package org.sentilo.web.catalog.security.service.impl;

import org.sentilo.web.catalog.context.TenantContextHolder;
import org.sentilo.web.catalog.context.TenantContextImpl;
import org.sentilo.web.catalog.domain.User;
import org.sentilo.web.catalog.exception.UserLoginNotAllowedException;
import org.sentilo.web.catalog.security.CatalogUserDetails;
import org.sentilo.web.catalog.security.service.CatalogUserDetailsService;
import org.sentilo.web.catalog.service.UserService;
import org.sentilo.web.catalog.utils.Constants;
import org.sentilo.web.catalog.utils.TenantUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.util.StringUtils;

@Service("userDetailsService")
/* loaded from: input_file:WEB-INF/classes/org/sentilo/web/catalog/security/service/impl/CatalogUserDetailsServiceImpl.class */
public class CatalogUserDetailsServiceImpl implements UserDetailsService, CatalogUserDetailsService {
    private static final Logger LOGGER = LoggerFactory.getLogger(CatalogUserDetailsServiceImpl.class);

    @Autowired
    private UserService userService;

    @Override // org.springframework.security.core.userdetails.UserDetailsService
    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException {
        User find = this.userService.find(new User(str));
        if (find == null) {
            LOGGER.warn("User {} not found!", str);
            throw new UsernameNotFoundException(String.format("%s - Unknown user %s", Constants.AUTH_BAD_CREDENTIALS_CODE, str));
        }
        if (!find.isActive()) {
            LOGGER.warn("User {} is locked.", str);
            throw new LockedException(String.format("%s - User account %s is locked. Contact with administrator platform.", Constants.AUTH_LOCKED_ACCOUNT_CODE, str));
        }
        CatalogUserDetails catalogUserDetails = new CatalogUserDetails(find);
        LOGGER.debug("TenantContextHolder.isEnabled()? {}", Boolean.valueOf(TenantContextHolder.isEnabled()));
        if (TenantContextHolder.isEnabled()) {
            checkUserTenant(catalogUserDetails);
        } else if (catalogUserDetails.isSuperAdminUser()) {
            throw new UserLoginNotAllowedException(String.format("%s - Super admin user %s is not allowed to access to a no multitenant instance of Sentilo.", Constants.AUTH_NO_MULTITENANT_ACCESS_CODE, str));
        }
        return catalogUserDetails;
    }

    @Override // org.sentilo.web.catalog.security.service.CatalogUserDetailsService
    public CatalogUserDetails getCatalogUserDetails() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        Object principal = authentication != null ? authentication.getPrincipal() : null;
        if (principal == null || !(principal instanceof CatalogUserDetails)) {
            return null;
        }
        return (CatalogUserDetails) principal;
    }

    private void checkUserTenant(CatalogUserDetails catalogUserDetails) {
        String currentTenant = TenantUtils.getCurrentTenant();
        boolean z = catalogUserDetails.isSuperAdminUser() || catalogUserDetails.isPlatformUser();
        LOGGER.debug("checkUserTenant: user [{}] - tenant user [{}] - current tenant [{}]", catalogUserDetails.getUsername(), catalogUserDetails.getTenantId(), currentTenant);
        LOGGER.debug("checkUserTenant: superAdminOrPlatformUser? {} ", Boolean.valueOf(z));
        if (StringUtils.hasText(currentTenant)) {
            checkAccessToTenantSite(catalogUserDetails, currentTenant);
            return;
        }
        if (TenantContextHolder.inferTenantFromLogin() && !z && StringUtils.hasText(catalogUserDetails.getTenantId())) {
            TenantContextHolder.setContext(new TenantContextImpl(catalogUserDetails.getTenantId()));
        } else if (!z) {
            throw new UserLoginNotAllowedException(String.format("%s - User %s only can access to their organization site.", Constants.AUTH_ACCESS_NOT_ALLOWED_CODE, catalogUserDetails.getUsername()));
        }
    }

    private void checkAccessToTenantSite(CatalogUserDetails catalogUserDetails, String str) {
        if (catalogUserDetails.isSuperAdminUser()) {
            throw new UserLoginNotAllowedException(String.format("%s - Super admin can't access to an organization site", Constants.AUTH_ACCESS_NOT_ALLOWED_CODE));
        }
        if (!str.equals(catalogUserDetails.getTenantId())) {
            throw new UserLoginNotAllowedException(String.format("%s - User %s don't belong to site %s", Constants.AUTH_ACCESS_NOT_ALLOWED_CODE, catalogUserDetails.getUsername(), str));
        }
    }
}
