package com.erudika.para.server.security.filters;

import com.erudika.para.core.App;
import com.erudika.para.core.User;
import com.erudika.para.core.utils.CoreUtils;
import com.erudika.para.core.utils.Para;
import com.erudika.para.server.security.AuthenticatedUserDetails;
import com.erudika.para.server.security.SecurityUtils;
import com.erudika.para.server.security.UserAuthentication;
import com.erudika.para.server.utils.filters.CORSFilter;
import com.nimbusds.jwt.SignedJWT;
import java.io.IOException;
import java.text.ParseException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;

/* loaded from: input_file:com/erudika/para/server/security/filters/PasswordlessAuthFilter.class */
public class PasswordlessAuthFilter extends AbstractAuthenticationProcessingFilter {
    public static final String PASSWORDLESS_ACTION = "passwordless_auth";

    public PasswordlessAuthFilter(String str) {
        super(str);
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        UserAuthentication userAuthentication = null;
        User user = null;
        if (httpServletRequest.getRequestURI().endsWith(PASSWORDLESS_ACTION)) {
            String appidFromAuthRequest = SecurityUtils.getAppidFromAuthRequest(httpServletRequest);
            String parameter = httpServletRequest.getParameter("token");
            App app = (App) Para.getDAO().read(App.id(appidFromAuthRequest));
            if (app != null) {
                userAuthentication = getOrCreateUser(app, parameter);
                if (userAuthentication != null) {
                    user = (User) userAuthentication.getPrincipal();
                    user.setAppid(app.getAppIdentifier());
                }
            }
        }
        return SecurityUtils.checkIfActive(userAuthentication, user, true);
    }

    public UserAuthentication getOrCreateUser(App app, String str) {
        UserAuthentication userAuthentication = null;
        User user = new User();
        String settingForApp = SecurityUtils.getSettingForApp(app, "app_secret_key", app.getSecret());
        try {
            SignedJWT parse = SignedJWT.parse(str);
            String stringClaim = parse.getJWTClaimsSet().getStringClaim("email");
            String stringClaim2 = parse.getJWTClaimsSet().getStringClaim("name");
            String stringClaim3 = parse.getJWTClaimsSet().getStringClaim("identifier");
            String stringClaim4 = parse.getJWTClaimsSet().getStringClaim("groups");
            String stringClaim5 = parse.getJWTClaimsSet().getStringClaim("picture");
            String appIdentifier = app.getAppIdentifier();
            User user2 = new User();
            user2.setAppid(appIdentifier);
            user2.setIdentifier(stringClaim3);
            user2.setEmail(stringClaim);
            user = User.readUserForIdentifier(user2);
            String tokenSecret = user != null ? user.getTokenSecret() : CORSFilter.DEFAULT_EXPOSED_HEADERS;
            if (SecurityUtils.isValidJWToken(settingForApp, parse) || SecurityUtils.isValidJWToken(app.getSecret() + tokenSecret, parse)) {
                if (user == null) {
                    user = new User();
                    user.setActive(true);
                    user.setAppid(appIdentifier);
                    user.setName(stringClaim2);
                    user.setGroups(StringUtils.isBlank(stringClaim4) ? User.Groups.USERS.toString() : stringClaim4);
                    user.setIdentifier(stringClaim3);
                    user.setEmail(stringClaim);
                    user.setPicture(stringClaim5);
                    user.create();
                } else if (updateUserInfo(user, stringClaim5, stringClaim, stringClaim2, str, stringClaim4)) {
                    user.update();
                }
                userAuthentication = new UserAuthentication(new AuthenticatedUserDetails(user));
            } else {
                this.logger.info("Authentication request failed because the provided JWT token is invalid. appid: '" + app.getAppIdentifier() + "'");
            }
        } catch (ParseException e) {
            this.logger.warn("Invalid token: " + e.getMessage());
        }
        return SecurityUtils.checkIfActive(userAuthentication, user, false);
    }

    private boolean updateUserInfo(User user, String str, String str2, String str3, String str4, String str5) {
        boolean z = false;
        if (!StringUtils.equals(user.getPicture(), str)) {
            user.setPicture(str);
            z = true;
        }
        if (!StringUtils.isBlank(str2) && !StringUtils.equals(user.getEmail(), str2)) {
            user.setEmail(str2);
            z = true;
        }
        if (!StringUtils.isBlank(str3) && !StringUtils.equals(user.getName(), str3)) {
            user.setName(str3);
            z = true;
        }
        if (!StringUtils.isBlank(str5) && !StringUtils.equals(user.getGroups(), str5)) {
            user.setGroups(str5);
            CoreUtils.getInstance().overwrite(user.getAppid(), user);
            z = false;
        }
        return z;
    }
}
