package org.thingsboard.server.service.security.auth.rest;

import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.beans.ConstructorProperties;
import java.io.IOException;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
import org.thingsboard.common.util.JacksonUtil;
import org.thingsboard.server.common.data.security.Authority;
import org.thingsboard.server.common.data.security.model.JwtPair;
import org.thingsboard.server.service.security.auth.MfaAuthenticationToken;
import org.thingsboard.server.service.security.auth.mfa.config.TwoFaConfigManager;
import org.thingsboard.server.service.security.model.SecurityUser;
import org.thingsboard.server.service.security.model.token.JwtTokenFactory;

@Component("defaultAuthenticationSuccessHandler")
/* loaded from: input_file:org/thingsboard/server/service/security/auth/rest/RestAwareAuthenticationSuccessHandler.class */
public class RestAwareAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
    private final JwtTokenFactory tokenFactory;
    private final TwoFaConfigManager twoFaConfigManager;

    public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        SecurityUser securityUser = (SecurityUser) authentication.getPrincipal();
        JwtPair jwtPair = new JwtPair();
        if (authentication instanceof MfaAuthenticationToken) {
            jwtPair.setToken(this.tokenFactory.createPreVerificationToken(securityUser, Integer.valueOf(((Integer) this.twoFaConfigManager.getPlatformTwoFaSettings(securityUser.getTenantId(), true).flatMap(platformTwoFaSettings -> {
                return Optional.ofNullable(platformTwoFaSettings.getTotalAllowedTimeForVerification()).filter(num -> {
                    return num.intValue() > 0;
                });
            }).orElse(Integer.valueOf((int) TimeUnit.MINUTES.toSeconds(30L)))).intValue())).getToken());
            jwtPair.setRefreshToken((String) null);
            jwtPair.setScope(Authority.PRE_VERIFICATION_TOKEN);
        } else {
            jwtPair = this.tokenFactory.createTokenPair(securityUser);
        }
        httpServletResponse.setStatus(HttpStatus.OK.value());
        httpServletResponse.setContentType("application/json");
        JacksonUtil.writeValue(httpServletResponse.getWriter(), jwtPair);
        clearAuthenticationAttributes(httpServletRequest);
    }

    protected final void clearAuthenticationAttributes(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return;
        }
        session.removeAttribute("SPRING_SECURITY_LAST_EXCEPTION");
    }

    @ConstructorProperties({"tokenFactory", "twoFaConfigManager"})
    public RestAwareAuthenticationSuccessHandler(JwtTokenFactory jwtTokenFactory, TwoFaConfigManager twoFaConfigManager) {
        this.tokenFactory = jwtTokenFactory;
        this.twoFaConfigManager = twoFaConfigManager;
    }
}
