package org.craftercms.studio.impl.v2.security.listener;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.beans.ConstructorProperties;
import org.craftercms.commons.http.RequestContext;
import org.craftercms.studio.api.v1.exception.ServiceLayerException;
import org.craftercms.studio.api.v2.dal.User;
import org.craftercms.studio.api.v2.event.user.UserUpdatedEvent;
import org.craftercms.studio.api.v2.event.user.UsersDeletedEvent;
import org.craftercms.studio.api.v2.service.security.AccessTokenService;
import org.springframework.context.event.EventListener;
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
import org.springframework.security.authentication.event.LogoutSuccessEvent;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;

/* loaded from: input_file:org/craftercms/studio/impl/v2/security/listener/AccessTokenAuthenticationListener.class */
public class AccessTokenAuthenticationListener {
    protected AccessTokenService accessTokenService;

    @ConstructorProperties({"accessTokenService"})
    public AccessTokenAuthenticationListener(AccessTokenService accessTokenService) {
        this.accessTokenService = accessTokenService;
    }

    @EventListener
    public void refreshAuthCookies(AuthenticationSuccessEvent authenticationSuccessEvent) throws ServiceLayerException {
        Authentication authentication = authenticationSuccessEvent.getAuthentication();
        if (authentication instanceof PreAuthenticatedAuthenticationToken) {
            return;
        }
        HttpServletRequest request = RequestContext.getCurrent().getRequest();
        HttpServletResponse response = RequestContext.getCurrent().getResponse();
        this.accessTokenService.updateRefreshToken(authentication, response);
        this.accessTokenService.refreshPreviewCookie(authentication, request, response);
    }

    @EventListener
    public void deleteTokens(LogoutSuccessEvent logoutSuccessEvent) {
        if (logoutSuccessEvent.getAuthentication() instanceof PreAuthenticatedAuthenticationToken) {
            return;
        }
        this.accessTokenService.deleteRefreshToken(((User) logoutSuccessEvent.getAuthentication().getPrincipal()).getId());
        this.accessTokenService.deletePreviewCookie(RequestContext.getCurrent().getResponse());
    }

    @EventListener
    public void onUserUpdated(UserUpdatedEvent userUpdatedEvent) {
        this.accessTokenService.deleteRefreshToken(userUpdatedEvent.getUserId());
    }

    @EventListener
    public void onUserDeleted(UsersDeletedEvent usersDeletedEvent) {
        this.accessTokenService.deleteUsersTokens(usersDeletedEvent.getUserIds());
    }
}
