package com.kcloud.ms.authentication.controller;

import com.goldgov.kduck.dao.ParamMap;
import com.goldgov.kduck.module.resource.service.ResourceOperate;
import com.goldgov.kduck.service.ValueMap;
import com.goldgov.kduck.web.json.JsonObject;
import com.kcloud.ms.authentication.GlobalConstant;
import com.kcloud.ms.authentication.baseaccount.service.Account;
import com.kcloud.ms.authentication.baseaccount.service.AccountConfigService;
import com.kcloud.ms.authentication.baseaccount.service.AccountCredential;
import com.kcloud.ms.authentication.baseaccount.service.AccountCredentialService;
import com.kcloud.ms.authentication.baseaccount.service.AccountService;
import com.kcloud.ms.authentication.baseaccount.service.config.AccountConfig;
import com.kcloud.ms.authentication.baseaccount.service.config.LoginConfig;
import com.kcloud.ms.authentication.baseaccount.service.credential.impl.RandomCredentialGeneratorImpl;
import com.kcloud.ms.authentication.baseaccount.service.credential.random.RandomChar;
import com.kcloud.ms.authentication.baseapp.service.BaseAppServiceImpl;
import com.kcloud.ms.authentication.cache.CacheHolder;
import com.kcloud.ms.authentication.filter.AuthenticationFailureStrategyFilter;
import com.kcloud.ms.authentication.security.CustomUserDatails;
import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiOperationSupport;
import io.swagger.annotations.DynamicParameter;
import io.swagger.annotations.DynamicResponseParameters;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent;
import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerEndpointsConfiguration;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.util.Assert;
import org.springframework.util.DigestUtils;
import org.springframework.util.ObjectUtils;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import springfox.documentation.annotations.ApiIgnore;

@RestController
/* loaded from: input_file:com/kcloud/ms/authentication/controller/LoginController.class */
public class LoginController implements ApplicationContextAware {

    @Autowired
    private TokenStore tokenStore;

    @Autowired
    AuthorizationServerEndpointsConfiguration endpoints;

    @Autowired
    BaseAppServiceImpl baseappService;

    @Autowired
    AccountService accountService;

    @Autowired
    AccountCredentialService accountCredentialService;

    @Autowired
    AccountConfigService accountConfigService;
    private ApplicationContext applicationContext;

    @Autowired
    RandomCredentialGeneratorImpl generator;

    @Autowired
    PasswordEncoder passwordEncoder;

    @PostMapping({"/sso/token"})
    @ApiImplicitParams({@ApiImplicitParam(name = AuthenticationFailureStrategyFilter.FORM_USERNAME_KEY, required = true, value = "登录名", paramType = "form"), @ApiImplicitParam(name = "password", required = true, value = "登录密码", paramType = "form")})
    @ApiOperation(value = "登录获取用户访问令牌", tags = {"登录登出"}, notes = "基于oauth2密码模式登录,返回access_token,用于内部平台登录使用")
    @ResponseBody
    public JsonObject getLoginToken(@RequestParam("username") String str, @RequestParam("password") String str2, @RequestParam("appId") String str3, @ApiIgnore HttpServletRequest httpServletRequest, @ApiIgnore HttpServletResponse httpServletResponse) {
        CacheHolder.remove(str + "." + ResourceOperate.class.getName());
        ValueMap valueMap = this.baseappService.get("BASE_APP", str3);
        JsonObject jsonObject = new JsonObject();
        if (ObjectUtils.isEmpty(valueMap) || 1 == valueMap.getValueAsInt("status")) {
            jsonObject.setCode(JsonObject.FAIL.getCode());
            jsonObject.setMessage("该应用已处于离线状态。");
        } else {
            UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(str, str2);
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put("grant_type", "password");
            String parameter = httpServletRequest.getParameter(GlobalConstant.GRAPH_ID);
            if (parameter != null) {
                linkedHashMap.put(GlobalConstant.GRAPH_ID, parameter);
            }
            usernamePasswordAuthenticationToken.setDetails(linkedHashMap);
            try {
                OAuth2AccessToken token = getToken(str, str2, valueMap);
                jsonObject.setCode(JsonObject.SUCCESS.getCode());
                jsonObject.setData(token);
                this.applicationContext.publishEvent(new InteractiveAuthenticationSuccessEvent(usernamePasswordAuthenticationToken, getClass()));
            } catch (Exception e) {
                this.applicationContext.publishEvent(new AuthenticationFailureBadCredentialsEvent(usernamePasswordAuthenticationToken, new BadCredentialsException(str + " login fail.")));
                httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
                jsonObject.setCode(JsonObject.FAIL.getCode());
                jsonObject.setMessage(e.getMessage());
                return jsonObject;
            }
        }
        return jsonObject;
    }

    @PostMapping({"/sso/user"})
    @ApiImplicitParams({@ApiImplicitParam(name = "appId", required = true, value = "应用ID")})
    @ApiOperation(value = "登录获取用户访问令牌", tags = {"登录登出"}, notes = "基于oauth2密码模式登录,返回access_token。接口需要设置header头")
    @ApiOperationSupport(responses = @DynamicResponseParameters(properties = {@DynamicParameter(value = "状态码 0为成功，1为失败", name = "code", dataTypeClass = Integer.class), @DynamicParameter(value = "数据集", name = "data"), @DynamicParameter(value = "失败信息", name = "message")}))
    @ResponseBody
    public JsonObject getLoginToken(@ApiIgnore Principal principal, @RequestParam("appId") String str) {
        ValueMap valueMap = this.baseappService.get("BASE_APP", str);
        JsonObject jsonObject = new JsonObject();
        if (ObjectUtils.isEmpty(valueMap) || 1 == valueMap.getValueAsInt("status")) {
            jsonObject.setCode(JsonObject.FAIL.getCode());
            jsonObject.setMessage("该应用已处于离线状态。");
        } else {
            try {
                CustomUserDatails customUserDatails = (CustomUserDatails) ((UsernamePasswordAuthenticationToken) principal).getPrincipal();
                OAuth2AccessToken token = getToken(principal.getName(), customUserDatails.getOrgPassword(), valueMap);
                jsonObject.setCode(JsonObject.SUCCESS.getCode());
                jsonObject.setData(token);
                customUserDatails.setOrgPassword(null);
            } catch (Exception e) {
                jsonObject.setCode(JsonObject.FAIL.getCode());
                jsonObject.setMessage(e.getMessage());
            }
        }
        return jsonObject;
    }

    @PostMapping({"/sso/logout"})
    @ApiImplicitParams({@ApiImplicitParam(name = "refreshToken", required = true, value = "刷新令牌", paramType = "form")})
    @ApiOperation(value = "退出并移除令牌", tags = {"登录登出"}, notes = "退出并移除令牌,令牌将失效")
    @ResponseBody
    public JsonObject removeToken(@RequestParam String str) {
        JsonObject jsonObject = new JsonObject();
        jsonObject.setCode(0);
        try {
            this.tokenStore.removeRefreshToken(this.tokenStore.readRefreshToken(str));
        } catch (Exception e) {
            jsonObject.setCode(1);
            jsonObject.setMessage(e.getMessage());
        }
        return jsonObject;
    }

    public OAuth2AccessToken getToken(String str, String str2, ValueMap valueMap) throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put(AuthenticationFailureStrategyFilter.FORM_USERNAME_KEY, str);
        hashMap.put("password", str2);
        hashMap.put(AuthenticationFailureStrategyFilter.OAUTH2_USERNAME_KEY, valueMap.getValueAsString("appKey"));
        hashMap.put("client_secret", valueMap.getValueAsString("appSecret"));
        hashMap.put("grant_type", "password");
        Assert.notNull(hashMap.get(AuthenticationFailureStrategyFilter.OAUTH2_USERNAME_KEY), "client_id not null");
        Assert.notNull(hashMap.get("client_secret"), "client_secret not null");
        return (OAuth2AccessToken) this.endpoints.tokenEndpoint().postAccessToken(new UsernamePasswordAuthenticationToken(hashMap.get(AuthenticationFailureStrategyFilter.OAUTH2_USERNAME_KEY), hashMap.get("client_secret"), Collections.emptyList()), hashMap).getBody();
    }

    @PostMapping({"/sso/refreshToken"})
    @ApiImplicitParams({@ApiImplicitParam(name = "appId", required = true, value = "应用ID", paramType = "form"), @ApiImplicitParam(name = "refreshToken", required = true, value = "刷新令牌", paramType = "form")})
    @ApiOperation(value = "刷新令牌", tags = {"登录登出"}, notes = "access_token过期后使用refreshToken进行刷新。")
    @ResponseBody
    public OAuth2AccessToken refreshTokenRefreshToken(@RequestParam("appId") String str, @RequestParam("refreshToken") String str2) throws Exception {
        ValueMap valueMap = this.baseappService.get("BASE_APP", str);
        HashMap hashMap = new HashMap();
        hashMap.put(AuthenticationFailureStrategyFilter.OAUTH2_USERNAME_KEY, valueMap.getValueAsString("appKey"));
        hashMap.put("client_secret", valueMap.getValueAsString("appSecret"));
        hashMap.put("grant_type", "refresh_token");
        hashMap.put("refresh_token", str2);
        return (OAuth2AccessToken) this.endpoints.tokenEndpoint().postAccessToken(new UsernamePasswordAuthenticationToken(hashMap.get(AuthenticationFailureStrategyFilter.OAUTH2_USERNAME_KEY), hashMap.get("client_secret"), Collections.emptyList()), hashMap).getBody();
    }

    @ApiImplicitParams({@ApiImplicitParam(name = "userName", required = true, value = "账号名")})
    @ApiOperation(value = "获取登录方式及验证码有无", tags = {"登录登出"}, notes = "获取登录方式及验证码有无。")
    @GetMapping({"/sso/code/check"})
    @ResponseBody
    public JsonObject getVerificationCode(String str) {
        List list = (List) CacheHolder.get(str);
        AccountConfig accountConfig = (AccountConfig) this.accountConfigService.loadConfig().get("ACCOUNT_CONFIG");
        JsonObject jsonObject = new JsonObject();
        if (list == null || list.isEmpty() || list.size() < accountConfig.getSecurity().getValidCodeTryNum().intValue() - 1) {
            jsonObject.setData(false);
            return jsonObject;
        }
        jsonObject.setData(true);
        return jsonObject;
    }

    @ApiImplicitParams({@ApiImplicitParam(name = "phone", required = true, value = "手机号")})
    @ApiOperation(value = "手机号登陆获得验证码", tags = {"登录登出"}, notes = "手机号登陆获得验证码")
    @GetMapping({"/sso/phoneLogin"})
    @ResponseBody
    public JsonObject phoneLogin(String str) {
        AccountCredential credentialByName = this.accountCredentialService.getCredentialByName(str);
        if (credentialByName == null || credentialByName.equals("")) {
            return new JsonObject((Object) null, -1, "没有找到该用户");
        }
        AccountConfig accountConfig = new AccountConfig();
        AccountConfig.CredentialConfig credentialConfig = new AccountConfig.CredentialConfig();
        credentialConfig.setMinLength(6);
        credentialConfig.setRules(new String[]{"Number"});
        accountConfig.setCredential(credentialConfig);
        String generate = this.generator.generate(accountConfig);
        CacheHolder.put(str + "_verification", generate, 90L);
        return new JsonObject(generate);
    }

    @ApiImplicitParams({@ApiImplicitParam(name = "phoneOrEmail", value = "手机或邮箱号码")})
    @ApiOperation(value = "手机或邮箱获取验证码", tags = {"登录登出"}, notes = "手机或邮箱获取验证码")
    @GetMapping({"/sso/getVerification"})
    @ResponseBody
    public JsonObject getVerification(String str) {
        if (this.accountCredentialService.getCredentialByName(str) == null) {
            return new JsonObject((Object) null, -1, "未在系统中注册");
        }
        List randomChar = RandomCredentialGeneratorImpl.getRandomChar(new String[]{"Number"});
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < 6; i++) {
            sb.append(((RandomChar) randomChar.get((int) (Math.random() * randomChar.size()))).getChar());
        }
        CacheHolder.put(str + "_verifyCode", sb.toString(), 90L);
        return new JsonObject(sb.toString());
    }

    @ApiImplicitParams({@ApiImplicitParam(name = "phoneOrEmail", value = "手机或邮箱号码"), @ApiImplicitParam(name = "verifyCode", value = "验证码")})
    @ApiOperation(value = "确认码验证", tags = {"登录登出"}, notes = "确认码验证返回密码重置链接")
    @GetMapping({"/sso/checkverifyCode"})
    @ResponseBody
    public JsonObject verifycodetrue(String str, String str2) {
        String str3 = (String) CacheHolder.get(str + "_verifyCode");
        if (str3 == null || !str3.equals(str2)) {
            return new JsonObject(false);
        }
        AccountCredential credentialByName = this.accountCredentialService.getCredentialByName(str);
        if (credentialByName == null) {
            return new JsonObject((Object) null, -1, "未找到账号");
        }
        this.accountService.getAccount(credentialByName.getAccountId());
        return new JsonObject(true);
    }

    @ApiImplicitParams({@ApiImplicitParam(name = "phoneOrEmail", value = "手机或邮箱号码"), @ApiImplicitParam(name = "", value = "手机或邮箱号码")})
    @ApiOperation(value = "邮箱获得链接", tags = {"登录登出"}, notes = "邮箱获得链接")
    @GetMapping({"/sso/emailgeturl"})
    @ResponseBody
    public JsonObject verifycodetrue(HttpServletRequest httpServletRequest, String str) {
        AccountCredential credentialByName = this.accountCredentialService.getCredentialByName(str);
        if (credentialByName == null) {
            return new JsonObject((Object) null, -1, "未找到账号");
        }
        return new JsonObject(getUrl(httpServletRequest.getServerName(), this.accountService.getAccount(credentialByName.getAccountId()).getAccountId()));
    }

    private String getUrl(String str, String str2) {
        long currentTimeMillis = System.currentTimeMillis();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("accountId", str2);
        linkedHashMap.put("timeStamp", Long.valueOf(currentTimeMillis));
        linkedHashMap.put("saltValue", "abcdefg");
        Account account = this.accountService.getAccount(str2);
        StringBuilder sb = new StringBuilder(account.getDisplayName() + "(" + account.getAccountName() + ")  ");
        sb.append(str);
        sb.append("/login/sso/#/admin/resetPassword?");
        sb.append("accountId=");
        sb.append(linkedHashMap.get("accountId"));
        sb.append("&timeStamp=");
        sb.append(linkedHashMap.get("timeStamp"));
        StringBuilder sb2 = new StringBuilder();
        linkedHashMap.forEach((str3, obj) -> {
            sb2.append(obj);
            sb2.append('/');
        });
        String md5DigestAsHex = DigestUtils.md5DigestAsHex(sb2.substring(0, sb2.length() - 1).getBytes());
        sb.append("&sign=");
        sb.append(md5DigestAsHex);
        return sb.toString();
    }

    @GetMapping({"/sso/resetpassword"})
    @ApiImplicitParams({@ApiImplicitParam(name = "accountId", value = "账户id"), @ApiImplicitParam(name = "password", value = "密码")})
    @ApiOperation(value = "重置密码", tags = {"登录登出"}, notes = "密码重置")
    public JsonObject resetpassword(String str, String str2) {
        Account account = new Account();
        account.setAccountId(str);
        account.setPassword(this.passwordEncoder.encode(str2));
        this.accountService.update(account);
        return JsonObject.SUCCESS;
    }

    @ApiImplicitParams({@ApiImplicitParam(name = "accountName", value = "账户名")})
    @ApiOperation(value = "验证账户是否存在", tags = {"登录登出"})
    @GetMapping({"/sso/verifyAccountName"})
    @ResponseBody
    public JsonObject updatesubAccount(String str) {
        return this.accountService.getAccountByName(str) != null ? new JsonObject(true) : new JsonObject(false);
    }

    @ApiImplicitParams({@ApiImplicitParam(name = "accountName", value = "账户名"), @ApiImplicitParam(name = "credentialType", value = "手机为2，邮箱为3")})
    @ApiOperation(value = "验证账户是否绑定手机或邮箱", tags = {"登录登出"})
    @GetMapping({"/sso/verifyAccountBind"})
    @ResponseBody
    public JsonObject verifyAccountBind(String str, Integer num) {
        Account accountByName = this.accountService.getAccountByName(str);
        AccountCredential accountCredential = new AccountCredential();
        accountCredential.setAccountId(accountByName.getAccountId());
        for (AccountCredential accountCredential2 : this.accountCredentialService.listAccountCredential(accountCredential)) {
            if (accountCredential2.getCredentialType().equals(num)) {
                HashMap hashMap = new HashMap();
                hashMap.put("accountid", accountByName.getAccountId());
                hashMap.put("credentialName", accountCredential2.getCredentialName());
                return new JsonObject(hashMap);
            }
        }
        return new JsonObject((Object) null, -1, "该用户未绑定");
    }

    @GetMapping({"/sso/getPasswordDeploy"})
    @ApiOperation(value = "获取密码强度", tags = {"登录登出"}, notes = "获取密码强度")
    public JsonObject getPasswordDeploy() {
        AccountConfig accountConfig = (AccountConfig) this.accountConfigService.loadConfig().get("ACCOUNT_CONFIG");
        if (accountConfig == null || accountConfig.getCredential() == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder("密码长度");
        sb.append(accountConfig.getCredential().getMinLength());
        sb.append("到");
        sb.append(accountConfig.getCredential().getMaxLength());
        sb.append("位");
        String[] rules = accountConfig.getCredential().getRules();
        if (rules != null && rules.length > 0) {
            sb.append("，应包含");
            sb.append((String) Stream.of((Object[]) rules).map(str -> {
                return str.equals("CapitalLetter") ? "大写字母" : str.equals("LowerLetter") ? "小写字母" : str.equals("Number") ? "数字" : str.equals("SpecialCharachter") ? "特殊字符" : "";
            }).collect(Collectors.joining(",")));
        }
        return new JsonObject(sb.toString());
    }

    @ApiImplicitParam(name = "characters", value = "字符串")
    @GetMapping({"/sso/charactersstrength"})
    @ApiOperation(value = "验证字符串强度", tags = {"登录登出"}, notes = "验证字符串强度")
    public JsonObject charactersstrength(String str) {
        return !verifyCharacters(str) ? new JsonObject((Object) null, -1, "强度不符合规格") : JsonObject.SUCCESS;
    }

    private boolean verifyCharacters(String str) {
        AccountConfig.CredentialConfig credential = ((AccountConfig) this.accountConfigService.loadConfig().get("ACCOUNT_CONFIG")).getCredential();
        if (str.length() < credential.getMinLength().intValue() || str.length() > credential.getMaxLength().intValue()) {
            return false;
        }
        Iterator it = RandomCredentialGeneratorImpl.getRandomChar(credential.getRules()).iterator();
        while (it.hasNext()) {
            if (!((RandomChar) it.next()).isType(str)) {
                return false;
            }
        }
        return true;
    }

    @GetMapping({"/sso/resetPage"})
    @ApiImplicitParams({@ApiImplicitParam(name = "accountId", value = "账户id"), @ApiImplicitParam(name = "timeStamp", value = "时间戳"), @ApiImplicitParam(name = "sign", value = "签名")})
    @ApiOperation(value = "忘记密码页面", tags = {"登录登出"}, notes = "账户密码重置流程")
    public JsonObject resetPage(String str, String str2, String str3) {
        return verifySignature(str, str2, str3) ? verifyTime(str2) ? this.accountService.getCount(ParamMap.create("accountId", str).toMap()).longValue() > 0 ? new JsonObject(true) : new JsonObject((Object) null, -1, "查无此人") : new JsonObject((Object) null, -1, "签名已过期") : new JsonObject((Object) null, -1, "签名错误");
    }

    @GetMapping({"/enableLoginMode"})
    @ApiOperation(value = "获取当前启用的登录方式", tags = {"登录登出"}, notes = "获取当前启用的登录方式")
    public JsonObject getEnableLoginMode() {
        LoginConfig loginConfig = (LoginConfig) this.accountConfigService.loadConfig("LOGIN_CONFIG", LoginConfig.class);
        ArrayList arrayList = new ArrayList();
        LoginConfig.LoginMode loginMode = loginConfig.getLoginMode();
        if (loginMode != null) {
            if (loginMode.getEnablePasswordLogin() == LoginConfig.STATUS_ENABLE_YES) {
                arrayList.add("PasswordLogin");
            }
            if (loginMode.getEnableSmsLogin() == LoginConfig.STATUS_ENABLE_YES) {
                arrayList.add("SmsLogin");
            }
            if (loginMode.getEnableThirdPartyLogin() == LoginConfig.STATUS_ENABLE_YES) {
                arrayList.add("ThirdPartyLogin");
            }
            if (loginMode.getEnableWeixinLogin() == LoginConfig.STATUS_ENABLE_YES) {
                arrayList.add("WeixinLogin");
            }
            if (loginMode.getEnableDingtalkLogin() == LoginConfig.STATUS_ENABLE_YES) {
                arrayList.add("DingtalkLogin");
            }
        }
        return new JsonObject(arrayList);
    }

    private boolean verifySignature(String... strArr) {
        return DigestUtils.md5DigestAsHex((strArr[0] + "/" + strArr[1] + "/abcdefg").getBytes()).equals(strArr[2]);
    }

    private boolean verifyTime(String str) {
        return (System.currentTimeMillis() - Long.parseLong(str)) / 60000 < 15;
    }

    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        this.applicationContext = applicationContext;
    }
}
