package org.ametys.core.authentication;

import java.util.Iterator;
import java.util.Map;
import org.ametys.core.user.User;
import org.ametys.core.user.UsersManager;
import org.ametys.runtime.authentication.AccessDeniedException;
import org.ametys.runtime.config.Config;
import org.apache.avalon.framework.activity.Initializable;
import org.apache.avalon.framework.parameters.Parameters;
import org.apache.avalon.framework.thread.ThreadSafe;
import org.apache.cocoon.acting.ServiceableAction;
import org.apache.cocoon.environment.ObjectModelHelper;
import org.apache.cocoon.environment.Redirector;
import org.apache.cocoon.environment.Request;
import org.apache.cocoon.environment.Session;
import org.apache.cocoon.environment.SourceResolver;

/* loaded from: input_file:org/ametys/core/authentication/AuthenticateAction.class */
public class AuthenticateAction extends ServiceableAction implements ThreadSafe, Initializable {
    public static final String SESSION_USERLOGIN = "Runtime:UserLogin";
    public static final String REQUEST_AUTHENTICATED = "Runtime:RequestAuthenticated";
    private CredentialsProvider _credentialsProvider;
    private AuthenticationManager _authManager;
    private UsersManager _usersManager;

    public void initialize() throws Exception {
        if (Config.getInstance() == null) {
            return;
        }
        this._credentialsProvider = (CredentialsProvider) this.manager.lookup(CredentialsProvider.ROLE);
        this._authManager = (AuthenticationManager) this.manager.lookup(AuthenticationManager.ROLE);
        this._usersManager = (UsersManager) this.manager.lookup(UsersManager.ROLE);
    }

    public Map act(Redirector redirector, SourceResolver sourceResolver, Map map, String str, Parameters parameters) throws Exception {
        Request request = ObjectModelHelper.getRequest(map);
        if (!"true".equals(request.getAttribute(REQUEST_AUTHENTICATED)) && request.getAttribute(Authentication.INTERNAL_ALLOWED_REQUEST_ATTR) == null) {
            if (!_checkAuth(map, redirector)) {
                throw new AccessDeniedException();
            }
            request.setAttribute(REQUEST_AUTHENTICATED, "true");
            return EMPTY_MAP;
        }
        return EMPTY_MAP;
    }

    protected boolean _checkAuth(Map map, Redirector redirector) throws Exception {
        boolean validate = this._credentialsProvider.validate(redirector);
        if (redirector.hasRedirected() || this._credentialsProvider.accept()) {
            return true;
        }
        if (validate) {
            String str = null;
            Session session = ObjectModelHelper.getRequest(map).getSession(false);
            if (session != null) {
                str = (String) session.getAttribute(SESSION_USERLOGIN);
            }
            if (str != null) {
                return true;
            }
        }
        Credentials credentials = this._credentialsProvider.getCredentials(redirector);
        if (redirector.hasRedirected()) {
            return true;
        }
        if (credentials == null) {
            this._credentialsProvider.notAllowed(redirector);
            return redirector.hasRedirected();
        }
        Iterator<String> it = this._authManager.getExtensionsIds().iterator();
        while (it.hasNext()) {
            if (!this._authManager.getExtension(it.next()).login(credentials)) {
                this._credentialsProvider.notAllowed(redirector);
                return redirector.hasRedirected();
            }
        }
        User user = this._usersManager.getUser(credentials.getLogin());
        if (user != null) {
            this._credentialsProvider.allowed(redirector);
            ObjectModelHelper.getRequest(map).getSession(true).setAttribute(SESSION_USERLOGIN, user.getName());
            return true;
        }
        if (!getLogger().isWarnEnabled()) {
            return false;
        }
        getLogger().warn("The user '" + credentials.getLogin() + "' was authentified and authorized by authentications, but it can not be found by the users manager. Access to the application is therefore denied.");
        return false;
    }
}
