micord/ervu-lkrp-fl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SUPPORT-9164: add logs

Browse source
This commit is contained in:
Eduard Tihomirov 2025-05-14 13:05:58 +03:00
parent 488174e1d6
commit 73b278d329
3 changed files with 24 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

1
backend/src/main/java/ru/micord/ervu/security/SecurityConstants.java
View file

@ -5,4 +5,5 @@ public class SecurityConstants {
public static final String AUTH_TOKEN = "auth_token";
public static final String AUTH_MARKER = "webbpm.ervu-lkrp-fl";
public static final String PRNS_UUID = "prns_uuid_fl";
public static final String STICKY_SESSION = "stickysession";
}

14
backend/src/main/java/ru/micord/ervu/security/esia/EsiaAuthInfoStore.java
View file

@ -106,10 +106,12 @@ public class EsiaAuthInfoStore {
});
}
public static void validateState(String prnsUUID, String state) {
public static void validateState(String prnsUUID, String state, String stickySession) {
List<ExpiringState> states = PRNS_UUID_STATE_MAP.get(prnsUUID);
if (states == null) {
throw new EsiaException("State invalid. No state found");
throw new EsiaException(
"State invalid. No state found. PrnsUUID: " + prnsUUID + ". State: " + state
+ ". Sticky session:" + stickySession);
}
long currentTime = System.currentTimeMillis();
@ -117,13 +119,17 @@ public class EsiaAuthInfoStore {
for (ExpiringState expiringState : states) {
if (expiringState.getState().equals(state)) {
if (expiringState.getExpiryTime() < currentTime) {
throw new EsiaException("State invalid. State : " + state + " expired at : " + expiringState.getExpiryTime());
throw new EsiaException(
"State invalid. PrnsUUID: " + prnsUUID + ". Sticky session:" + stickySession
+ ". State : " + state + " expired at : " + expiringState.getExpiryTime());
}
return;
}
statesStringBuilder.append(expiringState.getState(), 0, 8).append(", ");
}
throw new EsiaException("State invalid. Backend states :" + statesStringBuilder + " cookie state :" + state);
throw new EsiaException(
"State invalid. PrnsUUID: " + prnsUUID + ". Sticky session:" + stickySession
+ ". Backend states :" + statesStringBuilder + " cookie state :" + state);
}
public static void removeState(String prnsUUID) {

15
backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
View file

@ -59,6 +59,7 @@ import ru.micord.ervu.security.webbpm.jwt.model.Token;
import ru.cg.webbpm.modules.core.runtime.api.MessageBundleUtils;
import static ru.micord.ervu.security.SecurityConstants.PRNS_UUID;
import static ru.micord.ervu.security.SecurityConstants.STICKY_SESSION;
/**
* @author Eduard Tihomirov
@ -122,6 +123,10 @@ public class EsiaAuthService {
String clientSecret = signMap(parameters);
EsiaAuthInfoStore.addState(prnsUUID, state, esiaConfig.getEsiaStateCookieLifeTime(), esiaConfig.getEsiaLoginAttemptsCount());
Cookie stickySession = WebUtils.getCookie(request, STICKY_SESSION);
LOGGER.info("PrnsUUID: {}; State: {}; StickySession: {}", prnsUUID, state,
stickySession != null ? stickySession.getValue() : "is null"
);
ResponseCookie prnsCookie = securityHelper.createAccessCookie(PRNS_UUID, prnsUUID)
.maxAge(esiaConfig.getEsiaStateCookieLifeTime())
.build();
@ -516,15 +521,21 @@ public class EsiaAuthService {
private void verifyStateFromCookie(HttpServletRequest request, String state, HttpServletResponse response) {
Cookie cookie = WebUtils.getCookie(request, PRNS_UUID);
Cookie stickySessionCookie = WebUtils.getCookie(request, STICKY_SESSION);
String stickySession = stickySessionCookie != null ? stickySessionCookie.getValue() : "is null";
if (cookie == null) {
throw new EsiaException("State invalid. Cookie not found");
throw new EsiaException(
"State invalid. Cookie not found. State: " + state + ". Sticky session: " + stickySession);
}
String prnsUUID = cookie.getValue();
try {
EsiaAuthInfoStore.validateState(prnsUUID, state);
EsiaAuthInfoStore.validateState(prnsUUID, state, stickySession);
}
finally {
EsiaAuthInfoStore.removeState(prnsUUID);
LOGGER.info(
"Remove all states for prnsUUID: " + prnsUUID + ". State: " + state + ". Sticky session: "
+ stickySession);
securityHelper.clearAccessCookie(response, PRNS_UUID);
}
}