package com.appiancorp.security.auth;

import com.appiancorp.common.net.URI;
import com.appiancorp.security.auth.mobile.MobileAuthContext;
import com.appiancorp.security.auth.mobile.MobileAuthContextUtils;
import com.appiancorp.security.auth.piee.PieeReturnUrlManager;
import com.appiancorp.security.auth.saml.SamlFilter;
import com.appiancorp.security.auth.saml.rememberidp.RememberIdpService;
import com.appiancorp.security.cors.CorsUtil;
import com.appiancorp.suite.SuiteConfiguration;
import com.appiancorp.suite.cfg.ConfigurationFactory;
import com.appiancorp.suite.cfg.FeatureToggleConfiguration;
import com.appiancorp.suiteapi.security.auth.AppianUserDetails;
import com.appiancorp.suiteapi.security.auth.PasswordStatus;
import com.google.common.base.Preconditions;
import java.io.IOException;
import java.net.URISyntaxException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;

/* loaded from: input_file:com/appiancorp/security/auth/AppianAuthenticationSuccessHandler.class */
public class AppianAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
    private static final Logger LOG = Logger.getLogger(AppianAuthenticationSuccessHandler.class);
    private final RememberIdpService rememberIdpService;
    private final AppianHttpSessionRequestCache appianRequestCache;

    public AppianAuthenticationSuccessHandler(RedirectStrategy redirectStrategy, RememberIdpService rememberIdpService, AppianHttpSessionRequestCache appianHttpSessionRequestCache) {
        this.rememberIdpService = (RememberIdpService) Preconditions.checkNotNull(rememberIdpService);
        this.appianRequestCache = appianHttpSessionRequestCache;
        setRedirectStrategy(redirectStrategy);
        setTargetUrlParameter(CorsUtil.EMBEDDED_ORIGIN_PARAMETER);
    }

    public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        AppianUserDetails appianUserDetails = (AppianUserDetails) authentication.getPrincipal();
        this.rememberIdpService.onLoginSuccess(httpServletRequest, httpServletResponse, appianUserDetails);
        PasswordStatus passwordStatus = appianUserDetails.getPasswordStatus();
        if (appianUserDetails.isAuthenticatedByAppianInternalProvider() && !PasswordStatus.NORMAL.equals(passwordStatus)) {
            getRedirectStrategy().sendRedirect(httpServletRequest, httpServletResponse, ForceSetPasswordFilter.PATH_SET_PASSWORD);
            return;
        }
        FeatureToggleConfiguration featureToggleConfiguration = (FeatureToggleConfiguration) ConfigurationFactory.getConfiguration(FeatureToggleConfiguration.class);
        MobileAuthContext mobileAuthContext = MobileAuthContextUtils.getMobileAuthContext(httpServletRequest.getSession(false));
        if (featureToggleConfiguration.isInAppBrowserAuthEnabled() && mobileAuthContext != null) {
            Boolean bool = (Boolean) httpServletRequest.getAttribute(ForgotPasswordRequestManager.FORGOT_PASSWORD_REQUEST);
            if (appianUserDetails.isLoggedInThroughSaml()) {
                mobileAuthContext.setLoggedInThroughSaml(true);
            }
            mobileAuthContext.setAppianLoginContext(appianUserDetails.getAppianLoginContext());
            if (bool == null || !bool.booleanValue()) {
                clearAuthenticationAttributes(httpServletRequest);
                try {
                    getRedirectStrategy().sendRedirect(httpServletRequest, httpServletResponse, new URI(((SuiteConfiguration) ConfigurationFactory.getConfiguration(SuiteConfiguration.class)).getBaseUri() + "/mobileAuthSuccessHandler/").toString());
                    return;
                } catch (URISyntaxException e) {
                    throw new ServletException("Unable to generate redirect URI to mobile auth success handler", e);
                }
            }
            this.appianRequestCache.removeRequest(httpServletRequest, httpServletResponse);
            httpServletRequest.removeAttribute(ForgotPasswordRequestManager.FORGOT_PASSWORD_REQUEST);
        }
        String str = (String) httpServletRequest.getAttribute(SamlFilter.SAML_RETURN_URL_KEY);
        if (!StringUtils.isEmpty(str)) {
            redirect(httpServletRequest, httpServletResponse, str);
            return;
        }
        String str2 = (String) httpServletRequest.getAttribute(PieeReturnUrlManager.PIEE_RETURN_URL_KEY);
        if (!StringUtils.isEmpty(str2)) {
            redirect(httpServletRequest, httpServletResponse, str2);
            return;
        }
        String str3 = (String) httpServletRequest.getAttribute("OIDC-RETURN-URL-KEY");
        if (StringUtils.isEmpty(str3)) {
            super.onAuthenticationSuccess(httpServletRequest, httpServletResponse, authentication);
        } else {
            redirect(httpServletRequest, httpServletResponse, str3);
        }
    }

    private void redirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        clearAuthenticationAttributes(httpServletRequest);
        getRedirectStrategy().sendRedirect(httpServletRequest, httpServletResponse, str);
    }

    protected String determineTargetUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String embeddedRedirect = CorsUtil.getEmbeddedRedirect(httpServletRequest);
        LOG.debug("Embedded Redirect URL" + embeddedRedirect);
        return StringUtils.isEmpty(embeddedRedirect) ? super.determineTargetUrl(httpServletRequest, httpServletResponse) : embeddedRedirect;
    }
}
