package com.lqkj.link.config.auth;

import com.lqkj.link.module.authority.service.DatabaseUserDetailService;
import com.lqkj.link.util.RSAUtils;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * oauth2验证
 */
public class LoginAuthenticationProvider extends DaoAuthenticationProvider {
    private final PasswordEncoder passwordEncoder;
    public LoginAuthenticationProvider(DatabaseUserDetailService userDetailsService, PasswordEncoder passwordEncoder) {
        setUserDetailsService(userDetailsService);
        this.passwordEncoder = passwordEncoder;
    }

    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
        //在接收到符合权限的帐号密码后进行再处理
        if (authentication.getCredentials() == null) {
            this.logger.debug("Authentication failed: no credentials provided");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        } else {
            String pw;
            //如果位数为172则先解密
            if (authentication.getCredentials().toString().length() != 172) {
                this.logger.debug("Authentication failed: password length error");
                throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
            }
            pw = RSAUtils.decryptBase64(authentication.getCredentials().toString());
            DatabaseUserDetailService userDetailsService = (DatabaseUserDetailService) getUserDetailsService();
            if (userDetailsService.isLocked(userDetails.getUsername())) {//账号是否被冻结
                throw new LockedException("账号已被冻结,请稍后重试");
            }
            if (!passwordEncoder.matches(pw, userDetails.getPassword())) {
                throw new LockedException(userDetailsService.lockedUser(userDetails.getUsername()));
            }else {
                userDetailsService.unlockedUser(userDetails.getUsername());
            }
        }
    }
}