package com.atlassian.jira.rest.auth;

import com.atlassian.crowd.embedded.api.User;
import com.atlassian.jira.action.ActionContextKit;
import com.atlassian.jira.bc.security.login.DeniedReason;
import com.atlassian.jira.bc.security.login.LoginReason;
import com.atlassian.jira.bc.security.login.LoginResult;
import com.atlassian.jira.bc.security.login.LoginService;
import com.atlassian.jira.rest.NotAuthorisedWebException;
import com.atlassian.jira.rest.api.http.CacheControl;
import com.atlassian.jira.rest.api.util.ErrorCollection;
import com.atlassian.jira.rest.v2.issue.context.ContextI18n;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.jira.util.JiraUrlCodec;
import com.atlassian.jira.util.velocity.VelocityRequestContextFactory;
import com.atlassian.plugins.rest.common.security.AnonymousAllowed;
import com.atlassian.seraph.config.SecurityConfig;
import com.atlassian.seraph.config.SecurityConfigFactory;
import com.atlassian.seraph.filter.PasswordBasedLoginFilter;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Iterator;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;

@Path("session")
@Consumes({"application/json"})
@Produces({"application/json"})
@AnonymousAllowed
/* loaded from: input_file:com/atlassian/jira/rest/auth/Login.class */
public class Login {
    private final LoginService loginService;
    private final JiraAuthenticationContext jiraAuthenticationContext;
    private final VelocityRequestContextFactory velocityRequestContextFactory;
    private final ContextI18n i18n;

    /* loaded from: input_file:com/atlassian/jira/rest/auth/Login$LoginResourceFilter.class */
    private class LoginResourceFilter extends PasswordBasedLoginFilter {
        private final String username;
        private final String password;

        private LoginResourceFilter(String str, String str2) {
            this.username = str;
            this.password = str2;
        }

        protected PasswordBasedLoginFilter.UserPasswordPair extractUserPasswordPair(HttpServletRequest httpServletRequest) {
            return new PasswordBasedLoginFilter.UserPasswordPair(this.username, this.password, false);
        }

        protected SecurityConfig getSecurityConfig() {
            return SecurityConfigFactory.getInstance();
        }
    }

    public Login(LoginService loginService, JiraAuthenticationContext jiraAuthenticationContext, VelocityRequestContextFactory velocityRequestContextFactory, ContextI18n contextI18n) {
        this.loginService = loginService;
        this.jiraAuthenticationContext = jiraAuthenticationContext;
        this.velocityRequestContextFactory = velocityRequestContextFactory;
        this.i18n = contextI18n;
    }

    @GET
    public Response currentUser() throws URISyntaxException {
        User loggedInUser = this.jiraAuthenticationContext.getLoggedInUser();
        if (loggedInUser == null) {
            throw new NotAuthorisedWebException(ErrorCollection.of(this.i18n.getText("rest.authentication.no.user.logged.in")));
        }
        return Response.ok(new CurrentUser().userName(loggedInUser.getName()).self(new URI(this.velocityRequestContextFactory.getJiraVelocityRequestContext().getCanonicalBaseUrl() + "/rest/api/latest/user?username=" + JiraUrlCodec.encode(loggedInUser.getName()))).loginInfo(new LoginInfo(this.loginService.getLoginInfo(loggedInUser.getName())))).cacheControl(CacheControl.never()).build();
    }

    @POST
    public Response login(AuthParams authParams, @Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) {
        if ("success".equals(new LoginResourceFilter(authParams.username, authParams.password).login(httpServletRequest, httpServletResponse))) {
            return Response.ok(new AuthSuccess(new SessionInfo("JSESSIONID", httpServletRequest.getSession().getId()), new LoginInfo(this.loginService.getLoginInfo(authParams.username)))).build();
        }
        LoginResult loginResult = (LoginResult) httpServletRequest.getAttribute("com.atlassian.jira.security.login.LoginManager.LoginResult");
        if (loginResult == null || loginResult.getReason() != LoginReason.AUTHENTICATION_DENIED) {
            httpServletResponse.setHeader("WWW-Authenticate", "JIRA REST POST");
            return Response.status(Response.Status.UNAUTHORIZED).entity(ErrorCollection.of(this.i18n.getText("rest.login.failed"))).build();
        }
        stampDeniedReasonsOnResponse(httpServletResponse, loginResult.getDeniedReasons());
        return Response.status(Response.Status.FORBIDDEN).entity(ErrorCollection.of(this.i18n.getText("rest.login.denied"))).build();
    }

    @DELETE
    public Response logout(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse) {
        if (this.jiraAuthenticationContext.getLoggedInUser() == null) {
            throw new NotAuthorisedWebException(ErrorCollection.of(this.i18n.getText("rest.authentication.no.user.logged.in")));
        }
        this.loginService.logout(httpServletRequest, httpServletResponse);
        ActionContextKit.resetContext();
        return Response.noContent().build();
    }

    protected void stampDeniedReasonsOnResponse(HttpServletResponse httpServletResponse, Set<DeniedReason> set) {
        Iterator<DeniedReason> it = set.iterator();
        while (it.hasNext()) {
            httpServletResponse.setHeader("X-Authentication-Denied-Reason", it.next().asString());
        }
    }
}
