package com.erudika.para.server.security;

import com.erudika.para.core.App;
import com.erudika.para.core.utils.Para;
import com.erudika.para.server.rest.RestUtils;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.web.util.UriComponents;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:com/erudika/para/server/security/SimpleAuthenticationFailureHandler.class */
public class SimpleAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

    public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        App read;
        String appidFromAuthRequest = SecurityUtils.getAppidFromAuthRequest(httpServletRequest);
        if (!StringUtils.isBlank(appidFromAuthRequest) && (read = Para.getDAO().read(App.id(appidFromAuthRequest))) != null) {
            String str = (String) read.getSetting("signin_failure");
            Set<String> hostUrlAliasesForReturn = SecurityUtils.getHostUrlAliasesForReturn(read);
            String hostUrlFromQueryStringOrStateParam = SecurityUtils.getHostUrlFromQueryStringOrStateParam(hostUrlAliasesForReturn, httpServletRequest);
            if (read.isRootApp() && StringUtils.isBlank(str)) {
                str = Para.getConfig().signinFailurePath();
            }
            if (!StringUtils.isBlank(hostUrlFromQueryStringOrStateParam)) {
                if (hostUrlAliasesForReturn.contains(hostUrlFromQueryStringOrStateParam) || StringUtils.startsWith(str, hostUrlFromQueryStringOrStateParam)) {
                    str = UriComponentsBuilder.fromUriString(str).host(UriComponentsBuilder.fromUriString(hostUrlFromQueryStringOrStateParam).build().getHost()).toUriString();
                } else {
                    UriComponents build = UriComponentsBuilder.fromUriString(str).build();
                    str = build.getScheme() + "://" + build.getHost();
                }
            }
            if (StringUtils.contains(str, "cause=?")) {
                str = str.replace("cause=?", "cause=" + authenticationException.getMessage());
            }
            if (!StringUtils.isBlank(str)) {
                this.redirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, str);
                return;
            }
        }
        if (isRestRequest(httpServletRequest)) {
            RestUtils.returnStatusResponse(httpServletResponse, 401, authenticationException.getMessage());
        } else {
            super.onAuthenticationFailure(httpServletRequest, httpServletResponse, authenticationException);
        }
    }

    protected boolean isRestRequest(HttpServletRequest httpServletRequest) {
        return RestRequestMatcher.INSTANCE.matches(httpServletRequest) || AjaxRequestMatcher.INSTANCE.matches(httpServletRequest);
    }
}
