package com.liferay.portal.action;

import com.dotcms.repackage.org.apache.struts.action.Action;
import com.dotcms.repackage.org.apache.struts.action.ActionForm;
import com.dotcms.repackage.org.apache.struts.action.ActionForward;
import com.dotcms.repackage.org.apache.struts.action.ActionMapping;
import com.dotcms.util.SecurityUtils;
import com.dotmarketing.beans.Host;
import com.dotmarketing.business.APILocator;
import com.dotmarketing.business.Layout;
import com.dotmarketing.business.Role;
import com.dotmarketing.business.RoleAPI;
import com.dotmarketing.business.web.HostWebAPI;
import com.dotmarketing.business.web.UserWebAPI;
import com.dotmarketing.business.web.WebAPILocator;
import com.dotmarketing.cms.login.factories.LoginFactory;
import com.dotmarketing.util.Logger;
import com.dotmarketing.util.UtilMethods;
import com.liferay.portal.auth.PrincipalThreadLocal;
import com.liferay.portal.model.User;
import com.liferay.portal.util.Constants;
import com.liferay.portal.util.PortalUtil;
import com.liferay.portal.util.WebKeys;
import com.liferay.portlet.PortletURLImpl;
import com.liferay.util.StringPool;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/liferay/portal/action/LoginAsAction.class */
public class LoginAsAction extends Action {
    RoleAPI roleAPI = APILocator.getRoleAPI();

    public ActionForward execute(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        Host findDefaultHost;
        User user = PortalUtil.getUser(httpServletRequest);
        Role findRoleByFQN = this.roleAPI.findRoleByFQN("System --> Login As");
        Role findRoleByFQN2 = this.roleAPI.findRoleByFQN("System --> Administrator");
        if (!this.roleAPI.doesUserHaveRole(user, findRoleByFQN)) {
            Logger.info(this, "An attempt to login as a different user was made by " + user.getFullName() + " (" + user.getUserId() + "), without permission to login as. Remote IP: " + httpServletRequest.getRemoteAddr() + ". Hack Attempt?.");
            Thread.sleep(10000L);
            throw new Exception("Unable to login as without the proper Login As role");
        }
        String parameter = httpServletRequest.getParameter("portal_login_as_user");
        if (!UtilMethods.isSet(parameter) && !parameter.startsWith("user-")) {
            Logger.info(this, "An invalid request to login as a different user was made by " + user.getFullName() + " (" + user.getUserId() + "), without the required user id parameter. Remote IP: " + httpServletRequest.getRemoteAddr() + ". Hack Attempt?.");
            return actionMapping.findForward(Constants.COMMON_REFERER);
        }
        String str = parameter.split(StringPool.DASH)[1];
        User loadUserById = APILocator.getUserAPI().loadUserById(str, APILocator.getUserAPI().getSystemUser(), false);
        List<Layout> loadLayoutsForUser = APILocator.getLayoutAPI().loadLayoutsForUser(loadUserById);
        if (loadLayoutsForUser == null || loadLayoutsForUser.size() == 0 || !UtilMethods.isSet(loadLayoutsForUser.get(0).getId())) {
            httpServletRequest.getSession().setAttribute("portal_login_as_error", "user-without-portlet");
            Logger.info(this, "An invalid request to login as a different user was made by " + user.getFullName() + " (" + user.getUserId() + "), user dont have layouts. Remote IP: " + httpServletRequest.getRemoteAddr());
            return actionMapping.findForward(Constants.COMMON_REFERER);
        }
        if (this.roleAPI.doesUserHaveRole(loadUserById, findRoleByFQN2) || this.roleAPI.doesUserHaveRole(loadUserById, APILocator.getRoleAPI().loadCMSAdminRole())) {
            String parameter2 = httpServletRequest.getParameter("portal_login_as_password");
            if (!UtilMethods.isSet(parameter2)) {
                httpServletRequest.getSession().setAttribute("portal_login_as_error", "please-enter-a-valid-password");
                Logger.info(this, "An invalid request to login as a different user was made by " + user.getFullName() + " (" + user.getUserId() + "), invalid user password submitted. Remote IP: " + httpServletRequest.getRemoteAddr());
                return actionMapping.findForward(Constants.COMMON_REFERER);
            }
            if (!LoginFactory.passwordMatch(parameter2, user)) {
                httpServletRequest.getSession().setAttribute("portal_login_as_error", "please-enter-a-valid-password");
                Logger.info(this, "An invalid request to login as a different user was made by " + user.getFullName() + " (" + user.getUserId() + "), invalid user password submitted. Remote IP: " + httpServletRequest.getRemoteAddr());
                return actionMapping.findForward(Constants.COMMON_REFERER);
            }
        }
        if (str.equals(user.getUserId())) {
            Logger.info(this, "An invalid request to login as a different user was made by " + user.getFullName() + " (" + user.getUserId() + "), trying to login as himself, request ignored. Remote IP: " + httpServletRequest.getRemoteAddr());
            return actionMapping.findForward(Constants.COMMON_REFERER);
        }
        if (httpServletRequest.getSession().getAttribute(WebKeys.PRINCIPAL_USER_ID) == null) {
            httpServletRequest.getSession().setAttribute(WebKeys.PRINCIPAL_USER_ID, user.getUserId());
        }
        httpServletRequest.getSession().setAttribute(WebKeys.USER_ID, str);
        PrincipalThreadLocal.setName(str);
        Logger.info(this, "User " + user.getFullName() + " (" + user.getUserId() + "), has sucessfully login as " + loadUserById.getFullName() + " (" + str + "). Remote IP: " + httpServletRequest.getRemoteAddr());
        try {
            HostWebAPI hostWebAPI = WebAPILocator.getHostWebAPI();
            UserWebAPI userWebAPI = WebAPILocator.getUserWebAPI();
            User systemUser = userWebAPI.getSystemUser();
            boolean z = !userWebAPI.isLoggedToBackend(httpServletRequest);
            String serverName = httpServletRequest.getServerName();
            if (UtilMethods.isSet(serverName)) {
                findDefaultHost = hostWebAPI.findByName(serverName, systemUser, z);
                if (findDefaultHost == null) {
                    findDefaultHost = hostWebAPI.findByAlias(serverName, systemUser, z);
                }
                if (findDefaultHost == null) {
                    findDefaultHost = hostWebAPI.findDefaultHost(systemUser, z);
                }
            } else {
                findDefaultHost = hostWebAPI.findDefaultHost(systemUser, z);
            }
            httpServletRequest.getSession().setAttribute(com.dotmarketing.util.WebKeys.CURRENT_HOST, findDefaultHost);
            httpServletResponse.sendRedirect(SecurityUtils.stripReferer(httpServletRequest, new PortletURLImpl(httpServletRequest, loadLayoutsForUser.get(0).getPortletIds().get(0), loadLayoutsForUser.get(0).getId(), false).toString()));
            return null;
        } catch (Exception e) {
            Logger.error((Class) getClass(), "LoginAs redirect failed logging in as :" + loadUserById);
            return actionMapping.findForward(Constants.COMMON_REFERER);
        }
    }
}
