package com.elitescloud.boot.auth.provider.security.grant.email_pwd;

import com.elitescloud.boot.auth.client.common.AuthorizationException;
import com.elitescloud.boot.auth.provider.provider.LoginSupportProvider;
import com.elitescloud.boot.auth.provider.security.grant.AbstractCustomAuthenticationProvider;
import com.elitescloud.cloudt.common.base.ApiResult;
import com.elitescloud.cloudt.security.entity.GeneralUserDetails;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.lang.NonNull;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/elitescloud/boot/auth/provider/security/grant/email_pwd/EmailPasswordAuthenticationProvider.class */
public class EmailPasswordAuthenticationProvider extends AbstractCustomAuthenticationProvider<EmailPasswordAuthenticationToken> {
    private static final Logger log = LoggerFactory.getLogger(EmailPasswordAuthenticationProvider.class);

    @Autowired
    private LoginSupportProvider loginSupportManager;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.elitescloud.boot.auth.provider.security.grant.AbstractCustomAuthenticationProvider
    @NonNull
    public GeneralUserDetails retrieveUser(EmailPasswordAuthenticationToken emailPasswordAuthenticationToken) throws AuthenticationException {
        String str = (String) emailPasswordAuthenticationToken.getPrincipal();
        if (!StringUtils.hasText(str)) {
            throw new AuthorizationException("邮箱为空");
        }
        checkCaptcha(emailPasswordAuthenticationToken);
        GeneralUserDetails loadUserByEmail = this.userDetailManager.loadUserByEmail(str);
        if (loadUserByEmail == null) {
            throw new AuthorizationException("邮箱或密码错误");
        }
        return loadUserByEmail;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.elitescloud.boot.auth.provider.security.grant.AbstractCustomAuthenticationProvider
    public void additionalAuthenticationChecks(GeneralUserDetails generalUserDetails, EmailPasswordAuthenticationToken emailPasswordAuthenticationToken) throws AuthenticationException {
        super.additionalAuthenticationChecks(generalUserDetails, (GeneralUserDetails) emailPasswordAuthenticationToken);
        if (this.credentialCheckable.needCheck(emailPasswordAuthenticationToken, generalUserDetails)) {
            if (emailPasswordAuthenticationToken.getCredentials() == null) {
                log.debug("Failed to authenticate since no credentials provided");
                throw new BadCredentialsException("邮箱或密码不正确");
            }
            if (this.passwordEncoder.matches(emailPasswordAuthenticationToken.getCredentials().toString(), generalUserDetails.getPassword())) {
                return;
            }
            log.debug("Failed to authenticate since password does not match stored value");
            throw new BadCredentialsException("邮箱或密码不正确");
        }
    }

    private void checkCaptcha(EmailPasswordAuthenticationToken emailPasswordAuthenticationToken) {
        Boolean captchaNeeded = emailPasswordAuthenticationToken.getCaptchaNeeded();
        if (captchaNeeded == null || captchaNeeded.booleanValue()) {
            ApiResult<Boolean> verifyCaptcha = this.loginSupportManager.verifyCaptcha(emailPasswordAuthenticationToken.getCaptchaKey(), emailPasswordAuthenticationToken.getCaptchaText());
            if (!verifyCaptcha.isSuccess()) {
                throw new AuthorizationException(verifyCaptcha.getMsg());
            }
            if (verifyCaptcha.getData() == null || !((Boolean) verifyCaptcha.getData()).booleanValue()) {
                throw new AuthorizationException("验证码已过期或验证码错误");
            }
        }
    }
}
