package org.sonar.server.authentication.ws;

import java.io.IOException;
import javax.annotation.Nullable;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.sonar.api.server.ws.WebService;
import org.sonar.api.web.ServletFilter;
import org.sonar.db.user.UserDto;
import org.sonar.server.authentication.CredentialsAuthenticator;
import org.sonar.server.authentication.JwtHttpHandler;
import org.sonar.server.authentication.event.AuthenticationEvent;
import org.sonar.server.authentication.event.AuthenticationException;
import org.sonar.server.exceptions.UnauthorizedException;
import org.sonar.server.user.ThreadLocalUserSession;
import org.sonar.server.user.UserSessionFactory;
import org.sonar.server.ws.ServletFilterHandler;
import org.sonarqube.ws.client.WsRequest;

/* loaded from: input_file:org/sonar/server/authentication/ws/LoginAction.class */
public class LoginAction extends ServletFilter implements AuthenticationWsAction {
    private static final String LOGIN_ACTION = "login";
    public static final String LOGIN_URL = "/api/authentication/login";
    private final CredentialsAuthenticator credentialsAuthenticator;
    private final JwtHttpHandler jwtHttpHandler;
    private final ThreadLocalUserSession threadLocalUserSession;
    private final AuthenticationEvent authenticationEvent;
    private final UserSessionFactory userSessionFactory;

    public LoginAction(CredentialsAuthenticator credentialsAuthenticator, JwtHttpHandler jwtHttpHandler, ThreadLocalUserSession threadLocalUserSession, AuthenticationEvent authenticationEvent, UserSessionFactory userSessionFactory) {
        this.credentialsAuthenticator = credentialsAuthenticator;
        this.jwtHttpHandler = jwtHttpHandler;
        this.threadLocalUserSession = threadLocalUserSession;
        this.authenticationEvent = authenticationEvent;
        this.userSessionFactory = userSessionFactory;
    }

    @Override // org.sonar.server.authentication.ws.AuthenticationWsAction
    public void define(WebService.NewController newController) {
        WebService.NewAction handler = newController.createAction("login").setDescription("Authenticate a user.").setSince("6.0").setPost(true).setHandler(ServletFilterHandler.INSTANCE);
        handler.createParam("login").setDescription("Login of the user").setRequired(true);
        handler.createParam("password").setDescription("Password of the user").setRequired(true);
    }

    public ServletFilter.UrlPattern doGetPattern() {
        return ServletFilter.UrlPattern.create(LOGIN_URL);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!httpServletRequest.getMethod().equals(WsRequest.Method.POST.name())) {
            httpServletResponse.setStatus(400);
            return;
        }
        try {
            UserDto authenticate = authenticate(httpServletRequest, httpServletRequest.getParameter("login"), httpServletRequest.getParameter("password"));
            this.jwtHttpHandler.generateToken(authenticate, httpServletRequest, httpServletResponse);
            this.threadLocalUserSession.set(this.userSessionFactory.create(authenticate));
        } catch (AuthenticationException e) {
            this.authenticationEvent.loginFailure(httpServletRequest, e);
            httpServletResponse.setStatus(401);
        } catch (UnauthorizedException e2) {
            httpServletResponse.setStatus(e2.httpCode());
        }
    }

    private UserDto authenticate(HttpServletRequest httpServletRequest, @Nullable String str, @Nullable String str2) {
        if (StringUtils.isEmpty(str) || StringUtils.isEmpty(str2)) {
            throw AuthenticationException.newBuilder().setSource(AuthenticationEvent.Source.local(AuthenticationEvent.Method.FORM)).setLogin(str).setMessage("Empty login and/or password").build();
        }
        return this.credentialsAuthenticator.authenticate(str, str2, httpServletRequest, AuthenticationEvent.Method.FORM);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }
}
