package com.lunaimaging.insight.web.controller;

import com.lunaimaging.insight.core.MessageManager;
import com.lunaimaging.insight.core.dao.exceptions.AuthenticationFailureException;
import com.lunaimaging.insight.core.dao.exceptions.EmailFailureException;
import com.lunaimaging.insight.core.domain.ApplicationConfiguration;
import com.lunaimaging.insight.core.domain.ExternalMedia;
import com.lunaimaging.insight.core.domain.FailedLoginAttempt;
import com.lunaimaging.insight.core.domain.MediaCollection;
import com.lunaimaging.insight.core.domain.User;
import com.lunaimaging.insight.core.domain.logic.InsightFacade;
import com.lunaimaging.insight.core.utils.ParsingUtils;
import com.lunaimaging.insight.core.utils.UrlUtils;
import com.lunaimaging.insight.web.ParameterManager;
import com.lunaimaging.insight.web.SessionManager;
import com.lunaimaging.insight.web.WebMessageManager;
import com.lunaimaging.insight.web.servlet.view.SimpleJsonView;
import com.lunaimaging.security.IpAddressUsernamePasswordToken;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.io.Encoders;
import io.jsonwebtoken.security.Keys;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Scanner;
import javax.crypto.SecretKey;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.json.JSONObject;
import net.tanesha.recaptcha.ReCaptchaImpl;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.commons.validator.routines.UrlValidator;
import org.apache.http.NameValuePair;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.subject.Subject;
import org.springframework.context.MessageSource;
import org.springframework.dao.DataAccessException;
import org.springframework.dao.DataRetrievalFailureException;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.support.RequestContextUtils;

/* loaded from: input_file:com/lunaimaging/insight/web/controller/LoginController.class */
public class LoginController extends BaseController {
    protected String loginView;
    protected String loginSuccessView;
    protected String loginFailureView;
    protected String logoutView;
    protected String sendAccessTokenView;
    protected String loginCallbackView;
    protected String forgotPasswordView;
    protected String forgotPasswordSuccessView;
    protected String forgotPasswordFailureView;
    private static final int DAY_IN_SECONDS = 86400;
    private static final String COMMENT_POUND = "#";
    protected InsightFacade insight;
    protected String editMediaGroupView = "editMediaGroupView";
    protected String[] skipLoginRedirectUrls = {"/logout", "/login", "/forgotPassword"};
    protected String REDIRECT = "redirect:";
    protected String base64EncodedSecret = "";
    protected String trustedReturnUrls = "";
    private List<String> trustedReturnUrlList = new ArrayList();
    protected int tokenExpiresInSeconds = DAY_IN_SECONDS;
    protected final Log logger = LogFactory.getLog(getClass());

    public ModelAndView handleLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        ModelAndView handleLoginBlankLoginForm = handleLoginBlankLoginForm(httpServletRequest, httpServletResponse);
        if (SessionManager.getAppConfig(httpServletRequest).isSslEnabled() && !httpServletRequest.isSecure()) {
            handleLoginBlankLoginForm.addObject("secureLoginUrl", UrlUtils.forceHttps(ParameterManager.getWebAppServletContext(httpServletRequest) + WebMessageManager.getMessage(MessageManager.MessageKeys.LOGIN_URL, httpServletRequest)));
        }
        if (handleLoginBlankLoginForm != null) {
            return handleLoginBlankLoginForm;
        }
        ApplicationConfiguration applicationConfiguration = this.insight.getApplicationConfiguration();
        String recaptchaPublicKey = applicationConfiguration.getRecaptchaPublicKey();
        String recaptchaPrivateKey = applicationConfiguration.getRecaptchaPrivateKey();
        int recaptchaAllowedFailedAttempts = applicationConfiguration.getRecaptchaAllowedFailedAttempts();
        try {
            if (StringUtils.isNotEmpty(recaptchaPublicKey) && StringUtils.isNotEmpty(recaptchaPrivateKey)) {
                FailedLoginAttempt failedLoginAttempt = this.insight.getFailedLoginAttempt(ParameterManager.getUsername(httpServletRequest));
                if ((failedLoginAttempt == null ? 0 : failedLoginAttempt.getNumberOfFailedAttempt()) >= recaptchaAllowedFailedAttempts) {
                    String remoteAddr = httpServletRequest.getRemoteAddr();
                    ReCaptchaImpl reCaptchaImpl = new ReCaptchaImpl();
                    reCaptchaImpl.setPrivateKey(recaptchaPrivateKey);
                    if (!reCaptchaImpl.checkAnswer(remoteAddr, httpServletRequest.getParameter("recaptcha_challenge_field"), httpServletRequest.getParameter("recaptcha_response_field")).isValid()) {
                        throw new AuthenticationFailureException("Invalid Login");
                    }
                }
            }
            handleLoginAuthentication(httpServletRequest, httpServletResponse);
            this.insight.removeFailedLoginAttempt(ParameterManager.getUsername(httpServletRequest));
            return successfulLoginView(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            this.log.error("handleLogin(): " + e);
            e.printStackTrace();
            return handleLoginFailure(httpServletRequest);
        } catch (AuthenticationFailureException e2) {
            return handleLoginFailure(httpServletRequest, httpServletResponse);
        }
    }

    protected ModelAndView successfulLoginView(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!"XMLHttpRequest".equals(httpServletRequest.getHeader("X-Requested-With")) || httpServletResponse == null) {
            String webAppServletContext = ParameterManager.getWebAppServletContext(httpServletRequest);
            String returnUrl = getReturnUrl(httpServletRequest);
            String origin = ParameterManager.getOrigin(httpServletRequest);
            boolean isSslEnabled = SessionManager.getAppConfig(httpServletRequest).isSslEnabled();
            if (returnUrl != null && !ParsingUtils.containsIgnoreCaseTrim(returnUrl, this.skipLoginRedirectUrls)) {
                return new ModelAndView(this.REDIRECT + createRedirectBase(httpServletRequest, httpServletResponse, returnUrl, webAppServletContext, isSslEnabled));
            }
            if (origin != null && this.trustedReturnUrlList != null && ParsingUtils.startsWithIgnoreCaseTrim(origin, (String[]) this.trustedReturnUrlList.toArray(new String[this.trustedReturnUrlList.size()]))) {
                return new ModelAndView(this.REDIRECT + origin);
            }
            if (StringUtils.isNotEmpty(webAppServletContext)) {
                webAppServletContext = createRedirectBase(httpServletRequest, httpServletResponse, "", webAppServletContext + this.loginSuccessView, isSslEnabled);
            }
            return new ModelAndView(this.REDIRECT + webAppServletContext);
        }
        Subject subject = SecurityUtils.getSubject();
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        String message = ((MessageSource) RequestContextUtils.getWebApplicationContext(httpServletRequest).getBean("messageSource")).getMessage(MessageManager.MessageKeys.INSTITUTION_NAME.getValue(), (Object[]) null, (Locale) null);
        if (message != null) {
            hashMap.put("institutionName", message);
        }
        if (subject != null) {
            hashMap2.put("loggedIn", Boolean.valueOf(subject.isAuthenticated()));
            if (subject.isAuthenticated()) {
                hashMap2.put("username", subject.getPrincipal());
            }
        }
        ArrayList<MediaCollection> mediaCollections = SessionManager.getAuthenticatedEntity(httpServletRequest).getMediaCollections();
        if (mediaCollections != null) {
            ArrayList arrayList = new ArrayList();
            for (MediaCollection mediaCollection : mediaCollections) {
                HashMap hashMap3 = new HashMap();
                hashMap3.put(mediaCollection.getId(), mediaCollection.getCollectionName());
                arrayList.add(hashMap3);
            }
            hashMap2.put("availableCollections", arrayList);
        }
        hashMap.put("session", hashMap2);
        httpServletResponse.setStatus(200);
        new SimpleJsonView().renderJson(hashMap, httpServletRequest, httpServletResponse);
        return null;
    }

    protected void postLogin(HttpServletRequest httpServletRequest, User user) {
        if (user != null) {
            SessionManager.postLogin(httpServletRequest, user, this.insight.getMediaGroup(user.getDefaultGroupId(), user), this.insight.getMediaGroups(user));
        }
    }

    protected User handleLoginAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String parameter = httpServletRequest.getParameter("username");
        String parameter2 = httpServletRequest.getParameter("password");
        this.logger.debug("username = " + parameter);
        IpAddressUsernamePasswordToken ipAddressUsernamePasswordToken = new IpAddressUsernamePasswordToken(parameter, parameter2);
        ipAddressUsernamePasswordToken.setIpAddress(httpServletRequest.getRemoteAddr());
        try {
            try {
                try {
                    SecurityUtils.getSubject().login(ipAddressUsernamePasswordToken);
                    User user = SecurityUtils.getSecurityManager().getUser(parameter);
                    ipAddressUsernamePasswordToken.clear();
                    postLogin(httpServletRequest, user);
                    return user;
                } catch (Exception e) {
                    httpServletRequest.setAttribute("error", "Login invalid");
                    throw new AuthenticationFailureException("Invalid Login");
                }
            } catch (UnknownAccountException e2) {
                httpServletRequest.setAttribute("error", e2.getMessage());
                throw new AuthenticationFailureException("Invalid Login");
            } catch (IncorrectCredentialsException e3) {
                httpServletRequest.setAttribute("error", e3.getMessage());
                throw new AuthenticationFailureException("Invalid Login");
            }
        } catch (Throwable th) {
            ipAddressUsernamePasswordToken.clear();
            throw th;
        }
    }

    protected ModelAndView handleLoginBlankLoginForm(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        ModelAndView modelAndView = null;
        if (ParameterManager.getUsername(httpServletRequest) == null || ParameterManager.getUsername(httpServletRequest).length() <= 0) {
            modelAndView = new ModelAndView(this.loginView);
            if (StringUtils.isNotBlank(getReturnUrl(httpServletRequest))) {
                modelAndView.addObject(ParameterManager.ParamNames.returnUrl.toString(), getReturnUrl(httpServletRequest));
            }
            String origin = ParameterManager.getOrigin(httpServletRequest);
            if (origin != null && this.trustedReturnUrlList != null && ParsingUtils.startsWithIgnoreCaseTrim(origin, (String[]) this.trustedReturnUrlList.toArray(new String[this.trustedReturnUrlList.size()]))) {
                modelAndView.addObject(ParameterManager.ParamNames.origin.toString(), origin);
            }
            if (ParameterManager.getLoginMessage(httpServletRequest) != null && ParameterManager.getLoginMessage(httpServletRequest).length() > 0) {
                modelAndView.addObject("loginMessage", ParameterManager.getLoginMessage(httpServletRequest));
            }
            httpServletResponse.setHeader("X-Frame-Options", "DENY");
        }
        return modelAndView;
    }

    protected ModelAndView handleLoginFailure(HttpServletRequest httpServletRequest) {
        return handleLoginFailure(httpServletRequest, null);
    }

    protected ModelAndView handleLoginFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        boolean equals = "XMLHttpRequest".equals(httpServletRequest.getHeader("X-Requested-With"));
        httpServletResponse.setStatus(401);
        if (equals && httpServletResponse != null) {
            HashMap hashMap = new HashMap();
            hashMap.put("successful", false);
            new SimpleJsonView().renderJson(hashMap, httpServletRequest, httpServletResponse);
            return null;
        }
        ModelAndView modelAndView = new ModelAndView(this.loginFailureView);
        ApplicationConfiguration applicationConfiguration = this.insight.getApplicationConfiguration();
        String recaptchaPublicKey = applicationConfiguration.getRecaptchaPublicKey();
        String recaptchaPrivateKey = applicationConfiguration.getRecaptchaPrivateKey();
        int recaptchaAllowedFailedAttempts = applicationConfiguration.getRecaptchaAllowedFailedAttempts();
        FailedLoginAttempt failedLoginAttempt = null;
        if (StringUtils.isNotBlank(ParameterManager.getUsername(httpServletRequest))) {
            this.insight.saveFailedLoginAttempt(ParameterManager.getUsername(httpServletRequest));
            failedLoginAttempt = this.insight.getFailedLoginAttempt(ParameterManager.getUsername(httpServletRequest));
        }
        int numberOfFailedAttempt = failedLoginAttempt == null ? 0 : failedLoginAttempt.getNumberOfFailedAttempt();
        modelAndView.addObject("username", ParameterManager.getUsername(httpServletRequest));
        modelAndView.addObject("loginMessage", "login.authenticationFailure.message");
        modelAndView.addObject(ParameterManager.ParamNames.returnUrl.toString(), getReturnUrl(httpServletRequest));
        if (StringUtils.isNotEmpty(recaptchaPublicKey) && StringUtils.isNotEmpty(recaptchaPrivateKey) && numberOfFailedAttempt >= recaptchaAllowedFailedAttempts) {
            modelAndView.addObject("recaptchaPublicKey", recaptchaPublicKey);
        }
        return modelAndView;
    }

    public ModelAndView handleLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        Subject subject = SecurityUtils.getSubject();
        boolean equals = "XMLHttpRequest".equals(httpServletRequest.getHeader("X-Requested-With"));
        try {
            subject.logout();
            if (equals) {
                HashMap hashMap = new HashMap();
                String message = ((MessageSource) RequestContextUtils.getWebApplicationContext(httpServletRequest).getBean("messageSource")).getMessage(MessageManager.MessageKeys.INSTITUTION_NAME.getValue(), (Object[]) null, (Locale) null);
                if (message != null) {
                    hashMap.put("institutionName", message);
                }
                HashMap hashMap2 = new HashMap();
                if (subject != null) {
                    hashMap2.put("loggedIn", Boolean.valueOf(subject.isAuthenticated()));
                    if (subject.isAuthenticated()) {
                        hashMap2.put("username", subject.getPrincipal());
                    }
                }
                hashMap.put("session", hashMap2);
                httpServletResponse.setStatus(200);
                new SimpleJsonView().renderJson(hashMap, httpServletRequest, httpServletResponse);
                return null;
            }
        } catch (Exception e) {
            this.log.error("Error in handleLogout(..)", e);
            e.printStackTrace();
        }
        return new ModelAndView("redirect:login");
    }

    public ModelAndView handleForgotPassword(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        if (!StringUtils.isNotEmpty(ParameterManager.getEmail(httpServletRequest))) {
            return new ModelAndView(this.forgotPasswordView);
        }
        try {
            this.insight.processForgotPassword(ParameterManager.getEmail(httpServletRequest), httpServletRequest.getRemoteAddr());
            ModelAndView modelAndView = new ModelAndView(this.forgotPasswordSuccessView);
            modelAndView.addObject("loginMessage", "login.forgotPasswordSuccess.message");
            return modelAndView;
        } catch (DataAccessException e) {
            ModelAndView modelAndView2 = new ModelAndView(this.forgotPasswordFailureView);
            modelAndView2.addObject("loginMessage", "login.forgotPasswordEmailFailure.message");
            return modelAndView2;
        } catch (EmailFailureException e2) {
            ModelAndView modelAndView3 = new ModelAndView(this.forgotPasswordFailureView);
            modelAndView3.addObject("loginMessage", "login.forgotPasswordFailure.message");
            return modelAndView3;
        }
    }

    public ModelAndView handleLoginAddMediaToDefaultGroup(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        ModelAndView handleLoginAddMediaToDefaultGroupBlankLoginForm = handleLoginAddMediaToDefaultGroupBlankLoginForm(httpServletRequest, httpServletResponse);
        if (handleLoginAddMediaToDefaultGroupBlankLoginForm != null) {
            return handleLoginAddMediaToDefaultGroupBlankLoginForm;
        }
        try {
            User handleLoginAuthentication = handleLoginAuthentication(httpServletRequest, httpServletResponse);
            if (handleLoginAuthentication.getDefaultGroupId() < 0) {
                return redirectToSettingView(httpServletRequest);
            }
            try {
                this.insight.addMediaToDefaultGroup(ParameterManager.getMediaId(httpServletRequest), handleLoginAuthentication);
                return successfulLoginView(httpServletRequest, httpServletResponse);
            } catch (DataRetrievalFailureException e) {
                return handleDataRetrievalFailureException(httpServletRequest, e);
            }
        } catch (AuthenticationFailureException e2) {
            return handleLoginAddMediaToDefaultGroupFailure(httpServletRequest);
        }
    }

    protected ModelAndView handleDataRetrievalFailureException(HttpServletRequest httpServletRequest, DataRetrievalFailureException dataRetrievalFailureException) {
        this.log.error("addMediaToDefaultGroup(): " + dataRetrievalFailureException);
        dataRetrievalFailureException.printStackTrace();
        ModelAndView modelAndView = new ModelAndView(this.loginSuccessView);
        modelAndView.addObject(ParameterManager.ParamNames.returnUrl.toString(), getReturnUrl(httpServletRequest));
        return modelAndView;
    }

    protected ModelAndView handleLoginAddMediaToDefaultGroupFailure(HttpServletRequest httpServletRequest) {
        ModelAndView handleLoginFailure = handleLoginFailure(httpServletRequest);
        handleLoginFailure.addObject("addMediaToDefaultGroup", true);
        handleLoginFailure.addObject("mediaId", ParameterManager.getMediaId(httpServletRequest));
        return handleLoginFailure;
    }

    protected ModelAndView redirectToSettingView(HttpServletRequest httpServletRequest) {
        ModelAndView modelAndView = new ModelAndView(this.REDIRECT + httpServletRequest.getServletPath() + WebMessageManager.getMessage(MessageManager.MessageKeys.USER_SETTINGS_URL, httpServletRequest));
        modelAndView.addObject("addMediaToDefaultGroup", true);
        modelAndView.addObject("mediaId", ParameterManager.getMediaId(httpServletRequest));
        modelAndView.addObject(SessionManager.SessionAttributeNames.returnUrl.toString(), SessionManager.getReturnUrl(httpServletRequest));
        return modelAndView;
    }

    protected String getReturnUrl(HttpServletRequest httpServletRequest) {
        String returnUrl = ParameterManager.getReturnUrl(httpServletRequest);
        try {
            for (NameValuePair nameValuePair : URLEncodedUtils.parse(new URI(returnUrl), "UTF-8")) {
                if (!ParameterManager.validateParameter(nameValuePair.getName(), nameValuePair.getValue())) {
                    returnUrl = "";
                }
            }
        } catch (IllegalArgumentException e) {
            this.logger.info("URL cannot be parsed", e);
        } catch (URISyntaxException e2) {
            returnUrl = "";
            e2.printStackTrace();
        } catch (Exception e3) {
            returnUrl = "";
            e3.printStackTrace();
        }
        return returnUrl;
    }

    protected ModelAndView handleLoginAddMediaToDefaultGroupBlankLoginForm(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        ModelAndView modelAndView = null;
        if (ParameterManager.getUsername(httpServletRequest) == null || ParameterManager.getUsername(httpServletRequest).length() <= 0) {
            modelAndView = new ModelAndView(this.loginView);
            modelAndView.addObject(ParameterManager.ParamNames.returnUrl.toString(), getReturnUrl(httpServletRequest));
            if (ParameterManager.getLoginMessage(httpServletRequest) != null && ParameterManager.getLoginMessage(httpServletRequest).length() > 0) {
                modelAndView.addObject("loginMessage", ParameterManager.getLoginMessage(httpServletRequest));
            }
            modelAndView.addObject("addMediaToDefaultGroup", true);
            modelAndView.addObject("mediaId", ParameterManager.getMediaId(httpServletRequest));
            modelAndView.addObject(ParameterManager.ParamNames.returnUrl.toString(), getReturnUrl(httpServletRequest));
        }
        return modelAndView;
    }

    public ModelAndView handleLoginAddPageToDefaultGroup(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        ModelAndView handleLoginAddPageToDefaultGroupBlankLoginForm = handleLoginAddPageToDefaultGroupBlankLoginForm(httpServletRequest, httpServletResponse);
        if (handleLoginAddPageToDefaultGroupBlankLoginForm != null) {
            return handleLoginAddPageToDefaultGroupBlankLoginForm;
        }
        try {
            if (handleLoginAuthentication(httpServletRequest, httpServletResponse).getDefaultGroupId() < 0) {
                return redirectToSettingView(httpServletRequest);
            }
            try {
                ExternalMedia constructNewMediaForBookPage = new MediaBookController().constructNewMediaForBookPage(httpServletRequest, this.insight.getMedia(SessionManager.getAuthenticatedEntity(httpServletRequest).getCredentials(), ParameterManager.getMediaId(httpServletRequest), true));
                this.insight.saveExternalObjectData(constructNewMediaForBookPage);
                this.insight.addMediaToDefaultGroup(constructNewMediaForBookPage.getIdentity().toString(), SessionManager.getUser(httpServletRequest));
                SessionManager.setMediaGroupModifed(httpServletRequest, SessionManager.getUser(httpServletRequest).getDefaultGroupId());
                return successfulLoginView(httpServletRequest, httpServletResponse);
            } catch (DataRetrievalFailureException e) {
                return handleDataRetrievalFailureException(httpServletRequest, e);
            }
        } catch (AuthenticationFailureException e2) {
            return handleLoginAddPageToDefaultGroupFailure(httpServletRequest);
        }
    }

    protected ModelAndView handleLoginAddPageToDefaultGroupFailure(HttpServletRequest httpServletRequest) {
        ModelAndView handleLoginFailure = handleLoginFailure(httpServletRequest);
        handleLoginFailure.addObject("addPageToDefaultGroup", true);
        handleLoginFailure.addObject("mediaId", ParameterManager.getMediaId(httpServletRequest));
        handleLoginFailure.addObject("pageId", httpServletRequest.getParameter("pageId"));
        return handleLoginFailure;
    }

    protected ModelAndView handleLoginAddPageToDefaultGroupBlankLoginForm(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        ModelAndView modelAndView = null;
        if (ParameterManager.getUsername(httpServletRequest) == null || ParameterManager.getUsername(httpServletRequest).length() <= 0) {
            modelAndView = new ModelAndView(this.loginView);
            modelAndView.addObject(ParameterManager.ParamNames.returnUrl.toString(), getReturnUrl(httpServletRequest));
            if (ParameterManager.getLoginMessage(httpServletRequest) != null && ParameterManager.getLoginMessage(httpServletRequest).length() > 0) {
                modelAndView.addObject("loginMessage", ParameterManager.getLoginMessage(httpServletRequest));
            }
            modelAndView.addObject("addPageToDefaultGroup", true);
            modelAndView.addObject("mediaId", ParameterManager.getMediaId(httpServletRequest));
            modelAndView.addObject("pageId", httpServletRequest.getParameter("pageId"));
            modelAndView.addObject(ParameterManager.ParamNames.returnUrl.toString(), getReturnUrl(httpServletRequest));
        }
        return modelAndView;
    }

    public ModelAndView handleLoginCloneMediaGroup(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        ModelAndView handleLoginCloneMediaGroupBlankLoginForm = handleLoginCloneMediaGroupBlankLoginForm(httpServletRequest, httpServletResponse);
        if (handleLoginCloneMediaGroupBlankLoginForm != null) {
            return handleLoginCloneMediaGroupBlankLoginForm;
        }
        try {
            User handleLoginAuthentication = handleLoginAuthentication(httpServletRequest, httpServletResponse);
            String returnUrl = getReturnUrl(httpServletRequest);
            if (returnUrl == null || ParsingUtils.endsWithIgnoreCaseTrim(returnUrl, this.skipLoginRedirectUrls)) {
                return new ModelAndView(this.loginSuccessView);
            }
            ModelAndView modelAndView = new ModelAndView(this.editMediaGroupView);
            modelAndView.addObject("formBackingObject", this.insight.getMediaGroup(ParameterManager.getMediaGroupId(httpServletRequest, -1), handleLoginAuthentication));
            modelAndView.addObject("cloneGroup", true);
            modelAndView.addObject("myFolders", SessionManager.getUser(httpServletRequest).getFolders());
            modelAndView.addObject(ParameterManager.ParamNames.returnUrl.toString(), returnUrl);
            return modelAndView;
        } catch (AuthenticationFailureException e) {
            return handleLoginCloneMediaGroupFailure(httpServletRequest);
        }
    }

    protected ModelAndView handleLoginCloneMediaGroupFailure(HttpServletRequest httpServletRequest) {
        ModelAndView handleLoginFailure = handleLoginFailure(httpServletRequest);
        handleLoginFailure.addObject("cloneMediaGroup", true);
        handleLoginFailure.addObject("mediaGroupId", Integer.valueOf(ParameterManager.getMediaGroupId(httpServletRequest, -1)));
        return handleLoginFailure;
    }

    protected ModelAndView handleLoginCloneMediaGroupBlankLoginForm(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        ModelAndView modelAndView = null;
        if (ParameterManager.getUsername(httpServletRequest) == null || ParameterManager.getUsername(httpServletRequest).length() <= 0) {
            modelAndView = new ModelAndView(this.loginView);
            modelAndView.addObject(ParameterManager.ParamNames.returnUrl.toString(), getReturnUrl(httpServletRequest));
            if (ParameterManager.getLoginMessage(httpServletRequest) != null && ParameterManager.getLoginMessage(httpServletRequest).length() > 0) {
                modelAndView.addObject("loginMessage", ParameterManager.getLoginMessage(httpServletRequest));
            }
            modelAndView.addObject("cloneMediaGroup", true);
            modelAndView.addObject("mediaGroupId", Integer.valueOf(ParameterManager.getMediaGroupId(httpServletRequest, -1)));
        }
        return modelAndView;
    }

    public ModelAndView handleGetToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        ModelAndView modelAndView = new ModelAndView(new SimpleJsonView());
        SecretKey secretKeyFor = StringUtils.isBlank(this.base64EncodedSecret) ? Keys.secretKeyFor(SignatureAlgorithm.HS256) : Keys.hmacShaKeyFor((byte[]) Decoders.BASE64.decode(this.base64EncodedSecret));
        if (StringUtils.isBlank(this.base64EncodedSecret)) {
            this.logger.error("Randomly generated Base64 encoded secret key: " + ((String) Encoders.BASE64.encode(secretKeyFor.getEncoded())));
        }
        Date date = new Date();
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(13, this.tokenExpiresInSeconds);
        String compact = Jwts.builder().setSubject(httpServletRequest.getUserPrincipal().getName()).setIssuedAt(date).setExpiration(calendar.getTime()).signWith(secretKeyFor).compact();
        httpServletResponse.setHeader("Authorization", "Bearer " + compact);
        httpServletResponse.setStatus(200);
        String origin = ParameterManager.getOrigin(httpServletRequest);
        String messageId = ParameterManager.getMessageId(httpServletRequest);
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("accessToken", compact);
        jSONObject.put("expiresIn", Integer.valueOf(this.tokenExpiresInSeconds));
        if (origin == null || this.trustedReturnUrlList == null || !ParsingUtils.startsWithIgnoreCaseTrim(origin, (String[]) this.trustedReturnUrlList.toArray(new String[this.trustedReturnUrlList.size()]))) {
            jSONObject.put("accessToken", compact);
            jSONObject.put("expiresIn", Integer.valueOf(this.tokenExpiresInSeconds));
            modelAndView.addObject("object", jSONObject.toString());
        } else {
            try {
                origin = new URIBuilder(origin).addParameter("t", compact).build().toString();
            } catch (URISyntaxException e) {
                e.printStackTrace();
            }
            if (messageId == null) {
                return new ModelAndView(this.REDIRECT + origin);
            }
            jSONObject.put("messageId", messageId);
            modelAndView = new ModelAndView(this.sendAccessTokenView);
            modelAndView.addObject("accessToken", compact);
            modelAndView.addObject("targetOrigin", origin);
            modelAndView.addObject("tokenMessage", jSONObject.toString());
        }
        return modelAndView;
    }

    public void setInsight(InsightFacade insightFacade) {
        this.insight = insightFacade;
    }

    public void setForgotPasswordFailureView(String str) {
        this.forgotPasswordFailureView = str;
    }

    public void setForgotPasswordSuccessView(String str) {
        this.forgotPasswordSuccessView = str;
    }

    public void setForgotPasswordView(String str) {
        this.forgotPasswordView = str;
    }

    public void setLoginFailureView(String str) {
        this.loginFailureView = str;
    }

    public void setLoginSuccessView(String str) {
        this.loginSuccessView = str;
    }

    public void setLoginView(String str) {
        this.loginView = str;
    }

    public void setLogoutView(String str) {
        this.logoutView = str;
    }

    public void setEditMediaGroupView(String str) {
        this.editMediaGroupView = str;
    }

    public void setBase64EncodedSecret(String str) {
        this.base64EncodedSecret = str;
    }

    public void setTrustedReturnUrls(String str) {
        this.trustedReturnUrls = str;
        Scanner scanner = new Scanner(str);
        UrlValidator urlValidator = new UrlValidator(8L);
        while (scanner.hasNextLine()) {
            String trim = StringUtils.trim(scanner.nextLine());
            if (StringUtils.isNotBlank(trim) && !trim.startsWith(COMMENT_POUND)) {
                if (urlValidator.isValid(trim)) {
                    this.trustedReturnUrlList.add(trim);
                } else {
                    this.logger.error(trim + "is not a valid URL. Not added as trusted return urls.");
                }
            }
        }
        scanner.close();
    }

    public void setTokenExpiresInSeconds(int i) {
        this.tokenExpiresInSeconds = i;
    }

    public void setSendAccessTokenView(String str) {
        this.sendAccessTokenView = str;
    }

    public void setLoginCallbackView(String str) {
        this.loginCallbackView = str;
    }
}
