package com.dotmarketing.cms.login.factories;

import com.dotcms.enterprise.BaseAuthenticator;
import com.dotcms.enterprise.LDAPImpl;
import com.dotcms.enterprise.PasswordFactoryProxy;
import com.dotcms.enterprise.cas.CASAuthUtils;
import com.dotcms.enterprise.de.qaware.heimdall.PasswordException;
import com.dotcms.enterprise.salesforce.SalesForceUtils;
import com.dotmarketing.business.APILocator;
import com.dotmarketing.business.DuplicateUserException;
import com.dotmarketing.cms.factories.PublicCompanyFactory;
import com.dotmarketing.cms.factories.PublicEncryptionFactory;
import com.dotmarketing.cms.login.struts.LoginForm;
import com.dotmarketing.exception.DotDataException;
import com.dotmarketing.exception.DotSecurityException;
import com.dotmarketing.portal.struts.DotCustomLoginPostAction;
import com.dotmarketing.util.Config;
import com.dotmarketing.util.Logger;
import com.dotmarketing.util.SecurityLogger;
import com.dotmarketing.util.UtilMethods;
import com.dotmarketing.util.WebKeys;
import com.liferay.portal.NoSuchUserException;
import com.liferay.portal.auth.AuthException;
import com.liferay.portal.auth.Authenticator;
import com.liferay.portal.model.Company;
import com.liferay.portal.model.User;
import com.liferay.portal.util.PropsUtil;
import com.liferay.util.Validator;
import java.util.Date;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/dotmarketing/cms/login/factories/LoginFactory.class */
public class LoginFactory {
    public static String PRE_AUTHENTICATOR = PropsUtil.get(PropsUtil.AUTH_PIPELINE_PRE);
    public static boolean useSalesForceLoginFilter = new Boolean(Config.getBooleanProperty("SALESFORCE_LOGIN_FILTER_ON", false)).booleanValue();
    public static boolean useCASLoginFilter = new Boolean(Config.getBooleanProperty("FRONTEND_CAS_FILTER_ON", false)).booleanValue();

    public static boolean doLogin(LoginForm loginForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws NoSuchUserException {
        return doLogin(loginForm.getUserName(), loginForm.getPassword(), loginForm.isRememberMe(), httpServletRequest, httpServletResponse);
    }

    public static boolean doCookieLogin(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            String decryptString = PublicEncryptionFactory.decryptString(str);
            User loadByUserByEmail = Validator.isEmailAddress(decryptString) ? APILocator.getUserAPI().loadByUserByEmail(decryptString, APILocator.getUserAPI().getSystemUser(), false) : APILocator.getUserAPI().loadUserById(decryptString, APILocator.getUserAPI().getSystemUser(), false);
            try {
                String emailAddress = loadByUserByEmail.getEmailAddress();
                if (PublicCompanyFactory.getDefaultCompany().getAuthType().equals("userId")) {
                    emailAddress = loadByUserByEmail.getUserId();
                }
                return doLogin(emailAddress, null, true, httpServletRequest, httpServletResponse, true);
            } catch (Exception e) {
                SecurityLogger.logInfo(LoginFactory.class, "An invalid attempt to login (No user found) from IP: " + httpServletRequest.getRemoteAddr() + " :  " + e);
                return false;
            }
        } catch (Exception e2) {
            SecurityLogger.logInfo(LoginFactory.class, "Auto login failed (No user found) from IP: " + httpServletRequest.getRemoteAddr() + " :  " + e2);
            if (useSalesForceLoginFilter) {
                String decryptString2 = PublicEncryptionFactory.decryptString(str);
                Logger.info(LoginFactory.class, "Try to retrieve user from SalesForce with id: " + decryptString2);
                if (UtilMethods.isSet(SalesForceUtils.migrateUserFromSalesforce(decryptString2, httpServletRequest, httpServletResponse, true))) {
                    try {
                        User loadByUserByEmail2 = PublicCompanyFactory.getDefaultCompany().getAuthType().equals(Company.AUTH_TYPE_EA) ? APILocator.getUserAPI().loadByUserByEmail(decryptString2, APILocator.getUserAPI().getSystemUser(), false) : APILocator.getUserAPI().loadUserById(decryptString2, APILocator.getUserAPI().getSystemUser(), false);
                        String obj = httpServletRequest.getSession().getAttribute("salesforce.instance.url").toString();
                        String obj2 = httpServletRequest.getSession().getAttribute("salesforce.access.token").toString();
                        if (UtilMethods.isSet(obj2) && UtilMethods.isSet(obj)) {
                            SalesForceUtils.syncRoles(loadByUserByEmail2.getEmailAddress(), httpServletRequest, httpServletResponse, obj2, obj);
                        }
                        SalesForceUtils.setUserValuesOnSession(loadByUserByEmail2, httpServletRequest, httpServletResponse, true);
                        return true;
                    } catch (Exception e3) {
                        SecurityLogger.logInfo(LoginFactory.class, "An invalid attempt to login to salesforce from IP: " + httpServletRequest.getRemoteAddr());
                        return false;
                    }
                }
                SecurityLogger.logInfo(LoginFactory.class, "Unable to retrieve user from SalesForce with id: " + decryptString2);
            }
            if (useCASLoginFilter) {
                String decryptString3 = PublicEncryptionFactory.decryptString(str);
                Logger.info(LoginFactory.class, "Try to retrieve user from LDAP/CAS with id: " + decryptString3);
                if (UtilMethods.isSet(CASAuthUtils.loadUserFromLDAP(decryptString3))) {
                    try {
                        User loadByUserByEmail3 = PublicCompanyFactory.getDefaultCompany().getAuthType().equals(Company.AUTH_TYPE_EA) ? APILocator.getUserAPI().loadByUserByEmail(decryptString3, APILocator.getUserAPI().getSystemUser(), false) : APILocator.getUserAPI().loadUserById(decryptString3, APILocator.getUserAPI().getSystemUser(), false);
                        if (!UtilMethods.isSet((String) httpServletRequest.getSession(false).getAttribute("edu.yale.its.tp.cas.client.filter.user"))) {
                            return true;
                        }
                        CASAuthUtils.setUserValuesOnSession(loadByUserByEmail3, httpServletRequest, httpServletResponse, true);
                        return true;
                    } catch (Exception e4) {
                        return false;
                    }
                }
                Logger.info(LoginFactory.class, "Unable to retrieve user from LDAP/CAS with id: " + decryptString3);
            }
            doLogout(httpServletRequest, httpServletResponse);
            return false;
        }
    }

    public static boolean doLogin(String str, String str2, boolean z, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws NoSuchUserException {
        return doLogin(str, str2, z, httpServletRequest, httpServletResponse, false);
    }

    public static boolean doLogin(String str, String str2, boolean z, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z2) throws NoSuchUserException {
        User loadByUserByEmail;
        boolean z3;
        try {
            Company defaultCompany = PublicCompanyFactory.getDefaultCompany();
            if (defaultCompany.getAuthType().equals(Company.AUTH_TYPE_EA)) {
                if (str.equalsIgnoreCase(APILocator.getUserAPI().getSystemUser().getEmailAddress())) {
                    SecurityLogger.logInfo(LoginFactory.class, "An invalid attempt to login with email as " + str + " from IP: " + httpServletRequest.getRemoteAddr());
                    return false;
                }
            } else if (str.equalsIgnoreCase(APILocator.getUserAPI().getSystemUser().getUserId())) {
                SecurityLogger.logInfo(LoginFactory.class, "An invalid attempt to login with userID as " + str + " from IP: " + httpServletRequest.getRemoteAddr());
                return false;
            }
            if (PRE_AUTHENTICATOR == null || 0 >= PRE_AUTHENTICATOR.length() || !PRE_AUTHENTICATOR.equals(Config.getStringProperty("LDAP_FRONTEND_AUTH_IMPLEMENTATION")) || useCASLoginFilter) {
                loadByUserByEmail = defaultCompany.getAuthType().equals(Company.AUTH_TYPE_EA) ? APILocator.getUserAPI().loadByUserByEmail(str, APILocator.getUserAPI().getSystemUser(), false) : APILocator.getUserAPI().loadUserById(str, APILocator.getUserAPI().getSystemUser(), false);
                if (loadByUserByEmail == null || !UtilMethods.isSet(loadByUserByEmail.getEmailAddress())) {
                    SecurityLogger.logInfo(LoginFactory.class, "An invalid attempt to login or no email set for " + str + " from IP: " + httpServletRequest.getRemoteAddr());
                    throw new NoSuchUserException();
                }
                if (loadByUserByEmail.isNew() || !(Config.getBooleanProperty("ALLOW_INACTIVE_ACCOUNTS_TO_LOGIN", false) || loadByUserByEmail.isActive())) {
                    SecurityLogger.logInfo(LoginFactory.class, "An invalid attempt to login to an inactive account as " + str + " from IP: " + httpServletRequest.getRemoteAddr());
                    return false;
                }
                z3 = true;
                if (!z2) {
                    z3 = passwordMatch(str2, loadByUserByEmail);
                }
                if (z3) {
                    if (useSalesForceLoginFilter) {
                        loadByUserByEmail = SalesForceUtils.migrateUserFromSalesforce(str, httpServletRequest, httpServletResponse, false);
                        String obj = httpServletRequest.getSession().getAttribute("salesforce.instance.url").toString();
                        String obj2 = httpServletRequest.getSession().getAttribute("salesforce.access.token").toString();
                        if (UtilMethods.isSet(obj2) && UtilMethods.isSet(obj)) {
                            SalesForceUtils.syncRoles(loadByUserByEmail.getEmailAddress(), httpServletRequest, httpServletResponse, obj2, obj);
                        }
                    }
                    loadByUserByEmail.setLastLoginDate(new Date());
                    APILocator.getUserAPI().save(loadByUserByEmail, APILocator.getUserAPI().getSystemUser(), false);
                } else if (useSalesForceLoginFilter && loadByUserByEmail.getPassword().equalsIgnoreCase("dotCMSSalesForceFakePassword")) {
                    boolean booleanValue = new Boolean(APILocator.getPluginAPI().loadProperty("com.dotcms.salesforce.plugin", "save_log_info_dotcms_log")).booleanValue();
                    boolean booleanValue2 = new Boolean(APILocator.getPluginAPI().loadProperty("com.dotcms.salesforce.plugin", "save_log_info_useractivity_log")).booleanValue();
                    if (SalesForceUtils.accessSalesForceServer(httpServletRequest, httpServletResponse, loadByUserByEmail.getEmailAddress())) {
                        if (booleanValue) {
                            Logger.info(LoginFactory.class, "dotCMS-Salesforce Plugin: User " + loadByUserByEmail.getEmailAddress() + " was able to connect to Salesforce server from IP: " + httpServletRequest.getRemoteAddr());
                        }
                        if (booleanValue2) {
                            SecurityLogger.logInfo(LoginFactory.class, "dotCMS-Salesforce Plugin :User " + loadByUserByEmail.getEmailAddress() + " was able to connect to Salesforce server from IP: " + httpServletRequest.getRemoteAddr());
                        }
                        String obj3 = httpServletRequest.getSession().getAttribute("salesforce.instance.url").toString();
                        if (UtilMethods.isSet(httpServletRequest.getSession().getAttribute("salesforce.access.token").toString()) && UtilMethods.isSet(obj3)) {
                            z3 = true;
                        }
                    }
                } else if (!useCASLoginFilter) {
                    z3 = false;
                    loadByUserByEmail.setFailedLoginAttempts(loadByUserByEmail.getFailedLoginAttempts() + 1);
                    APILocator.getUserAPI().save(loadByUserByEmail, APILocator.getUserAPI().getSystemUser(), false);
                    SecurityLogger.logInfo(LoginFactory.class, "An invalid attempt to login as " + str + " from IP: " + httpServletRequest.getRemoteAddr());
                } else if (UtilMethods.isSet((String) httpServletRequest.getSession(false).getAttribute("edu.yale.its.tp.cas.client.filter.user"))) {
                    loadByUserByEmail = CASAuthUtils.syncExistingUser(loadByUserByEmail);
                    z3 = true;
                }
            } else {
                int i = 0;
                if (!z2) {
                    i = getLDAPAuth(str, str2, defaultCompany);
                }
                loadByUserByEmail = defaultCompany.getAuthType().equals(Company.AUTH_TYPE_EA) ? APILocator.getUserAPI().loadByUserByEmail(str, APILocator.getUserAPI().getSystemUser(), false) : APILocator.getUserAPI().loadUserById(str, APILocator.getUserAPI().getSystemUser(), false);
                if (!z2) {
                    syncPassword(loadByUserByEmail);
                }
                if (z2 && null != loadByUserByEmail) {
                    i = 1;
                }
                z3 = i == 1;
            }
            if (!z3) {
                return false;
            }
            HttpSession session = httpServletRequest.getSession();
            session.removeAttribute(WebKeys.VISITOR);
            session.setAttribute(WebKeys.CMS_USER, loadByUserByEmail);
            SecurityLogger.logInfo(LoginFactory.class, "User " + str + " has sucessfully login from IP: " + httpServletRequest.getRemoteAddr());
            return true;
        } catch (NoSuchUserException e) {
            Logger.error(LoginFactory.class, "User " + str + " does not exist.", (Throwable) e);
            SecurityLogger.logInfo(LoginFactory.class, "An invalid attempt to login as " + str + " has been made from IP: " + httpServletRequest.getRemoteAddr());
            throw e;
        } catch (Exception e2) {
            Logger.error(LoginFactory.class, "Login Failed: " + e2, (Throwable) e2);
            SecurityLogger.logInfo(LoginFactory.class, "An invalid attempt to login as " + str + " has been made from IP: " + httpServletRequest.getRemoteAddr());
            return false;
        }
    }

    private static void syncPassword(User user) {
        try {
            if (!BaseAuthenticator.SYNC_PASSWORD) {
                if (APILocator.getRoleAPI().doesUserHaveRole(user, LDAPImpl.LDAP_USER_ROLE)) {
                    user.setPassword(DotCustomLoginPostAction.FAKE_PASSWORD);
                    APILocator.getUserAPI().save(user, APILocator.getUserAPI().getSystemUser(), false);
                }
            }
        } catch (Exception e) {
            Logger.debug(LoginFactory.class, "syncPassword not set or unable to load user", (Throwable) e);
        }
    }

    private static int getLDAPAuth(String str, String str2, Company company) throws ClassNotFoundException, InstantiationException, IllegalAccessException, AuthException {
        Authenticator authenticator = (Authenticator) Class.forName(Config.getStringProperty("LDAP_FRONTEND_AUTH_IMPLEMENTATION")).newInstance();
        return company.getAuthType().equals(Company.AUTH_TYPE_EA) ? authenticator.authenticateByEmailAddress(company.getCompanyId(), str, str2) : authenticator.authenticateByUserId(company.getCompanyId(), str, str2);
    }

    public static boolean doLogin(String str, String str2) throws NoSuchUserException {
        boolean passwordMatch;
        try {
            Company defaultCompany = PublicCompanyFactory.getDefaultCompany();
            if (defaultCompany.getAuthType().equals(Company.AUTH_TYPE_EA)) {
                if (str.equalsIgnoreCase(APILocator.getUserAPI().getSystemUser().getEmailAddress())) {
                    SecurityLogger.logInfo(LoginFactory.class, "An invalid attempt to login as " + str + " has been made  - you cannot login as the system user");
                    return false;
                }
            } else if (str.equalsIgnoreCase(APILocator.getUserAPI().getSystemUser().getUserId())) {
                SecurityLogger.logInfo(LoginFactory.class, "An invalid attempt to login as " + str + " has been made  - you cannot login as the system user");
                return false;
            }
            if (PRE_AUTHENTICATOR == null || 0 >= PRE_AUTHENTICATOR.length() || !PRE_AUTHENTICATOR.equals(Config.getStringProperty("LDAP_FRONTEND_AUTH_IMPLEMENTATION"))) {
                User loadByUserByEmail = defaultCompany.getAuthType().equals(Company.AUTH_TYPE_EA) ? APILocator.getUserAPI().loadByUserByEmail(str, APILocator.getUserAPI().getSystemUser(), false) : APILocator.getUserAPI().loadUserById(str, APILocator.getUserAPI().getSystemUser(), false);
                if (loadByUserByEmail == null || !UtilMethods.isSet(loadByUserByEmail.getEmailAddress())) {
                    SecurityLogger.logInfo(LoginFactory.class, "An invalid attempt to login as " + str + " has been made  - user cannot be found");
                    throw new NoSuchUserException();
                }
                if (loadByUserByEmail.isNew() || !(Config.getBooleanProperty("ALLOW_INACTIVE_ACCOUNTS_TO_LOGIN", false) || loadByUserByEmail.isActive())) {
                    SecurityLogger.logInfo(LoginFactory.class, "An invalid attempt to login as " + str + " has been made  - user is marked inactive");
                    return false;
                }
                passwordMatch = passwordMatch(str2, loadByUserByEmail);
                if (!passwordMatch) {
                    loadByUserByEmail.setFailedLoginAttempts(loadByUserByEmail.getFailedLoginAttempts() + 1);
                    APILocator.getUserAPI().save(loadByUserByEmail, APILocator.getUserAPI().getSystemUser(), false);
                }
            } else {
                Authenticator authenticator = (Authenticator) Class.forName(Config.getStringProperty("LDAP_FRONTEND_AUTH_IMPLEMENTATION")).newInstance();
                int authenticateByEmailAddress = defaultCompany.getAuthType().equals(Company.AUTH_TYPE_EA) ? authenticator.authenticateByEmailAddress(defaultCompany.getCompanyId(), str, str2) : authenticator.authenticateByUserId(defaultCompany.getCompanyId(), str, str2);
                User loadByUserByEmail2 = defaultCompany.getAuthType().equals(Company.AUTH_TYPE_EA) ? APILocator.getUserAPI().loadByUserByEmail(str, APILocator.getUserAPI().getSystemUser(), false) : APILocator.getUserAPI().loadUserById(str, APILocator.getUserAPI().getSystemUser(), false);
                try {
                    if (!BaseAuthenticator.SYNC_PASSWORD) {
                        if (APILocator.getRoleAPI().doesUserHaveRole(loadByUserByEmail2, LDAPImpl.LDAP_USER_ROLE)) {
                            loadByUserByEmail2.setPassword(DotCustomLoginPostAction.FAKE_PASSWORD);
                            APILocator.getUserAPI().save(loadByUserByEmail2, APILocator.getUserAPI().getSystemUser(), false);
                        }
                    }
                } catch (Exception e) {
                    Logger.debug(LoginFactory.class, "syncPassword not set or unable to load user", (Throwable) e);
                }
                passwordMatch = authenticateByEmailAddress == 1;
            }
            return passwordMatch;
        } catch (NoSuchUserException e2) {
            SecurityLogger.logInfo(LoginFactory.class, "An invalid attempt to login as " + str + " has been made :" + e2);
            throw e2;
        } catch (Exception e3) {
            SecurityLogger.logInfo(LoginFactory.class, "An invalid attempt to login as " + str + " has been made :" + e3);
            return false;
        }
    }

    public static void doLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        httpServletRequest.getSession().removeAttribute(WebKeys.PENDING_ALERT_SEEN);
        httpServletRequest.getSession().removeAttribute("createAccountForm");
        httpServletRequest.getSession().removeAttribute("checkoutForm");
        httpServletRequest.getSession().removeAttribute(WebKeys.CMS_USER);
        httpServletRequest.getSession().removeAttribute(WebKeys.REDIRECT_AFTER_LOGIN);
        httpServletRequest.getSession().removeAttribute(WebKeys.LOGGED_IN_USER_CATS);
        httpServletRequest.getSession().removeAttribute(WebKeys.LOGGED_IN_USER_TAGS);
        httpServletRequest.getSession().removeAttribute(WebKeys.USER_FAVORITES);
        httpServletRequest.getSession().removeAttribute(WebKeys.VISITOR);
        if (useSalesForceLoginFilter) {
            httpServletRequest.getSession().removeAttribute("salesforce.access.token");
            httpServletRequest.getSession().removeAttribute("salesforce.instance.url");
        }
        httpServletRequest.getSession().invalidate();
    }

    public static boolean passwordMatch(String str, User user) {
        boolean z = false;
        try {
            if (PasswordFactoryProxy.isUnsecurePasswordHash(user.getPassword())) {
                if (!(user.getPassword().equals(str) || user.getPassword().equals(PublicEncryptionFactory.digestString(str)))) {
                    return false;
                }
                z = true;
            } else {
                PasswordFactoryProxy.AuthenticationStatus authPassword = PasswordFactoryProxy.authPassword(str, user.getPassword());
                if (authPassword.equals(PasswordFactoryProxy.AuthenticationStatus.NOT_AUTHENTICATED)) {
                    return false;
                }
                if (authPassword.equals(PasswordFactoryProxy.AuthenticationStatus.NEEDS_REHASH)) {
                    z = true;
                }
            }
            if (z) {
                user.setPassword(PasswordFactoryProxy.generateHash(str));
                user.setLastLoginDate(new Date());
                APILocator.getUserAPI().save(user, APILocator.getUserAPI().getSystemUser(), false);
                SecurityLogger.logInfo(LoginFactory.class, "User password was rehash with id: " + user.getUserId());
            }
            return true;
        } catch (PasswordException | DuplicateUserException | DotDataException | DotSecurityException e) {
            Logger.error(LoginFactory.class, "Error validating password from userId: " + user.getUserId(), (Throwable) e);
            return false;
        }
    }
}
