package org.openvpms.web.security.login;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.openvpms.component.business.domain.im.security.User;
import org.openvpms.component.business.service.security.AuthenticationContext;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:org/openvpms/web/security/login/ForceChangePasswordFilter.class */
public class ForceChangePasswordFilter extends OncePerRequestFilter {
    private final AuthenticationContext context;

    public ForceChangePasswordFilter(AuthenticationContext authenticationContext) {
        this.context = authenticationContext;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        String servletPath = httpServletRequest.getServletPath();
        if ("/app".equals(servletPath) && userMustChangePassword()) {
            httpServletResponse.sendRedirect("changepassword");
            return;
        }
        if (!"/changepassword".equals(servletPath) || userMustChangePassword()) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            session.invalidate();
        }
        httpServletResponse.sendRedirect(getServletContext().getContextPath() + "/login");
    }

    private boolean userMustChangePassword() {
        User user = this.context.getUser();
        return user != null && user.getChangePassword();
    }
}
