package org.molgenis.security.twofactor;

import java.util.Objects;
import org.molgenis.security.login.MolgenisLoginController;
import org.molgenis.security.twofactor.auth.RecoveryAuthenticationProvider;
import org.molgenis.security.twofactor.auth.RecoveryAuthenticationToken;
import org.molgenis.security.twofactor.auth.TwoFactorAuthenticationProvider;
import org.molgenis.security.twofactor.auth.TwoFactorAuthenticationToken;
import org.molgenis.security.twofactor.exceptions.InvalidVerificationCodeException;
import org.molgenis.security.twofactor.exceptions.TooManyLoginAttemptsException;
import org.molgenis.security.twofactor.service.OtpService;
import org.molgenis.security.twofactor.service.TwoFactorAuthenticationService;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;

@RequestMapping({TwoFactorAuthenticationController.URI})
@Controller
/* loaded from: input_file:WEB-INF/lib/molgenis-security-6.1.0.jar:org/molgenis/security/twofactor/TwoFactorAuthenticationController.class */
public class TwoFactorAuthenticationController {
    public static final String URI = "/2fa";
    public static final String TWO_FACTOR_CONFIGURED_URI = "/authenticate";
    public static final String TWO_FACTOR_ACTIVATION_URI = "/activation";
    public static final String ATTRIBUTE_2FA_RECOVER_MODE = "isRecoverMode";
    public static final String ATTRIBUTE_2FA_SECRET_KEY = "secretKey";
    public static final String ATTRIBUTE_2FA_AUTHENTICATOR_URI = "authenticatorURI";
    private static final String TWO_FACTOR_ACTIVATION_AUTHENTICATE_URI = "/activation/authenticate";
    private static final String TWO_FACTOR_VALIDATION_URI = "/validate";
    private static final String TWO_FACTOR_RECOVER_URI = "/recover";
    private static final String VIEW_2FA_ACTIVATION_MODAL = "view-2fa-activation-modal";
    private static final String VIEW_2FA_CONFIGURED_MODAL = "view-2fa-configured-modal";
    private final TwoFactorAuthenticationProvider authenticationProvider;
    private final TwoFactorAuthenticationService twoFactorAuthenticationService;
    private final RecoveryAuthenticationProvider recoveryAuthenticationProvider;
    private final OtpService otpService;

    public TwoFactorAuthenticationController(TwoFactorAuthenticationProvider twoFactorAuthenticationProvider, TwoFactorAuthenticationService twoFactorAuthenticationService, RecoveryAuthenticationProvider recoveryAuthenticationProvider, OtpService otpService) {
        this.authenticationProvider = (TwoFactorAuthenticationProvider) Objects.requireNonNull(twoFactorAuthenticationProvider);
        this.twoFactorAuthenticationService = (TwoFactorAuthenticationService) Objects.requireNonNull(twoFactorAuthenticationService);
        this.recoveryAuthenticationProvider = recoveryAuthenticationProvider;
        this.otpService = (OtpService) Objects.requireNonNull(otpService);
    }

    @GetMapping({TWO_FACTOR_CONFIGURED_URI})
    public String configured(Model model) {
        return VIEW_2FA_CONFIGURED_MODAL;
    }

    @PostMapping({TWO_FACTOR_VALIDATION_URI})
    public String validate(Model model, @RequestParam String str) {
        String str2 = "redirect:/";
        try {
            SecurityContextHolder.getContext().setAuthentication(this.authenticationProvider.authenticate(new TwoFactorAuthenticationToken(str, null)));
        } catch (AuthenticationException e) {
            model.addAttribute(MolgenisLoginController.ERROR_MESSAGE_ATTRIBUTE, determineErrorMessage(e));
            str2 = VIEW_2FA_CONFIGURED_MODAL;
        }
        return str2;
    }

    @GetMapping({TWO_FACTOR_ACTIVATION_URI})
    public String activation(Model model) {
        try {
            String generateSecretKey = this.twoFactorAuthenticationService.generateSecretKey();
            model.addAttribute("secretKey", generateSecretKey);
            model.addAttribute(ATTRIBUTE_2FA_AUTHENTICATOR_URI, this.otpService.getAuthenticatorURI(generateSecretKey));
            return VIEW_2FA_ACTIVATION_MODAL;
        } catch (IllegalStateException e) {
            model.addAttribute(MolgenisLoginController.ERROR_MESSAGE_ATTRIBUTE, determineErrorMessage(e));
            return VIEW_2FA_ACTIVATION_MODAL;
        }
    }

    @PostMapping({TWO_FACTOR_ACTIVATION_AUTHENTICATE_URI})
    public String authenticate(Model model, @RequestParam String str, @RequestParam String str2) {
        String str3 = "redirect:/menu/main/useraccount?showCodes=true#security";
        try {
            SecurityContextHolder.getContext().setAuthentication(this.authenticationProvider.authenticate(new TwoFactorAuthenticationToken(str, str2)));
        } catch (AuthenticationException e) {
            model.addAttribute("secretKey", str2);
            model.addAttribute(ATTRIBUTE_2FA_AUTHENTICATOR_URI, this.otpService.getAuthenticatorURI(str2));
            model.addAttribute(MolgenisLoginController.ERROR_MESSAGE_ATTRIBUTE, determineErrorMessage(e));
            str3 = VIEW_2FA_ACTIVATION_MODAL;
        }
        return str3;
    }

    @PostMapping({TWO_FACTOR_RECOVER_URI})
    public String recoverAccount(Model model, @RequestParam String str) {
        String str2 = "redirect:/";
        try {
            SecurityContextHolder.getContext().setAuthentication(this.recoveryAuthenticationProvider.authenticate(new RecoveryAuthenticationToken(str)));
        } catch (AuthenticationException e) {
            model.addAttribute(ATTRIBUTE_2FA_RECOVER_MODE, true);
            model.addAttribute(MolgenisLoginController.ERROR_MESSAGE_ATTRIBUTE, determineErrorMessage(e));
            str2 = VIEW_2FA_CONFIGURED_MODAL;
        }
        return str2;
    }

    private String determineErrorMessage(Exception exc) {
        return ((exc instanceof BadCredentialsException) || (exc instanceof InvalidVerificationCodeException) || (exc instanceof TooManyLoginAttemptsException) || (exc instanceof UsernameNotFoundException)) ? exc.getMessage() : "Signin failed";
    }
}
