package org.springblade.auth.granter;

import cn.hutool.core.util.StrUtil;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.springblade.auth.constant.AuthConstant;
import org.springblade.auth.service.BladeUserDetails;
import org.springblade.auth.utils.TokenUtil;
import org.springblade.core.redis.cache.BladeRedis;
import org.springblade.core.tool.api.R;
import org.springblade.core.tool.utils.Func;
import org.springblade.core.tool.utils.StringUtil;
import org.springblade.core.tool.utils.WebUtil;
import org.springblade.system.cache.SysCache;
import org.springblade.system.entity.Role;
import org.springblade.system.user.entity.User;
import org.springblade.system.user.entity.UserInfo;
import org.springblade.system.user.feign.IUserClient;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AccountStatusException;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
import org.springframework.security.oauth2.provider.TokenRequest;
import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;

/* loaded from: input_file:org/springblade/auth/granter/NewStudentTokenGranter.class */
public class NewStudentTokenGranter extends AbstractTokenGranter {
    private static final String GRANT_TYPE = "newstudent";
    private final AuthenticationManager authenticationManager;
    private BladeRedis bladeRedis;
    private JdbcTemplate jdbcTemplate;
    private IUserClient userClient;

    public NewStudentTokenGranter(AuthenticationManager authenticationManager, AuthorizationServerTokenServices authorizationServerTokenServices, ClientDetailsService clientDetailsService, OAuth2RequestFactory oAuth2RequestFactory, BladeRedis bladeRedis, JdbcTemplate jdbcTemplate, IUserClient iUserClient) {
        this(authenticationManager, authorizationServerTokenServices, clientDetailsService, oAuth2RequestFactory, GRANT_TYPE);
        this.bladeRedis = bladeRedis;
        this.jdbcTemplate = jdbcTemplate;
        this.userClient = iUserClient;
    }

    protected NewStudentTokenGranter(AuthenticationManager authenticationManager, AuthorizationServerTokenServices authorizationServerTokenServices, ClientDetailsService clientDetailsService, OAuth2RequestFactory oAuth2RequestFactory, String str) {
        super(authorizationServerTokenServices, clientDetailsService, oAuth2RequestFactory, str);
        this.authenticationManager = authenticationManager;
    }

    protected OAuth2Authentication getOAuth2Authentication(ClientDetails clientDetails, TokenRequest tokenRequest) {
        HttpServletRequest request = WebUtil.getRequest();
        LinkedHashMap linkedHashMap = new LinkedHashMap(tokenRequest.getRequestParameters());
        String str = (String) linkedHashMap.get("type");
        linkedHashMap.put("type", TokenUtil.ACCOUNT);
        String header = request.getHeader(TokenUtil.CAPTCHA_HEADER_KEY);
        String header2 = request.getHeader(TokenUtil.CAPTCHA_HEADER_CODE);
        String str2 = (String) this.bladeRedis.get("blade:auth::blade:captcha:" + header);
        this.bladeRedis.pexpire("blade:auth::blade:captcha:" + header, 10L);
        if (!"bind".equals(str) && (header2 == null || !StrUtil.equalsIgnoreCase(str2, header2))) {
            throw new UserDeniedAuthorizationException(TokenUtil.CAPTCHA_NOT_CORRECT);
        }
        String str3 = (String) linkedHashMap.get("tenant_id");
        if (StrUtil.isBlank(str3)) {
            str3 = TokenUtil.DEFAULT_TENANT_ID;
        }
        String str4 = (String) linkedHashMap.get("username");
        String str5 = (String) linkedHashMap.get(TokenUtil.PASSWORD_KEY);
        linkedHashMap.remove(TokenUtil.PASSWORD_KEY);
        String paramByKey = SysCache.getParamByKey("new_student_pc_login_type");
        ArrayList arrayList = new ArrayList();
        String str6 = "select bu.ACCOUNT from newstudent_info ni left join base_student_enrol bse on bse.id= ni.id AND bse.IS_DELETED = 0 left join base_student bs on bs.id = ni.id AND bs.IS_DELETED = 0 left join blade_user bu on bu.id = bse.id AND bu.IS_DELETED = 0 where ni.is_deleted = 0 and bs.grade = (select school_year from base_school_calendar where is_deleted = 0 and is_current_term = '1')   and ( bs.student_no = ?";
        arrayList.add(str4);
        if (paramByKey.contains("2")) {
            str6 = str6 + " or bs.id_card = ?";
            arrayList.add(str4);
        }
        if (paramByKey.contains("3")) {
            str6 = str6 + " or bse.candidate_no = ?";
            arrayList.add(str4);
        }
        String[] strArr = new String[arrayList.size()];
        arrayList.toArray(strArr);
        List queryForList = this.jdbcTemplate.queryForList(str6 + ")", strArr);
        if (queryForList.size() <= 0) {
            throw new InvalidGrantException("当前登录的用户不是新生：" + str4);
        }
        if (queryForList.size() > 1) {
            throw new InvalidGrantException("当前登录的用户匹配多个记录(" + queryForList.size() + ")，请排查数据问题：" + str4);
        }
        String str7 = ((Map) queryForList.get(0)).get("ACCOUNT") + TokenUtil.DEFAULT_AVATAR;
        AbstractAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(str7, str5);
        usernamePasswordAuthenticationToken.setDetails(linkedHashMap);
        try {
            this.authenticationManager.authenticate(usernamePasswordAuthenticationToken);
            R userInfo = this.userClient.userInfo(str3, str7);
            if (!userInfo.isSuccess() || ((UserInfo) userInfo.getData()).getUser() == null || !StringUtil.isNotBlank(((UserInfo) userInfo.getData()).getUser().getAccount())) {
                throw new InvalidGrantException(TokenUtil.ACCOUNT_NOT_FOUND);
            }
            UserInfo userInfo2 = (UserInfo) userInfo.getData();
            User user = userInfo2.getUser();
            userInfo2.getRoles();
            String roleId = user.getRoleId();
            String str8 = TokenUtil.DEFAULT_AVATAR;
            List<Role> roleByIds = SysCache.getRoleByIds(user.getRoleId());
            if (roleByIds != null) {
                for (Role role : roleByIds) {
                    str8 = StringUtil.isBlank(str8) ? str8 + role.getId() + "," + role.getRoleName() + "," + role.getRoleAlias() : str8 + "|" + role.getId() + "," + role.getRoleName() + "," + role.getRoleAlias();
                }
            }
            BladeUserDetails bladeUserDetails = new BladeUserDetails(user.getId(), user.getTenantId(), TokenUtil.DEFAULT_AVATAR, user.getName(), user.getRealName(), user.getDeptId(), user.getPostId(), roleId, Func.join(userInfo2.getRoles()), str8, Func.toStr(user.getAvatar(), TokenUtil.DEFAULT_AVATAR), str7, AuthConstant.ENCRYPT + str5, userInfo2.getDetail(), true, true, true, true, AuthorityUtils.commaSeparatedStringToAuthorityList(Func.join(userInfo2.getRoles())));
            linkedHashMap.put("username", str7);
            AbstractAuthenticationToken usernamePasswordAuthenticationToken2 = new UsernamePasswordAuthenticationToken(bladeUserDetails, (Object) null, bladeUserDetails.getAuthorities());
            usernamePasswordAuthenticationToken2.setDetails(linkedHashMap);
            if (usernamePasswordAuthenticationToken2 == null || !usernamePasswordAuthenticationToken2.isAuthenticated()) {
                throw new InvalidGrantException("Could not authenticate user: " + str4);
            }
            return new OAuth2Authentication(getRequestFactory().createOAuth2Request(clientDetails, tokenRequest), usernamePasswordAuthenticationToken2);
        } catch (AccountStatusException | BadCredentialsException e) {
            throw new InvalidGrantException(TokenUtil.USER_NOT_FOUND);
        }
    }
}
