package com.appiancorp.rpa.login;

import com.appiancorp.ag.constant.Constants;
import com.appiancorp.core.configuration.FeatureToggles;
import com.appiancorp.security.auth.GroupServiceHelper;
import com.appiancorp.security.auth.token.UserTokenException;
import com.appiancorp.security.auth.token.UserTokenService;
import com.appiancorp.suiteapi.cfg.Configuration;
import com.appiancorp.suiteapi.common.exceptions.InvalidGroupException;
import com.appiancorp.suiteapi.personalization.UserProfile;
import com.appiancorp.suiteapi.personalization.UserProfileService;
import java.io.IOException;
import java.util.Arrays;
import java.util.function.Supplier;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.log4j.Logger;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.web.HttpRequestHandler;

/* loaded from: input_file:com/appiancorp/rpa/login/AppianRpaLoginRequestHandler.class */
public class AppianRpaLoginRequestHandler implements HttpRequestHandler {
    private static Logger LOG = Logger.getLogger(AppianRpaLoginRequestHandler.class);
    private final UserTokenService userTokenService;
    private final Supplier<String> userSupplier;
    private final GroupServiceHelper groupServiceHelper;
    private final String targetUrl;
    private final boolean isSecure;
    private final UserProfileService userProfileService;

    public AppianRpaLoginRequestHandler(UserTokenService userTokenService, Configuration configuration, Supplier<String> supplier, UserProfileService userProfileService, GroupServiceHelper groupServiceHelper, FeatureToggles featureToggles) {
        this.userTokenService = userTokenService;
        this.userSupplier = supplier;
        this.groupServiceHelper = groupServiceHelper;
        String internalRpaUrl = featureToggles.getInternalRpaUrl();
        if (internalRpaUrl == null) {
            this.targetUrl = configuration.getScheme() + "://" + configuration.getServerAndPort() + "/rpa/";
        } else {
            this.targetUrl = internalRpaUrl;
        }
        this.isSecure = configuration.getScheme().equalsIgnoreCase("https");
        this.userProfileService = userProfileService;
    }

    public void handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (!HttpMethod.GET.matches(httpServletRequest.getMethod())) {
            httpServletResponse.sendError(HttpStatus.FORBIDDEN.value());
            LOG.debug("This endpoint only accepts GET request, received: " + httpServletRequest.getMethod());
            return;
        }
        String str = this.userSupplier.get();
        if (!isAdminOrDesignerUserOrOpsMgr(str)) {
            LOG.debug("Only Designers or Admins may use this endpoint");
            httpServletResponse.sendError(HttpStatus.FORBIDDEN.value());
            return;
        }
        try {
            LOG.debug("Redirecting user: " + str + " to /rpa");
            Cookie cookie = new Cookie("RPA-SSO-TOKEN", this.userTokenService.generateEncryptedToken(str));
            cookie.setHttpOnly(true);
            cookie.setSecure(this.isSecure);
            cookie.setPath("/rpa/");
            cookie.setMaxAge(60);
            httpServletResponse.addCookie(cookie);
            LOG.debug("Redirecting user: " + str + " to " + this.targetUrl);
            httpServletResponse.sendRedirect(this.targetUrl);
        } catch (UserTokenException e) {
            LOG.error("Failed to create token for user", e);
            httpServletResponse.sendError(HttpStatus.INTERNAL_SERVER_ERROR.value());
        }
    }

    private boolean isAdminOrDesignerUserOrOpsMgr(String str) {
        if (UserProfile.USER_TYPE_SYS_ADMIN.equals(this.userProfileService.getUser(str).getUserTypeId())) {
            return true;
        }
        try {
            return Arrays.asList(ArrayUtils.toObject(this.groupServiceHelper.isUserMemberOfAuthGroups(str, new String[]{Constants.UUID_GROUP_ROLE_DESIGNERS, Constants.UUID_GROUP_ROLE_RPA_OPERATIONS_MANAGERS}))).stream().anyMatch(bool -> {
                return bool.booleanValue();
            });
        } catch (InvalidGroupException e) {
            LOG.error("Unable to determine if user should be able to use RPA", e);
            return false;
        }
    }
}
