SUPPORT-9171: Fix

backend/src/main/java/ru/micord/ervu/security/esia/EsiaAuthInfoStore.java

@@ -12,6 +12,7 @@ import org.springframework.context.support.MessageSourceAccessor;
 import ru.micord.ervu.security.esia.exception.EsiaException;
 import ru.micord.ervu.security.esia.model.ExpiringState;
 import ru.micord.ervu.security.esia.model.ExpiringToken;
+import ru.micord.ervu.security.exception.UnauthorizedException;
 
 import ru.cg.webbpm.modules.core.runtime.api.LocalizedException;
 import ru.cg.webbpm.modules.core.runtime.api.MessageBundleUtils;
@@ -35,7 +36,14 @@ public class EsiaAuthInfoStore {
   }
 
   public static String getAccessToken(String prnOid) {
-    return ACCESS_TOKENS_MAP.get(prnOid).getAccessToken();
+    ExpiringToken token = ACCESS_TOKENS_MAP.get(prnOid);
+    if (token == null || token.getAccessToken() == null) {
+      throw new UnauthorizedException("Failed to get access token. No access token found for prnOid: " + prnOid);
+    }
+    else if (token.isExpired()) {
+      throw new UnauthorizedException("Failed to get access token. Access token is expired for prnOid: " + prnOid);
+    }
+    return token.getAccessToken();
   }
 
   public static boolean validateAccessToken(String prnOid) {

backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java

@@ -52,6 +52,7 @@ import org.springframework.http.HttpHeaders;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
+import ru.micord.ervu.security.exception.UnauthorizedException;
 import ru.micord.ervu.security.webbpm.jwt.JwtAuthentication;
 import ru.micord.ervu.security.webbpm.jwt.helper.SecurityHelper;
 import ru.micord.ervu.security.webbpm.jwt.service.JwtTokenService;
@@ -400,16 +401,18 @@ public class EsiaAuthService {
     try {
       try {
         String userId = jwtTokenService.getUserAccountId(request);
-        String accessToken = EsiaAuthInfoStore.getAccessToken(userId);
+        String accessToken = jwtTokenService.getAccessTokenByUserId(userId);
         personModel = personalDataService.getPersonModel(accessToken);
-        securityHelper.clearAccessCookies(response);
         EsiaAuthInfoStore.removeAccessToken(userId);
         EsiaAuthInfoStore.removeRefreshToken(userId);
       }
-      catch (Exception e) {
+      catch (UnauthorizedException e) {
         //logout should always happen
       }
-
+      catch (Exception e) {
+        LOGGER.error(e.getMessage());
+      }
+      securityHelper.clearAccessCookies(response);
       String logoutUrl = esiaConfig.getEsiaBaseUri() + esiaConfig.getEsiaLogoutUrl();
       String redirectUrl = esiaConfig.getLogoutRedirectUrl();
       URL url = new URL(logoutUrl);

backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java

@@ -88,6 +88,10 @@ public class JwtTokenService {
     return EsiaAuthInfoStore.getRefreshToken(getUserAccountId(request));
   }
 
+  public String getAccessTokenByUserId(String userId) {
+    return EsiaAuthInfoStore.getAccessToken(userId);
+  }
+
   public String getUserAccountId(HttpServletRequest request) {
     String authToken = extractAuthToken(request);