package com.atlassian.bamboo.rest;

import com.atlassian.bamboo.ww2.BambooActionSupport;
import com.atlassian.bamboo.ww2.aware.permissions.GlobalBypassSecurityAware;
import com.atlassian.seraph.config.SecurityConfig;
import com.atlassian.seraph.elevatedsecurity.ElevatedSecurityGuard;
import javax.servlet.http.HttpServletRequest;
import org.acegisecurity.Authentication;
import org.acegisecurity.context.SecurityContextHolder;
import org.apache.commons.lang3.StringUtils;
import org.apache.struts2.ServletActionContext;

/* loaded from: input_file:com/atlassian/bamboo/rest/Login.class */
public class Login extends BambooActionSupport implements GlobalBypassSecurityAware {
    private String myUsername;
    private String myPassword;
    private String mySessionId;

    public void setUsername(String str) {
        this.myUsername = str;
    }

    public void setPassword(String str) {
        this.myPassword = str;
    }

    public String execute() throws Exception {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if ((StringUtils.isEmpty(this.myUsername) || StringUtils.isEmpty(this.myPassword)) && (authentication == null || "anonymousUser".equals(authentication.getName()))) {
            addActionError(getText("rest.login.user.and.pass.not.provided"));
            return "error";
        }
        SessionManager sessionManager = getBamboo().getSessionManager();
        HttpServletRequest request = ServletActionContext.getRequest();
        ElevatedSecurityGuard elevatedSecurityGuard = getElevatedSecurityGuard();
        try {
            if (elevatedSecurityGuard.performElevatedSecurityCheck(request, this.myUsername)) {
                this.mySessionId = sessionManager.login(this.myUsername, this.myPassword);
                elevatedSecurityGuard.onSuccessfulLoginAttempt(request, this.myUsername);
                return "success";
            }
            elevatedSecurityGuard.onFailedLoginAttempt(request, this.myUsername);
            addActionError("Attempt to log in user '" + this.myUsername + "' failed. The maximum number of failed login attempts has been reached. Please log into the web\napplication through the web interface to reset the number of failed login attempts.\"");
            return "fourOhThree";
        } catch (BambooRemoteException e) {
            elevatedSecurityGuard.onFailedLoginAttempt(request, this.myUsername);
            addActionError((Exception) e);
            return "error";
        }
    }

    public String getSessionId() {
        return this.mySessionId;
    }

    protected ElevatedSecurityGuard getElevatedSecurityGuard() {
        return ((SecurityConfig) ServletActionContext.getServletContext().getAttribute("seraph_config")).getElevatedSecurityGuard();
    }
}
