/*
    * Copyright (c) 2002-2021, City of Paris
    * All rights reserved.
    *
    * Redistribution and use in source and binary forms, with or without
    * modification, are permitted provided that the following conditions
    * are met:
    *
    *  1. Redistributions of source code must retain the above copyright notice
   *     and the following disclaimer.
   *
   *  2. Redistributions in binary form must reproduce the above copyright notice
   *     and the following disclaimer in the documentation and/or other materials
   *     provided with the distribution.
   *
   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
   *     contributors may be used to endorse or promote products derived from
   *     this software without specific prior written permission.
   *
   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
   * POSSIBILITY OF SUCH DAMAGE.
   *
   * License 1.0
   */
  package fr.paris.lutece.plugins.mylutece.web.security;
  
  import fr.paris.lutece.plugins.mylutece.service.MyLuteceResourceIdService;
  import fr.paris.lutece.plugins.mylutece.service.security.AuthenticationFilterService;
  import fr.paris.lutece.portal.business.rbac.RBAC;
  import fr.paris.lutece.portal.service.admin.AccessDeniedException;
  import fr.paris.lutece.portal.service.datastore.DatastoreService;
  import fr.paris.lutece.portal.service.message.AdminMessage;
  import fr.paris.lutece.portal.service.message.AdminMessageService;
  import fr.paris.lutece.portal.service.rbac.RBACService;
  import fr.paris.lutece.portal.service.security.SecurityService;
  import fr.paris.lutece.portal.service.template.AppTemplateService;
  import fr.paris.lutece.portal.web.admin.AdminFeaturesPageJspBean;
  import fr.paris.lutece.portal.web.constants.Messages;
  import fr.paris.lutece.util.ReferenceItem;
  import fr.paris.lutece.util.html.HtmlTemplate;
  import fr.paris.lutece.util.url.UrlItem;
  
  import org.apache.commons.lang3.StringUtils;
  
  import java.util.Map;
  
  import javax.servlet.http.HttpServletRequest;
  
  /**
   *
   * PublicUrlJspBean used for managing Public Url
   *
   */
  public class AuthenticationFilterJspBean extends AdminFeaturesPageJspBean
  {
      /**
      *
      */
      public static final String RIGHT_MANAGE_AUTHENTICATION_FILTER = "MYLUTECE_MANAGE_AUTHENTICATION_FILTER";
      private static final long serialVersionUID = -669562727518395523L;
  
      // Parameters
      private static final String PARAMETER_CANCEL = "cancel";
      private static final String PARAMETER_PUBLIC_URL_CODE = "public_url_code";
      private static final String PARAMETER_PUBLIC_URL_VALUE = "public_url_value";
  
      // Jsp url
      private static final String JSP_MANAGE_AUTHENTICATION_FILTER = "ManageAuthenticationFilter.jsp";
      private static final String JSP_DO_REMOVE_PUBLIC_URL = "jsp/admin/plugins/mylutece/security/DoRemovePublicUrl.jsp";
      private static final String JSP_DO_CHANGE_USER_AUTHENTICATION_REQUIRED = "jsp/admin/plugins/mylutece/security/DoChangeUseAuthenticationRequired.jsp";
  
      // Properties
      private static final String PROPERTY_MANAGE_AUTHENTICATION_FILTER = "mylutece.manage_authentication_filter.pageTitle";
  
      // Template
      private static final String TEMPLATE_MANAGE_AUTHENTICATION_FILTER = "admin/plugins/mylutece/security/manage_authentication_filter.html";
  
      // Message
      private static final String MESSAGE_PUBLIC_URL_CODE_ALREADY_EXIST = "mylutece.messagePublicUrlCodeAlreadyExist";
      private static final String MESSAGE_PUBLIC_URL_CONFIRM_REMOVE = "mylutece.messagePublicUrlConfirmRemove";
      private static final String MESSAGE_CONFIRM_ENABLE_AUTHENTICATION_REQUIRED = "mylutece.messageConfirmEnableAuthenticationRequired";
      private static final String MESSAGE_CONFIRM_DISABLE_AUTHENTICATION_REQUIRED = "mylutece.messageConfirmDisableAuthenticationRequired";
      private static final String CONSTANTE_PORTAL_AUTHENTICATION_REQUIRED = "mylutece.portal.authentication.required";
  
      /**
       * Builds the advanced parameters management page
       * 
       * @param request
       *            the HTTP request
       * @return the built page
      */
     public String getManageAdvancedParameters( HttpServletRequest request ) throws AccessDeniedException
     {
         if ( !RBACService.isAuthorized( MyLuteceResourceIdService.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
                 MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER, getUser( ) ) )
         {
             throw new AccessDeniedException(
                     "User " + getUser( ) + " is not authorized to permission " + MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER );
         }
 
         setPageTitleProperty( PROPERTY_MANAGE_AUTHENTICATION_FILTER );
 
         Map<String, Object> model = AuthenticationFilterService.getInstance( ).getManageAdvancedParameters( getUser( ), request );
 
         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_AUTHENTICATION_FILTER, getLocale( ), model );
 
         return getAdminPage( template.getHtml( ) );
     }
 
     /**
      * Create public Url
      * 
      * @param request
      *            the HTTP request
      * @return the jsp URL of the process result
      * @throws AccessDeniedException
      *             if permission to create Public Url on security service has not been granted to the user
      */
     public String doCreatePublicUrl( HttpServletRequest request ) throws AccessDeniedException
     {
         if ( !RBACService.isAuthorized( MyLuteceResourceIdService.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
                 MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER, getUser( ) ) )
         {
             throw new AccessDeniedException(
                     "User " + getUser( ) + " is not authorized to permission " + MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER );
         }
 
         if ( request.getParameter( PARAMETER_CANCEL ) == null )
         {
             ReferenceItem publicUrlData = getPublicUrlData( request );
             normalizedPublicUrlCode( publicUrlData );
 
             String strError = StringUtils.EMPTY;
 
             if ( StringUtils.isBlank( publicUrlData.getCode( ) ) || StringUtils.isBlank( publicUrlData.getName( ) ) )
             {
                 strError = AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
             }
             else
                 if ( DatastoreService.getDataValue( publicUrlData.getCode( ), null ) != null )
                 {
                     strError = AdminMessageService.getMessageUrl( request, MESSAGE_PUBLIC_URL_CODE_ALREADY_EXIST, AdminMessage.TYPE_STOP );
                 }
 
             if ( !StringUtils.isBlank( strError ) )
             {
                 return strError;
             }
 
             // create public url
             DatastoreService.setDataValue( publicUrlData.getCode( ), publicUrlData.getName( ) );
         }
 
         return JSP_MANAGE_AUTHENTICATION_FILTER;
     }
 
     /**
      * Do Modify Public Url
      * 
      * @param request
      *            the HTTP request
      * @return the jsp URL of the process result
      * @throws AccessDeniedException
      *             if permission to Manage Public Url on security service has not been granted to the user
      */
     public String doModifyPublicUrl( HttpServletRequest request ) throws AccessDeniedException
     {
         if ( !RBACService.isAuthorized( MyLuteceResourceIdService.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
                 MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER, getUser( ) ) )
         {
             throw new AccessDeniedException(
                     "User " + getUser( ) + " is not authorized to permission " + MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER );
         }
 
         if ( request.getParameter( PARAMETER_CANCEL ) == null )
         {
             ReferenceItem publicUrlData = getPublicUrlData( request );
             normalizedPublicUrlCode( publicUrlData );
 
             String strError = StringUtils.EMPTY;
 
             if ( StringUtils.isBlank( publicUrlData.getCode( ) ) || StringUtils.isBlank( publicUrlData.getName( ) )
                     || ( DatastoreService.getDataValue( publicUrlData.getCode( ), null ) == null ) )
             {
                 strError = AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
             }
 
             if ( !StringUtils.isBlank( strError ) )
             {
                 return strError;
             }
 
             // updateParameter
             DatastoreService.setDataValue( publicUrlData.getCode( ), publicUrlData.getName( ) );
         }
 
         return JSP_MANAGE_AUTHENTICATION_FILTER;
     }
 
     /**
      * Do change use authentication required
      * 
      * @param request
      *            the HTTP request
      * @return the jsp URL of the process result
      * @throws AccessDeniedException
      *             if permission to Manage Public Url on security service has not been granted to the user
      */
     public String getConfirmChangeUseAuthenticationRequired( HttpServletRequest request ) throws AccessDeniedException
     {
         if ( !RBACService.isAuthorized( MyLuteceResourceIdService.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
                 MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER, getUser( ) ) )
         {
             throw new AccessDeniedException(
                     "User " + getUser( ) + " is not authorized to permission " + MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER );
         }
 
         String strMessage = SecurityService.getInstance( ).isPortalAuthenticationRequired( ) ? MESSAGE_CONFIRM_DISABLE_AUTHENTICATION_REQUIRED
                 : MESSAGE_CONFIRM_ENABLE_AUTHENTICATION_REQUIRED;
         UrlItem url = new UrlItem( JSP_DO_CHANGE_USER_AUTHENTICATION_REQUIRED );
         url.addParameter( PARAMETER_PUBLIC_URL_CODE, request.getParameter( PARAMETER_PUBLIC_URL_CODE ) );
 
         return AdminMessageService.getMessageUrl( request, strMessage, url.getUrl( ), AdminMessage.TYPE_CONFIRMATION );
     }
 
     /**
      * Do change use authentication required
      * 
      * @param request
      *            the HTTP request
      * @return the jsp URL of the process result
      * @throws AccessDeniedException
      *             if permission to Manage Public Url on security service has not been granted to the user
      */
     public String doChangeUseAuthenticationRequired( HttpServletRequest request ) throws AccessDeniedException
     {
         if ( !RBACService.isAuthorized( MyLuteceResourceIdService.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
                 MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER, getUser( ) ) )
         {
             throw new AccessDeniedException(
                     "User " + getUser( ) + " is not authorized to permission " + MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER );
         }
 
         if ( request.getParameter( PARAMETER_CANCEL ) == null )
         {
             // updateParameter
             DatastoreService.setDataValue( CONSTANTE_PORTAL_AUTHENTICATION_REQUIRED,
                     new Boolean( !SecurityService.getInstance( ).isPortalAuthenticationRequired( ) ).toString( ) );
         }
 
         return JSP_MANAGE_AUTHENTICATION_FILTER;
     }
 
     /**
      * Remove Public Url
      * 
      * @param request
      *            the HTTP request
      * @return the jsp URL of the process result
      * @throws AccessDeniedException
      *             if permission manage Public Url on security service has not been granted to the user
      */
     public String doRemovePublicUrl( HttpServletRequest request ) throws AccessDeniedException
     {
         if ( !RBACService.isAuthorized( MyLuteceResourceIdService.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
                 MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER, getUser( ) ) )
         {
             throw new AccessDeniedException(
                     "User " + getUser( ) + " is not authorized to permission " + MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER );
         }
 
         ReferenceItem publicUrlData = getPublicUrlData( request );
 
         if ( publicUrlData != null )
         {
             normalizedPublicUrlCode( publicUrlData );
             DatastoreService.removeData( publicUrlData.getCode( ) );
         }
 
         return JSP_MANAGE_AUTHENTICATION_FILTER;
     }
 
     /**
      * Get the Public Url Data
      * 
      * @param request
      *            The HTTP request
      * @return ReferenceItem
      */
     private ReferenceItem getPublicUrlData( HttpServletRequest request )
     {
         ReferenceItem publicUrlData = new ReferenceItem( );
         String strPublicUrlCode = ( request.getParameter( PARAMETER_PUBLIC_URL_CODE ) != null ) ? request.getParameter( PARAMETER_PUBLIC_URL_CODE ).trim( )
                 : null;
         String strPublicUrlValue = ( request.getParameter( PARAMETER_PUBLIC_URL_VALUE ) != null ) ? request.getParameter( PARAMETER_PUBLIC_URL_VALUE ).trim( )
                 : null;
         publicUrlData.setCode( strPublicUrlCode );
         publicUrlData.setName( strPublicUrlValue );
 
         return publicUrlData;
     }
 
     /**
      * Gets the confirmation page of delete Public Url
      * 
      * @param request
      *            The HTTP request
      * @throws AccessDeniedException
      *             the {@link AccessDeniedException}
      * @return the confirmation page of Remove Public Url
      */
     public String getConfirmRemovePublicUrl( HttpServletRequest request ) throws AccessDeniedException
     {
         if ( !RBACService.isAuthorized( MyLuteceResourceIdService.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
                 MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER, getUser( ) ) )
         {
             throw new AccessDeniedException(
                     "User " + getUser( ) + " is not authorized to permission " + MyLuteceResourceIdService.PERMISSION_MANAGE_AUTHENTICATION_FILTER );
         }
 
         UrlItem url = new UrlItem( JSP_DO_REMOVE_PUBLIC_URL );
         url.addParameter( PARAMETER_PUBLIC_URL_CODE, request.getParameter( PARAMETER_PUBLIC_URL_CODE ) );
 
         return AdminMessageService.getMessageUrl( request, MESSAGE_PUBLIC_URL_CONFIRM_REMOVE, url.getUrl( ), AdminMessage.TYPE_CONFIRMATION );
     }
 
     /**
      * normalized public url code
      * 
      * @param publicUrl
      *            publicUrlCode
      */
     private void normalizedPublicUrlCode( ReferenceItem publicUrl )
     {
         if ( !StringUtils.isBlank( publicUrl.getCode( ) ) )
         {
             String strCode = publicUrl.getCode( );
             strCode = strCode.replaceAll( " ", "_" );
             publicUrl.setCode( AuthenticationFilterService.PUBLIC_URL_PREFIX + strCode );
         }
     }
 }