package com.manydesigns.portofino.actions.user;

import com.github.cage.Cage;
import com.manydesigns.elements.ElementsThreadLocals;
import com.manydesigns.elements.Mode;
import com.manydesigns.elements.forms.Form;
import com.manydesigns.elements.forms.FormBuilder;
import com.manydesigns.elements.messages.SessionMessages;
import com.manydesigns.elements.servlet.ServletUtils;
import com.manydesigns.portofino.PortofinoProperties;
import com.manydesigns.portofino.buttons.annotations.Button;
import com.manydesigns.portofino.di.Inject;
import com.manydesigns.portofino.modules.BaseModule;
import com.manydesigns.portofino.shiro.ExistingUserException;
import com.manydesigns.portofino.shiro.PasswordResetToken;
import com.manydesigns.portofino.shiro.PortofinoRealm;
import com.manydesigns.portofino.shiro.ShiroUtils;
import com.manydesigns.portofino.shiro.SignUpToken;
import com.manydesigns.portofino.stripes.AbstractActionBean;
import com.manydesigns.portofino.stripes.AuthenticationRequiredResolution;
import java.io.IOException;
import java.io.InputStream;
import java.io.Serializable;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.ws.rs.DELETE;
import javax.ws.rs.FormParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import net.sourceforge.stripes.action.DefaultHandler;
import net.sourceforge.stripes.action.ErrorResolution;
import net.sourceforge.stripes.action.ForwardResolution;
import net.sourceforge.stripes.action.RedirectResolution;
import net.sourceforge.stripes.action.Resolution;
import net.sourceforge.stripes.action.StreamingResolution;
import net.sourceforge.stripes.util.UrlBuilder;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.ObjectUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresUser;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.json.JSONStringer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/manydesigns/portofino/actions/user/LoginAction.class */
public abstract class LoginAction extends AbstractActionBean {
    public static final String copyright = "Copyright (C) 2005-2017 ManyDesigns srl";

    @Inject(BaseModule.PORTOFINO_CONFIGURATION)
    public Configuration portofinoConfiguration;
    public String userName;
    public String pwd;
    public boolean rememberMe;
    public String email;
    public String newPassword;
    public String confirmNewPassword;
    public String token;
    protected Form signUpForm;
    public String returnUrl;
    public String cancelReturnUrl;
    private static Cage cage;
    public static final String CAPTCHA_SESSION_ATTRIBUTE = "LoginAction.captcha";
    public boolean captchaValidationFailed;
    public static final Logger logger = LoggerFactory.getLogger(LoginAction.class);

    @DefaultHandler
    public Resolution execute() {
        if (!SecurityUtils.getSubject().isAuthenticated()) {
            return authenticate();
        }
        logger.debug("Already logged in");
        return redirectToReturnUrl();
    }

    @Button(list = "login-buttons", key = "login", order = 1.0d, type = Button.TYPE_PRIMARY)
    public Resolution login() {
        Subject subject = SecurityUtils.getSubject();
        if (subject.isAuthenticated()) {
            logger.debug("Already logged in");
            return redirectToReturnUrl();
        }
        this.userName = StringUtils.defaultString(this.userName);
        try {
            UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(this.userName, this.pwd);
            usernamePasswordToken.setRememberMe(this.rememberMe);
            subject.login(usernamePasswordToken);
            logger.info("User {} login", ShiroUtils.getUserId(subject));
            SessionMessages.addInfoMessage(ElementsThreadLocals.getText("user._.logged.in.successfully", new Object[]{this.userName}));
            return redirectToReturnUrl();
        } catch (IncorrectCredentialsException e) {
            SessionMessages.addErrorMessage(ElementsThreadLocals.getText("login.failed.for.user._", new Object[]{this.userName}));
            logger.warn("Login failed for '" + this.userName + "': " + e.getMessage());
            return authenticate();
        } catch (DisabledAccountException e2) {
            SessionMessages.addErrorMessage(ElementsThreadLocals.getText("user._.is.not.active", new Object[]{this.userName}));
            logger.warn("Login failed for '" + this.userName + "': " + e2.getMessage());
            return authenticate();
        } catch (UnknownAccountException e3) {
            SessionMessages.addErrorMessage(ElementsThreadLocals.getText("login.failed.for.user._", new Object[]{this.userName}));
            logger.warn("Login failed for '" + this.userName + "': " + e3.getMessage());
            return authenticate();
        } catch (AuthenticationException e4) {
            SessionMessages.addErrorMessage(ElementsThreadLocals.getText("login.failed.for.user._", new Object[]{this.userName}));
            logger.warn("Login failed for '" + this.userName + "': " + e4.getMessage(), e4);
            return authenticate();
        }
    }

    public Resolution authenticate() {
        Subject subject = SecurityUtils.getSubject();
        this.context.getResponse().setStatus(AuthenticationRequiredResolution.STATUS);
        this.context.getResponse().setHeader(AuthenticationRequiredResolution.LOGIN_PAGE_HEADER, this.context.getRequest().getRequestURL().toString());
        if (!subject.isRemembered()) {
            return new ForwardResolution(getLoginPage());
        }
        this.userName = getRememberedUserName((Serializable) ShiroUtils.getPrimaryPrincipal(subject));
        this.rememberMe = true;
        return new ForwardResolution(getAuthenticationPage());
    }

    @POST
    @Produces({"application/json"})
    public String login(@FormParam("username") String str, @FormParam("password") String str2) throws AuthenticationException {
        Subject subject = SecurityUtils.getSubject();
        if (subject.isAuthenticated()) {
            return "{}";
        }
        try {
            UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(str, str2);
            usernamePasswordToken.setRememberMe(false);
            subject.login(usernamePasswordToken);
            logger.info("User {} login", ShiroUtils.getUserId(subject));
            Session session = subject.getSession(true);
            JSONStringer jSONStringer = new JSONStringer();
            jSONStringer.object().key("portofinoSessionId").value(session.getId()).endObject();
            return jSONStringer.toString();
        } catch (AuthenticationException e) {
            logger.warn("Login failed for '" + str + "': " + e.getMessage(), e);
            return "{}";
        }
    }

    protected String getLoginPage() {
        return "/m/base/actions/user/login.jsp";
    }

    protected String getAuthenticationPage() {
        return "/m/base/actions/user/authenticate.jsp";
    }

    protected String getRememberedUserName(Serializable serializable) {
        return ShiroUtils.getPortofinoRealm().getUserPrettyName(serializable);
    }

    @Button(list = "login-buttons", key = "cancel", order = 2.0d)
    public Resolution cancel() {
        String str = "/";
        if (!StringUtils.isBlank(this.cancelReturnUrl)) {
            str = this.cancelReturnUrl;
        } else if (!StringUtils.isBlank(this.returnUrl)) {
            str = this.returnUrl;
        }
        return redirectToReturnUrl(str);
    }

    @Path("{sessionId}")
    @DELETE
    public void logout(@PathParam("sessionId") String str) {
        Subject subject = SecurityUtils.getSubject();
        Session session = subject.getSession(false);
        if (session == null || !session.getId().equals(str)) {
            logger.debug("Unnecessary call to logout");
        } else {
            subject.logout();
            logger.info("User logout");
        }
    }

    public Resolution logout() {
        SecurityUtils.getSubject().logout();
        HttpSession session = this.context.getRequest().getSession(false);
        if (session != null) {
            session.invalidate();
        }
        SessionMessages.addInfoMessage(ElementsThreadLocals.getText("user.disconnected", new Object[0]));
        logger.info("User logout");
        return new RedirectResolution("/");
    }

    public Resolution forgotPassword() {
        if (!SecurityUtils.getSubject().isAuthenticated()) {
            return new ForwardResolution(getForgotPasswordPage());
        }
        logger.debug("Already logged in");
        return redirectToReturnUrl();
    }

    public Resolution forgotPassword2() {
        if (SecurityUtils.getSubject().isAuthenticated()) {
            logger.debug("Already logged in");
            return redirectToReturnUrl();
        }
        PortofinoRealm portofinoRealm = ShiroUtils.getPortofinoRealm();
        try {
            Serializable userByEmail = portofinoRealm.getUserByEmail(this.email);
            if (userByEmail != null) {
                String generateOneTimeToken = portofinoRealm.generateOneTimeToken(userByEmail);
                HttpServletRequest request = this.context.getRequest();
                UrlBuilder urlBuilder = new UrlBuilder(Locale.getDefault(), request.getRequestURL().toString(), true);
                urlBuilder.setEvent("resetPassword");
                urlBuilder.addParameter("token", new Object[]{generateOneTimeToken});
                sendForgotPasswordEmail(this.portofinoConfiguration.getString(PortofinoProperties.MAIL_FROM, "example@example.com"), this.email, ElementsThreadLocals.getText("password.reset.confirmation.required", new Object[0]), getResetPasswordEmailBody(ServletUtils.getApplicationBaseUrl(request), urlBuilder.toString()));
            } else {
                logger.warn("Forgot password request for nonexistent email");
            }
            SessionMessages.addInfoMessage(ElementsThreadLocals.getText("check.your.mailbox.and.follow.the.instructions", new Object[0]));
        } catch (Exception e) {
            logger.error("Error during password reset", e);
            SessionMessages.addErrorMessage(ElementsThreadLocals.getText("password.reset.failed", new Object[0]));
        }
        return new RedirectResolution(this.context.getActionPath());
    }

    protected String getResetPasswordEmailBody(String str, String str2) throws IOException {
        InputStream resourceAsStream = LoginAction.class.getResourceAsStream("passwordResetEmail." + this.context.getLocale().getLanguage().toLowerCase() + ".html");
        if (resourceAsStream == null) {
            resourceAsStream = LoginAction.class.getResourceAsStream("passwordResetEmail.en.html");
        }
        String iOUtils = IOUtils.toString(resourceAsStream);
        IOUtils.closeQuietly(resourceAsStream);
        return iOUtils.replace("$link", str2).replace("$site", str);
    }

    public Resolution resetPassword() {
        if (!SecurityUtils.getSubject().isAuthenticated()) {
            return new ForwardResolution("/m/base/actions/user/resetPassword.jsp");
        }
        logger.debug("Already logged in");
        return redirectToReturnUrl();
    }

    public Resolution resetPassword2() {
        Subject subject = SecurityUtils.getSubject();
        if (subject.isAuthenticated()) {
            logger.debug("Already logged in");
            return redirectToReturnUrl();
        }
        if (!ObjectUtils.equals(this.newPassword, this.confirmNewPassword)) {
            SessionMessages.addErrorMessage(ElementsThreadLocals.getText("passwords.dont.match", new Object[0]));
            return new ForwardResolution("/m/base/actions/user/resetPassword.jsp");
        }
        ArrayList arrayList = new ArrayList();
        if (!checkPasswordStrength(this.newPassword, arrayList)) {
            Iterator<String> it = arrayList.iterator();
            while (it.hasNext()) {
                SessionMessages.addErrorMessage(it.next());
            }
            return new ForwardResolution("/m/base/actions/user/resetPassword.jsp");
        }
        try {
            subject.login(new PasswordResetToken(this.token, this.newPassword));
            SessionMessages.addInfoMessage(ElementsThreadLocals.getText("password.successfully.reset", new Object[0]));
            return redirectToReturnUrl();
        } catch (AuthenticationException e) {
            String text = ElementsThreadLocals.getText("the.password.reset.link.is.no.longer.active", new Object[0]);
            SessionMessages.addErrorMessage(text);
            logger.warn(text, e);
            return authenticate();
        }
    }

    protected abstract void sendForgotPasswordEmail(String str, String str2, String str3, String str4);

    protected String getForgotPasswordPage() {
        return "/m/base/actions/user/forgotPassword.jsp";
    }

    public Resolution captcha() {
        final String str = (String) cage.getTokenGenerator().next();
        this.context.getRequest().getSession().setAttribute(CAPTCHA_SESSION_ATTRIBUTE, str);
        return str != null ? new StreamingResolution("image/" + cage.getFormat()) { // from class: com.manydesigns.portofino.actions.user.LoginAction.1
            protected void applyHeaders(HttpServletResponse httpServletResponse) {
                super.applyHeaders(httpServletResponse);
                httpServletResponse.setHeader("Cache-Control", "no-cache, no-store");
                httpServletResponse.setHeader("Pragma", "no-cache");
                long currentTimeMillis = System.currentTimeMillis();
                httpServletResponse.setDateHeader("Last-Modified", currentTimeMillis);
                httpServletResponse.setDateHeader("Date", currentTimeMillis);
                httpServletResponse.setDateHeader("Expires", currentTimeMillis);
            }

            protected void stream(HttpServletResponse httpServletResponse) throws Exception {
                LoginAction.cage.draw(str, httpServletResponse.getOutputStream());
            }
        } : new ErrorResolution(404);
    }

    public Resolution signUp() {
        if (SecurityUtils.getSubject().getPrincipal() != null) {
            logger.debug("Already logged in");
            return redirectToReturnUrl();
        }
        setupSignUpForm(ShiroUtils.getPortofinoRealm());
        return getSignUpView();
    }

    public Resolution signUp2() {
        if (SecurityUtils.getSubject().getPrincipal() != null) {
            logger.debug("Already logged in");
            return redirectToReturnUrl();
        }
        PortofinoRealm portofinoRealm = ShiroUtils.getPortofinoRealm();
        setupSignUpForm(portofinoRealm);
        this.signUpForm.readFromRequest(this.context.getRequest());
        if (!this.signUpForm.validate() || !validateCaptcha()) {
            SessionMessages.addErrorMessage(ElementsThreadLocals.getText("please.correct.the.errors.before.proceeding", new Object[0]));
            return getSignUpView();
        }
        ArrayList arrayList = new ArrayList();
        if (!validateSignUpPassword(arrayList)) {
            Iterator<String> it = arrayList.iterator();
            while (it.hasNext()) {
                SessionMessages.addErrorMessage(it.next());
            }
            return getSignUpView();
        }
        try {
            Object newInstance = portofinoRealm.getSelfRegisteredUserClassAccessor().newInstance();
            this.signUpForm.writeToObject(newInstance);
            String saveSelfRegisteredUser = portofinoRealm.saveSelfRegisteredUser(newInstance);
            HttpServletRequest request = this.context.getRequest();
            UrlBuilder urlBuilder = new UrlBuilder(Locale.getDefault(), request.getRequestURL().toString(), true);
            urlBuilder.setEvent("confirmSignUp");
            urlBuilder.addParameter("token", new Object[]{saveSelfRegisteredUser});
            sendSignupConfirmationEmail(this.portofinoConfiguration.getString(PortofinoProperties.MAIL_FROM, "example@example.com"), this.email, ElementsThreadLocals.getText("confirm.signup", new Object[0]), getConfirmSignUpEmailBody(ServletUtils.getApplicationBaseUrl(request), urlBuilder.toString()));
            SessionMessages.addInfoMessage(ElementsThreadLocals.getText("check.your.mailbox.and.follow.the.instructions", new Object[0]));
            return authenticate();
        } catch (ExistingUserException e) {
            SessionMessages.addErrorMessage(ElementsThreadLocals.getText("a.user.with.the.same.username.already.exists", new Object[0]));
            return getSignUpView();
        } catch (Exception e2) {
            logger.error("Error during sign-up", e2);
            SessionMessages.addErrorMessage(ElementsThreadLocals.getText("signup.failed", new Object[0]));
            return getSignUpView();
        }
    }

    protected boolean validateCaptcha() {
        HttpServletRequest request = this.context.getRequest();
        HttpSession session = request.getSession();
        boolean equalsIgnoreCase = StringUtils.equalsIgnoreCase(request.getParameter("captchaText"), (String) session.getAttribute(CAPTCHA_SESSION_ATTRIBUTE));
        session.removeAttribute(CAPTCHA_SESSION_ATTRIBUTE);
        this.captchaValidationFailed = !equalsIgnoreCase;
        return equalsIgnoreCase;
    }

    protected String getConfirmSignUpEmailBody(String str, String str2) throws IOException {
        InputStream resourceAsStream = LoginAction.class.getResourceAsStream("confirmSignUpEmail." + this.context.getLocale().getCountry().toLowerCase() + ".html");
        if (resourceAsStream == null) {
            resourceAsStream = LoginAction.class.getResourceAsStream("confirmSignUpEmail.en.html");
        }
        String iOUtils = IOUtils.toString(resourceAsStream);
        IOUtils.closeQuietly(resourceAsStream);
        return iOUtils.replace("$link", str2).replace("$site", str);
    }

    protected abstract void sendSignupConfirmationEmail(String str, String str2, String str3, String str4);

    public Resolution confirmSignUp() {
        Subject subject = SecurityUtils.getSubject();
        if (subject.getPrincipal() != null) {
            logger.debug("Already logged in");
            return redirectToReturnUrl();
        }
        try {
            subject.login(new SignUpToken(this.token));
            SessionMessages.addInfoMessage(ElementsThreadLocals.getText("user.created", new Object[0]));
            return redirectToReturnUrl();
        } catch (AuthenticationException e) {
            String text = ElementsThreadLocals.getText("the.sign.up.confirmation.link.is.no.longer.active", new Object[0]);
            SessionMessages.addErrorMessage(text);
            logger.warn(text, e);
            return signUp();
        }
    }

    protected Resolution getSignUpView() {
        return new ForwardResolution("/m/base/actions/user/signUp.jsp");
    }

    protected void setupSignUpForm(PortofinoRealm portofinoRealm) {
        this.signUpForm = new FormBuilder(portofinoRealm.getSelfRegisteredUserClassAccessor()).configMode(Mode.CREATE).configReflectiveFields().build();
    }

    protected boolean validateSignUpPassword(List<String> list) {
        return true;
    }

    @RequiresUser
    public Resolution changePassword() throws Exception {
        return new ForwardResolution("/m/base/actions/user/changePassword.jsp");
    }

    @Button(list = "changepassword", key = "ok", order = 1.0d, type = Button.TYPE_PRIMARY)
    @RequiresUser
    public Resolution changePassword2() throws Exception {
        Subject subject = SecurityUtils.getSubject();
        Serializable serializable = (Serializable) subject.getPrincipal();
        if (!ObjectUtils.equals(this.newPassword, this.confirmNewPassword)) {
            SessionMessages.addErrorMessage(ElementsThreadLocals.getText("passwords.dont.match", new Object[0]));
            return new ForwardResolution("/m/base/actions/user/changePassword.jsp");
        }
        ArrayList arrayList = new ArrayList();
        if (!checkPasswordStrength(this.newPassword, arrayList)) {
            Iterator<String> it = arrayList.iterator();
            while (it.hasNext()) {
                SessionMessages.addErrorMessage(it.next());
            }
            return new ForwardResolution("/m/base/actions/user/changePassword.jsp");
        }
        PortofinoRealm portofinoRealm = ShiroUtils.getPortofinoRealm();
        try {
            portofinoRealm.changePassword(serializable, this.pwd, this.newPassword);
            if (subject.isRemembered()) {
                UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(getRememberedUserName(serializable), this.newPassword);
                usernamePasswordToken.setRememberMe(true);
                try {
                    subject.login(usernamePasswordToken);
                } catch (Exception e) {
                    logger.warn("User {} changed password but could not be subsequently authenticated", portofinoRealm.getUserId(serializable));
                }
            }
            SessionMessages.addInfoMessage(ElementsThreadLocals.getText("password.changed.successfully", new Object[0]));
            return redirectToReturnUrl();
        } catch (IncorrectCredentialsException e2) {
            logger.warn("User {} password change: Incorrect credentials", portofinoRealm.getUserId(serializable));
            SessionMessages.addErrorMessage(ElementsThreadLocals.getText("wrong.password", new Object[0]));
            return new ForwardResolution("/m/base/actions/user/changePassword.jsp");
        } catch (Exception e3) {
            logger.error("Password update failed for user " + portofinoRealm.getUserId(serializable), e3);
            SessionMessages.addErrorMessage(ElementsThreadLocals.getText("password.change.failed", new Object[0]));
            return new ForwardResolution("/m/base/actions/user/changePassword.jsp");
        }
    }

    protected boolean checkPasswordStrength(String str, List<String> list) {
        if (str == null) {
            list.add(ElementsThreadLocals.getText("null.password", new Object[0]));
            return false;
        }
        if (str.length() < 8) {
            list.add(ElementsThreadLocals.getText("password.too.short", new Object[]{8}));
            return false;
        }
        if (!StringUtils.isAlpha(str)) {
            return true;
        }
        list.add(ElementsThreadLocals.getText("password.only.letters", new Object[0]));
        return false;
    }

    protected Resolution redirectToReturnUrl() {
        return redirectToReturnUrl(this.returnUrl);
    }

    protected Resolution redirectToReturnUrl(String str) {
        boolean z = true;
        if (StringUtils.isEmpty(str)) {
            str = "/";
        } else {
            try {
                URL url = new URL(str);
                if (!isValidReturnUrl(url)) {
                    logger.warn("Forbidding suspicious return URL: " + url);
                    return new RedirectResolution("/");
                }
                z = false;
            } catch (MalformedURLException e) {
            }
        }
        logger.debug("Redirecting to: {}", str);
        return new RedirectResolution(str, z);
    }

    protected boolean isValidReturnUrl(URL url) {
        return this.context.getRequest().getServerName().equals(url.getHost());
    }

    public abstract String getApplicationName();

    public String getReturnUrl() {
        return this.returnUrl;
    }

    public void setReturnUrl(String str) {
        this.returnUrl = str;
    }

    public String getCancelReturnUrl() {
        return this.cancelReturnUrl;
    }

    public void setCancelReturnUrl(String str) {
        this.cancelReturnUrl = str;
    }

    public Configuration getPortofinoConfiguration() {
        return this.portofinoConfiguration;
    }

    public Form getSignUpForm() {
        return this.signUpForm;
    }

    public String getUserName() {
        return this.userName;
    }

    public void setUserName(String str) {
        this.userName = str;
    }

    public String getPwd() {
        return this.pwd;
    }

    public void setPwd(String str) {
        this.pwd = str;
    }

    public String getEmail() {
        return this.email;
    }

    public void setEmail(String str) {
        this.email = str;
    }

    public String getNewPassword() {
        return this.newPassword;
    }

    public void setNewPassword(String str) {
        this.newPassword = str;
    }

    public String getConfirmNewPassword() {
        return this.confirmNewPassword;
    }

    public void setConfirmNewPassword(String str) {
        this.confirmNewPassword = str;
    }

    public String getToken() {
        return this.token;
    }

    public void setToken(String str) {
        this.token = str;
    }

    public boolean isRememberMe() {
        return this.rememberMe;
    }

    public void setRememberMe(boolean z) {
        this.rememberMe = z;
    }

    public boolean isCaptchaValidationFailed() {
        return this.captchaValidationFailed;
    }

    static {
        try {
            cage = new CaptchaGenerator();
        } catch (NoClassDefFoundError e) {
            cage = null;
            logger.warn("Captcha generator not available", e);
        }
    }
}
