package io.polyglotted.spring.cognito;

import com.amazonaws.services.cognitoidp.AWSCognitoIdentityProvider;
import com.amazonaws.services.cognitoidp.model.AdminInitiateAuthRequest;
import com.amazonaws.services.cognitoidp.model.AdminInitiateAuthResult;
import com.amazonaws.services.cognitoidp.model.AuthFlowType;
import com.amazonaws.services.cognitoidp.model.AuthenticationResultType;
import com.amazonaws.services.cognitoidp.model.GlobalSignOutRequest;
import com.amazonaws.services.cognitoidp.model.NotAuthorizedException;
import com.amazonaws.services.cognitoidp.model.UserNotFoundException;
import io.polyglotted.common.model.AuthToken;
import io.polyglotted.common.util.MapBuilder;
import io.polyglotted.common.util.StrUtil;
import io.polyglotted.spring.cognito.AbstractCognito;
import io.polyglotted.spring.errorhandling.ExceptionFactory;
import io.polyglotted.spring.web.SimpleResponse;
import java.io.IOException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;

@RestController
/* loaded from: input_file:io/polyglotted/spring/cognito/CognitoLoginController.class */
public class CognitoLoginController extends AbstractCognito {
    private static final Logger log = LoggerFactory.getLogger(CognitoLoginController.class);

    @Autowired
    public CognitoLoginController(AbstractCognito.CognitoConfig cognitoConfig, AWSCognitoIdentityProvider aWSCognitoIdentityProvider) {
        super(cognitoConfig, aWSCognitoIdentityProvider);
    }

    @PostMapping(path = {"/cognito/login"}, params = {"email", "password"}, produces = {"application/json"})
    public AuthenticationResultType login(String str, String str2) throws IOException {
        ExceptionFactory.checkBadRequest(StrUtil.notNullOrEmpty(str) && StrUtil.notNullOrEmpty(str2), "Invalid credentials.");
        try {
            AdminInitiateAuthResult adminInitiateAuth = this.cognitoClient.adminInitiateAuth(new AdminInitiateAuthRequest().withAuthFlow(AuthFlowType.ADMIN_NO_SRP_AUTH).withAuthParameters(MapBuilder.simpleMap("USERNAME", str, "PASSWORD", str2, "SECRET_HASH", this.config.getClientSecret())).withClientId(this.config.getClientId()).withUserPoolId(this.config.getUserPoolId()));
            if (StrUtil.nullOrEmpty(adminInitiateAuth.getChallengeName())) {
                return adminInitiateAuth.getAuthenticationResult();
            }
            throw ExceptionFactory.unauthorisedException("Unexpected challenge on signin: " + adminInitiateAuth.getChallengeName() + ".");
        } catch (UserNotFoundException | NotAuthorizedException e) {
            log.debug("not found or invalid creds: {}", str);
            throw ExceptionFactory.unauthorisedException(StrUtil.safePrefix(e.getMessage(), " ("));
        }
    }

    @PostMapping(path = {"/cognito/logout"}, produces = {"application/json"})
    public SimpleResponse logout(@RequestBody AuthToken authToken) throws IOException {
        this.cognitoClient.globalSignOut(new GlobalSignOutRequest().withAccessToken(authToken.accessToken));
        return new SimpleResponse("logged-out");
    }
}
