package org.commonjava.web.user.rest;

import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.commonjava.util.logging.Logger;

@Path("/session")
/* loaded from: input_file:WEB-INF/classes/org/commonjava/web/user/rest/SessionResource.class */
public class SessionResource {
    private final Logger logger = new Logger(getClass());

    @GET
    @Path("/logout")
    public Response logout() {
        Subject subject = SecurityUtils.getSubject();
        if (!subject.isAuthenticated()) {
            return Response.notModified().build();
        }
        subject.logout();
        return Response.ok().build();
    }

    @GET
    @Path("/login")
    public Response login(@QueryParam("u") String str, @QueryParam("p") String str2, @QueryParam("r") String str3, @Context UriBuilder uriBuilder) {
        Response.ResponseBuilder serverError;
        if (str == null || str2 == null) {
            return Response.status(Response.Status.BAD_REQUEST).build();
        }
        Subject subject = SecurityUtils.getSubject();
        if (subject.isAuthenticated()) {
            serverError = Response.status(Response.Status.CONFLICT).entity("A user is already logged in. Logout first.").location(uriBuilder.path(getClass(), "logout").build(new Object[0]));
        } else {
            UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(str, str2);
            usernamePasswordToken.setRememberMe(str3 == null ? false : Boolean.parseBoolean(str3));
            try {
                subject.login(usernamePasswordToken);
                serverError = Response.ok();
            } catch (AuthenticationException e) {
                this.logger.error("Failed to login user: '%s'. Reason: %s", e, str, e.getMessage());
                serverError = Response.serverError();
            }
        }
        return serverError == null ? Response.serverError().build() : serverError.build();
    }
}
