package org.artifactory.ui.rest.service.admin.security.auth.login;

import org.artifactory.api.security.SecurityService;
import org.artifactory.api.security.UserGroupService;
import org.artifactory.rest.common.service.ArtifactoryRestRequest;
import org.artifactory.rest.common.service.RestResponse;
import org.artifactory.rest.common.service.RestService;
import org.artifactory.security.AccessLogger;
import org.artifactory.security.AuthenticationHelper;
import org.artifactory.security.exceptions.LoginDisabledException;
import org.artifactory.ui.rest.model.admin.security.login.UserLogin;
import org.artifactory.util.HttpUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.AuthenticationException;

/* loaded from: input_file:org/artifactory/ui/rest/service/admin/security/auth/login/AbstractLoginService.class */
public abstract class AbstractLoginService implements RestService {
    private static final Logger log = LoggerFactory.getLogger(AbstractLoginService.class);

    @Autowired
    protected SecurityService securityService;

    @Autowired
    protected UserGroupService userGroupService;

    public final void execute(ArtifactoryRestRequest artifactoryRestRequest, RestResponse restResponse) {
        UserLogin userLogin = (UserLogin) artifactoryRestRequest.getImodel();
        long sessionAccessTime = HttpUtils.getSessionAccessTime(artifactoryRestRequest.getServletRequest());
        try {
            this.securityService.ensureUserIsNotLocked(userLogin.getUser());
            this.securityService.ensureLoginShouldNotBeDelayed(userLogin.getUser(), sessionAccessTime);
            this.securityService.updateUserLastAccess(userLogin.getUser(), HttpUtils.getRemoteClientAddress(artifactoryRestRequest.getServletRequest()), sessionAccessTime);
            doExecute(artifactoryRestRequest, restResponse);
            if (!restResponse.isFailed()) {
                log.debug("User {} has logged in successfully", userLogin.getUser());
                this.securityService.interceptLoginSuccess(userLogin.getUser());
            }
        } catch (CredentialsExpiredException e) {
            restResponse.error(e.getMessage()).responseCode(403);
            restResponse.iModel(new CredentialsExpiredFailedLoginResponse(this.userGroupService.findUser(userLogin.getUser()).isUpdatableProfile()));
        } catch (AuthenticationException e2) {
            log.debug("Username or password is incorrect, cause: ", e2);
            AccessLogger.loginDenied(AuthenticationHelper.getAuthentication(), userLogin.getUser());
            log.debug("Triggering interceptLoginFailure for user {}", userLogin.getUser());
            this.securityService.interceptLoginFailure(userLogin.getUser(), HttpUtils.getSessionAccessTime(artifactoryRestRequest.getServletRequest()));
            restResponse.error("Username or password is incorrect");
            restResponse.responseCode(401);
        } catch (LockedException | LoginDisabledException e3) {
            log.debug("{}, cause: {}", e3.getMessage(), e3);
            restResponse.error(e3.getMessage());
            restResponse.responseCode(403);
        }
    }

    abstract void doExecute(ArtifactoryRestRequest artifactoryRestRequest, RestResponse restResponse);
}
