SUPPORT-8427: Fix

backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java

@@ -41,8 +41,6 @@ import ru.micord.ervu.security.webbpm.jwt.model.Token;
  */
 @Service
 public class EsiaAuthService {
-
-  private final static String CLIENT_CERTIFICATE_HASH = "04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD";
   private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
 
   @Autowired
@@ -90,7 +88,7 @@ public class EsiaAuthService {
           "client_secret", clientSecret,
           "response_type", responseType,
           "redirect_uri", redirectUrlEncoded,
-          "client_certificate_hash", CLIENT_CERTIFICATE_HASH);
+          "client_certificate_hash", esiaConfig.getClientCertHash());
 
       return makeRequest(url, params);
     }
@@ -158,7 +156,7 @@ public class EsiaAuthService {
           .setParameter("scope", scope)
           .setParameter("timestamp", timestamp)
           .setParameter("token_type", "Bearer")
-          .setParameter("client_certificate_hash", CLIENT_CERTIFICATE_HASH)
+          .setParameter("client_certificate_hash", esiaConfig.getClientCertHash())
           .toFormUrlencodedString();
       HttpRequest postReq = HttpRequest.newBuilder(URI.create(authUrl))
           .header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded")
@@ -198,9 +196,6 @@ public class EsiaAuthService {
       SecurityContextHolder.getContext()
           .setAuthentication(
               new UsernamePasswordAuthenticationToken(esiaAccessToken.getSbj_id(), null));
-
-      PersonModel personModel = personalDataService.getPersonModel(accessToken);
-      logger.info(personModel.toString());
       return true;
     }
     catch (Exception e) {
@@ -246,7 +241,7 @@ public class EsiaAuthService {
           .setParameter("scope", esiaConfig.getEsiaScopes())
           .setParameter("timestamp", timestamp)
           .setParameter("token_type", "Bearer")
-          .setParameter("client_certificate_hash", CLIENT_CERTIFICATE_HASH)
+          .setParameter("client_certificate_hash", esiaConfig.getClientCertHash())
           .toFormUrlencodedString();
       HttpRequest postReq = HttpRequest.newBuilder(URI.create(authUrl))
           .header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded")
@@ -274,9 +269,18 @@ public class EsiaAuthService {
       cookieRefresh.setPath("/");
       response.addCookie(cookieRefresh);
 
-      Cookie isAuthToken = new Cookie("is_auth", "true");
+      byte[] decodedBytes = Base64.getDecoder()
+          .decode(
+              accessToken.substring(accessToken.indexOf('.') + 1, accessToken.lastIndexOf('.')));
+      String decodedString = new String(decodedBytes);
+      EsiaAccessToken esiaAccessToken = objectMapper.readValue(decodedString, EsiaAccessToken.class);
+      Token token = jwtTokenService.createAccessToken(esiaAccessToken.getSbj_id(), tokenResponse.getExpires_in());
+      Cookie isAuthToken = new Cookie("auth_token", token.getValue());
       isAuthToken.setPath("/");
       response.addCookie(isAuthToken);
+      SecurityContextHolder.getContext()
+          .setAuthentication(
+              new UsernamePasswordAuthenticationToken(esiaAccessToken.getSbj_id(), null));
     }
     catch (Exception e) {
       throw new RuntimeException(e);

config/patches/default.cli

@@ -36,3 +36,4 @@ xa-data-source add \
 /system-property=esia-redirect-url:add(value="https://lkrp-dev.micord.ru/fl/")
 /system-property=sign-url:add(value="https://ervu-sign-dev.k8s.micord.ru/sign")
 /system-property=esia-uri.logout:add(value="https://esia-portal1.test.gosuslugi.ru/idp/ext/Logout")
+/system-property=client-cert-hash:add(value="04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD")

config/standalone/dev/standalone.xml

@@ -62,6 +62,7 @@
         <property name="esia-redirect-url" value="https://lkrp.micord.ru"/>
         <property name="sign-url" value="https://ervu-sign-dev.k8s.micord.ru/sign"/>
         <property name="sesia-uri.logout" value="https://esia-portal1.test.gosuslugi.ru/idp/ext/Logout"/>
+        <property name="client-cert-hash" value="04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD"/>
     </system-properties>
     <management>
         <audit-log>