package org.squashtest.tm.web.config;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.OncePerRequestFilter;
import org.squashtest.tm.core.foundation.logger.Logger;
import org.squashtest.tm.core.foundation.logger.LoggerFactory;
import org.squashtest.tm.web.backend.http.ContentTypes;

/* loaded from: input_file:org/squashtest/tm/web/config/CustomRestApiBasicAuthFilter.class */
public class CustomRestApiBasicAuthFilter extends OncePerRequestFilter {
    private static final Logger LOGGER = LoggerFactory.getLogger(CustomRestApiBasicAuthFilter.class);
    private static final String BASIC_AUTH_DISALLOWED = "Basic authentication is not allowed for REST API.";
    private static final String API_REST_URL_PART = "/api/rest/";

    @Value("${squash.rest-api.disallow-basic-authentication:#{true}}")
    private boolean disallowBasicAuth;

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (!this.disallowBasicAuth || !httpServletRequest.getRequestURI().contains(API_REST_URL_PART) || httpServletRequest.getHeader("Authorization") == null || !httpServletRequest.getHeader("Authorization").startsWith("Basic ")) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        LOGGER.error(BASIC_AUTH_DISALLOWED, new Object[0]);
        SecurityContextHolder.clearContext();
        httpServletResponse.setStatus(401);
        httpServletResponse.setContentType(ContentTypes.APPLICATION_JSON);
        httpServletResponse.getWriter().write(BASIC_AUTH_DISALLOWED);
    }
}
