
        if (userAccountBean != null && userAccountBean.isActive() && this.mailNotificationService.isMailNotificationEnabled(userAccountBean.getActiveStudyId())) {
            this.mailNotificationService.sendDeniedLoginMail(userAccountBean);
        }
    }

    private void auditUserLogin(String str, LoginStatus loginStatus, UserAccountBean userAccountBean) {
        AuditUserLoginBean auditUserLoginBean = new AuditUserLoginBean();
        auditUserLoginBean.setUserName(str);
        auditUserLoginBean.setLoginStatus(loginStatus);
        auditUserLoginBean.setLoginAttemptDate(new Date());
        auditUserLoginBean.setUserAccountId((userAccountBean == null || !userAccountBean.isActive()) ? null : Integer.valueOf(userAccountBean.getId()));
        getAuditUserLoginDao().saveOrUpdate(auditUserLoginBean);
    }

    private void resetLockCounter(String str, LoginStatus loginStatus, UserAccountBean userAccountBean) {
        if (userAccountBean == null || !userAccountBean.isActive()) {
            return;
        }
        getUserAccountDao().updateLockCounter(Integer.valueOf(userAccountBean.getId()), 0);
    }

    private void lockAccount(String str, LoginStatus loginStatus, UserAccountBean userAccountBean) {
        Boolean valueOf = Boolean.valueOf(getConfigurationDao().findByKey("user.lock.switch").getValue());
        if (userAccountBean != null && userAccountBean.isActive() && valueOf.booleanValue()) {
            Integer lockCounter = userAccountBean.getLockCounter();
            Integer valueOf2 = Integer.valueOf(getConfigurationDao().findByKey("user.lock.allowedFailedConsecutiveLoginAttempts").getValue());
            if (lockCounter.intValue() < valueOf2.intValue()) {
                UserAccountDAO userAccountDao = getUserAccountDao();
                Integer valueOf3 = Integer.valueOf(userAccountBean.getId());
                Integer valueOf4 = Integer.valueOf(lockCounter.intValue() + 1);
                lockCounter = valueOf4;
                userAccountDao.updateLockCounter(valueOf3, valueOf4);
            }
            if (lockCounter.intValue() >= valueOf2.intValue()) {
                getUserAccountDao().lockUser(Integer.valueOf(userAccountBean.getId()));
            }
        }
    }

    protected String obtainPassword(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(this.passwordParameter);
    }

    protected String obtainUsername(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(this.usernameParameter);
    }

    protected void setDetails(HttpServletRequest httpServletRequest, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) {
        usernamePasswordAuthenticationToken.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
    }

    public void setUsernameParameter(String str) {
        Assert.hasText(str, "Username parameter must not be empty or null");
        this.usernameParameter = str;
    }

    public void setPasswordParameter(String str) {
        Assert.hasText(str, "Password parameter must not be empty or null");
        this.passwordParameter = str;
    }

    public void setPostOnly(boolean z) {
        this.postOnly = z;
    }

    public final String getUsernameParameter() {
        return this.usernameParameter;
    }

    public final String getPasswordParameter() {
        return this.passwordParameter;
    }

    public AuditUserLoginDao getAuditUserLoginDao() {
        return this.auditUserLoginDao;
    }

    public void setAuditUserLoginDao(AuditUserLoginDao auditUserLoginDao) {
        this.auditUserLoginDao = auditUserLoginDao;
    }

    public ConfigurationDao getConfigurationDao() {
        return this.configurationDao;
    }

    public void setConfigurationDao(ConfigurationDao configurationDao) {
        this.configurationDao = configurationDao;
    }

    public DataSource getDataSource() {
        return this.dataSource;
    }

    public void setDataSource(DataSource dataSource) {
        this.dataSource = dataSource;
    }

    public UserAccountDAO getUserAccountDao() {
        return this.userAccountDao != null ? this.userAccountDao : new UserAccountDAO(this.dataSource);
    }

    public CRFLocker getCrfLocker() {
        return this.crfLocker;
    }

    public void setCrfLocker(CRFLocker cRFLocker) {
        this.crfLocker = cRFLocker;
    }
}
