micord/ervu-lkrp-fl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SUPPORT-8682: Fix

Browse source
This commit is contained in:
Eduard Tihomirov 2024-11-20 10:19:01 +03:00
parent 8bfbd20525
commit 79adb832bb
1 changed files with 24 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

63
backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
View file

@ -12,7 +12,10 @@ import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.time.ZonedDateTime;
import java.time.format.DateTimeFormatter;
import java.util.*;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Objects;
import java.util.UUID;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@ -52,6 +55,7 @@ import ru.micord.ervu.security.webbpm.jwt.model.Token;
@Service
public class EsiaAuthService {
private static final Logger LOGGER = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
private static final Long EXPIRES_IN = 3600L;
@Autowired
private ObjectMapper objectMapper;
@ -213,19 +217,7 @@ public ResponseEntity<?> getEsiaTokensByCode(String esiaAuthCode, String error,
TokensStore.addAccessToken(prnOid, accessToken, expiresIn);
TokensStore.addRefreshToken(prnOid, refreshToken, expiresIn);
Response ervuIdResponse = getErvuIdResponse(accessToken);
Token token = jwtTokenService.createAccessToken(esiaAccessToken.getSbj_id(), expiresIn, ervuIdResponse.getErvuId());
int expiry = tokenResponse.getExpires_in().intValue();
Cookie accessCookie = securityHelper.createAccessCookie(token.getValue(), expiry);
response.addCookie(accessCookie);
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
new UsernamePasswordAuthenticationToken(token.getUserAccountId(), null);
SecurityContext context = SecurityContextHolder.createEmptyContext();
JwtAuthentication authentication = new JwtAuthentication(usernamePasswordAuthenticationToken,
esiaAccessToken.getSbj_id(), token.getValue());
context.setAuthentication(authentication);
SecurityContextHolder.setContext(context);
Cookie authMarkerCookie = securityHelper.createAuthMarkerCookie("true", expiry);
response.addCookie(authMarkerCookie);
createTokenAndAddCookie(response, esiaAccessToken.getSbj_id(), ervuIdResponse.getErvuId(), expiresIn);
if (ervuIdResponse.getErrorData() != null) {
return new ResponseEntity<>(
"Доступ запрещен. " + ervuIdResponse.getErrorData().getName(),
@ -235,18 +227,7 @@ public ResponseEntity<?> getEsiaTokensByCode(String esiaAuthCode, String error,
return ResponseEntity.ok("Authentication successful");
}
catch (Exception e) {
Token token = jwtTokenService.createAccessToken(null, 3600L, null);
Cookie accessCookie = securityHelper.createAccessCookie(token.getValue(), 3600);
response.addCookie(accessCookie);
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
new UsernamePasswordAuthenticationToken(token.getUserAccountId(), null);
SecurityContext context = SecurityContextHolder.createEmptyContext();
JwtAuthentication authentication = new JwtAuthentication(usernamePasswordAuthenticationToken,
null, token.getValue());
context.setAuthentication(authentication);
SecurityContextHolder.setContext(context);
Cookie authMarkerCookie = securityHelper.createAuthMarkerCookie("true", 3600);
response.addCookie(authMarkerCookie);
createTokenAndAddCookie(response, null, null, EXPIRES_IN);
String messageId = getMessageId(e);
String messageWithId = String.format("[%s] %s", messageId, e.getMessage());
LOGGER.error(messageWithId, e);
@ -311,19 +292,7 @@ public ResponseEntity<?> getEsiaTokensByCode(String esiaAuthCode, String error,
TokensStore.addAccessToken(prnOid, accessToken, expiresIn);
TokensStore.addRefreshToken(prnOid, newRefreshToken, expiresIn);
Response ervuIdResponse = getErvuIdResponse(accessToken);
Token token = jwtTokenService.createAccessToken(esiaAccessToken.getSbj_id(), expiresIn, ervuIdResponse.getErvuId());
int expiry = tokenResponse.getExpires_in().intValue();
Cookie accessCookie = securityHelper.createAccessCookie(token.getValue(), expiry);
response.addCookie(accessCookie);
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
new UsernamePasswordAuthenticationToken(token.getUserAccountId(), null);
SecurityContext context = SecurityContextHolder.createEmptyContext();
JwtAuthentication authentication = new JwtAuthentication(usernamePasswordAuthenticationToken,
esiaAccessToken.getSbj_id(), token.getValue());
context.setAuthentication(authentication);
SecurityContextHolder.setContext(context);
Cookie authMarkerCookie = securityHelper.createAuthMarkerCookie("true", expiry);
response.addCookie(authMarkerCookie);
createTokenAndAddCookie(response, esiaAccessToken.getSbj_id(), ervuIdResponse.getErvuId(), expiresIn);
}
catch (Exception e) {
throw new RuntimeException(e);
@ -424,4 +393,20 @@ public ResponseEntity<?> getEsiaTokensByCode(String esiaAuthCode, String error,
}
return null;
}
private void createTokenAndAddCookie(HttpServletResponse response, String userId, String ervuId,
Long expiresIn) {
Token token = jwtTokenService.createAccessToken(userId, expiresIn, ervuId);
Cookie accessCookie = securityHelper.createAccessCookie(token.getValue(), expiresIn.intValue());
response.addCookie(accessCookie);
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
new UsernamePasswordAuthenticationToken(token.getUserAccountId(), null);
SecurityContext context = SecurityContextHolder.createEmptyContext();
JwtAuthentication authentication = new JwtAuthentication(usernamePasswordAuthenticationToken,
userId, token.getValue());
context.setAuthentication(authentication);
SecurityContextHolder.setContext(context);
Cookie authMarkerCookie = securityHelper.createAuthMarkerCookie("true", expiresIn.intValue());
response.addCookie(authMarkerCookie);
}
}