package com.appiancorp.security.auth;

import com.appiancorp.ap2.ServletScopesKeys;
import com.appiancorp.security.auth.forgotpassword.ForgotPasswordException;
import com.appiancorp.security.authz.SystemRoleAeImpl;
import com.appiancorp.suiteapi.common.exceptions.InvalidGroupException;
import com.appiancorp.suiteapi.common.spring.security.CompositeSessionAuthenticationStrategy;
import com.google.common.base.Preconditions;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;

/* loaded from: input_file:com/appiancorp/security/auth/ForgotPasswordFilter.class */
public class ForgotPasswordFilter extends AbstractAuthenticationProcessingFilter {
    public static final String TOKEN_QUERY_PARAMETER = "token";
    public static final String FORGOT_PASSWORD_ERROR_PAGE = "error.jsp";
    private static final Logger LOG = Logger.getLogger(ForgotPasswordFilter.class);
    private final AppianAuthenticationEventPublisher appianAuthenticationEventPublisher;
    private final ForgotPasswordRequestManager forgotPasswordRequestManager;
    private final ForgotPasswordTokenConverter forgotPasswordTokenConverter;
    private final GroupServiceHelper groupServiceHelper;

    public ForgotPasswordFilter(AuthenticationManager authenticationManager, AppianAuthenticationSuccessHandler appianAuthenticationSuccessHandler, CompositeSessionAuthenticationStrategy compositeSessionAuthenticationStrategy, AppianAuthenticationEventPublisher appianAuthenticationEventPublisher, ForgotPasswordTokenConverter forgotPasswordTokenConverter, ForgotPasswordRequestManager forgotPasswordRequestManager, ForgotPasswordRequestMatcher forgotPasswordRequestMatcher, GroupServiceHelper groupServiceHelper) {
        super(forgotPasswordRequestMatcher);
        Preconditions.checkNotNull(forgotPasswordTokenConverter);
        Preconditions.checkNotNull(appianAuthenticationEventPublisher);
        Preconditions.checkNotNull(forgotPasswordRequestManager);
        this.forgotPasswordTokenConverter = forgotPasswordTokenConverter;
        this.appianAuthenticationEventPublisher = appianAuthenticationEventPublisher;
        this.forgotPasswordRequestManager = forgotPasswordRequestManager;
        this.groupServiceHelper = groupServiceHelper;
        setAuthenticationSuccessHandler(appianAuthenticationSuccessHandler);
        setAuthenticationManager(authenticationManager);
        setSessionAuthenticationStrategy(compositeSessionAuthenticationStrategy);
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException {
        String parameter = httpServletRequest.getParameter("token");
        if (parameter == null) {
            LOG.error("MISSING TOKEN");
            httpServletRequest.getRequestDispatcher(FORGOT_PASSWORD_ERROR_PAGE).forward(httpServletRequest, httpServletResponse);
            return null;
        }
        HttpSession session = httpServletRequest.getSession();
        SessionUuidAttributeSetter.setSessionUuidAttribute(session);
        try {
            UsernamePasswordAuthenticationToken convertForgotPasswordToken = this.forgotPasswordTokenConverter.convertForgotPasswordToken(parameter);
            excludeServiceAccount(convertForgotPasswordToken);
            this.forgotPasswordRequestManager.enable();
            convertForgotPasswordToken.setDetails(new AuthenticationDetails(httpServletRequest, LoginEntryPoint.PORTAL));
            this.appianAuthenticationEventPublisher.publishApplicationEvent(new AppianAuthenticationSuccessEvent(convertForgotPasswordToken, (String) session.getAttribute(ServletScopesKeys.KEY_SESSION_UUID)), httpServletRequest);
            return convertForgotPasswordToken;
        } catch (ForgotPasswordException e) {
            LOG.error("INVALID TOKEN. Reason: " + e.getRejectionReason(), e);
            httpServletRequest.getRequestDispatcher(FORGOT_PASSWORD_ERROR_PAGE).forward(httpServletRequest, httpServletResponse);
            return null;
        }
    }

    private void excludeServiceAccount(UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws ForgotPasswordException {
        try {
            if (this.groupServiceHelper.isUserMemberOfGroup(usernamePasswordAuthenticationToken.getName(), SystemRoleAeImpl.SERVICE_ACCOUNT.getGroupId(), false)) {
                throw new ForgotPasswordException("Service Account users cannot login via portal");
            }
        } catch (InvalidGroupException e) {
            LOG.error(e.getMessage());
        }
    }
}
