package org.ametys.workspaces.repository;

import java.util.Map;
import org.ametys.plugins.repositoryapp.authentication.RepositoryAuthentication;
import org.ametys.runtime.authentication.Credentials;
import org.ametys.runtime.authentication.CredentialsProvider;
import org.ametys.runtime.user.User;
import org.apache.avalon.framework.parameters.Parameters;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.avalon.framework.thread.ThreadSafe;
import org.apache.cocoon.acting.ServiceableAction;
import org.apache.cocoon.environment.ObjectModelHelper;
import org.apache.cocoon.environment.Redirector;
import org.apache.cocoon.environment.Request;
import org.apache.cocoon.environment.SourceResolver;

/* loaded from: input_file:org/ametys/workspaces/repository/AuthenticateAction.class */
public class AuthenticateAction extends ServiceableAction implements ThreadSafe {
    private static final String __SESSION_ADMINISTRATOR = "Repository:Administrator";
    private RepositoryAuthentication _authentication;

    public void service(ServiceManager serviceManager) throws ServiceException {
        super.service(serviceManager);
        this._authentication = (RepositoryAuthentication) serviceManager.lookup(RepositoryAuthentication.ROLE);
    }

    public Map act(Redirector redirector, SourceResolver sourceResolver, Map map, String str, Parameters parameters) throws Exception {
        if (_checkAuth(map, redirector, this._authentication.getCredentialsProvider())) {
            return EMPTY_MAP;
        }
        return null;
    }

    private boolean _checkAuth(Map map, Redirector redirector, CredentialsProvider credentialsProvider) throws Exception {
        Request request = ObjectModelHelper.getRequest(map);
        if (((User) request.getSession().getAttribute(__SESSION_ADMINISTRATOR)) != null) {
            return true;
        }
        Credentials credentials = credentialsProvider.getCredentials(redirector);
        if (credentials == null || !this._authentication.allowUser(credentials)) {
            credentialsProvider.notAllowed(redirector);
            return false;
        }
        credentialsProvider.allowed(redirector);
        request.getSession(true).setAttribute(__SESSION_ADMINISTRATOR, new User("admin"));
        return true;
    }
}
