Merge remote-tracking branch 'origin/master' into develop
# Conflicts: # backend/pom.xml # backend/src/main/java/ru/micord/ervu/controller/ErvuDataController.java # backend/src/main/java/ru/micord/ervu/security/esia/config/EsiaConfig.java # backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java # backend/src/main/java/ru/micord/ervu/security/esia/token/EsiaTokensStore.java # backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java # config/nginx.conf # distribution/pom.xml # frontend/pom.xml # pom.xml # resources/pom.xml
This commit is contained in:
Eduard Tihomirov
commit
90ec38852f
22 changed files with 275 additions and 204 deletions
|
|
@ -1,19 +1,11 @@
|
|||
package ru.micord.ervu.controller;
|
||||
|
||||
import com.google.protobuf.InvalidProtocolBufferException;
|
||||
import org.apache.kafka.common.utils.Bytes;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import ru.micord.ervu.converter.SummonsResponseDataConverter;
|
||||
import ru.micord.ervu.dto.SubpoenaRequestDto;
|
||||
import ru.micord.ervu.dto.SubpoenaResponseDto;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import proto.ervu.rp.summons.SummonsResponseData;
|
||||
import ru.micord.ervu.exception.ProtobufParsingException;
|
||||
import ru.micord.ervu.kafka.service.ReplyingKafkaService;
|
||||
import ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil;
|
||||
import ru.micord.ervu.dto.SubpoenaResponseDto;
|
||||
import ru.micord.ervu.service.SubpoenaService;
|
||||
|
||||
/**
|
||||
* @author gulnaz
|
||||
|
|
@ -21,41 +13,15 @@ import ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil;
|
|||
@RestController
|
||||
public class ErvuDataController {
|
||||
|
||||
private final ReplyingKafkaService<Object, Bytes> replyingKafkaService;
|
||||
private final SummonsResponseDataConverter converter;
|
||||
private final SubpoenaService subpoenaService;
|
||||
|
||||
@Value("${ervu.kafka.recruit.request.topic}")
|
||||
private String recruitRequestTopic;
|
||||
@Value("${ervu.kafka.recruit.reply.topic}")
|
||||
private String recruitReplyTopic;
|
||||
|
||||
public ErvuDataController(
|
||||
@Qualifier("recruit") ReplyingKafkaService<Object, Bytes> replyingKafkaService,
|
||||
SummonsResponseDataConverter converter) {
|
||||
this.replyingKafkaService = replyingKafkaService;
|
||||
this.converter = converter;
|
||||
@Autowired
|
||||
public ErvuDataController(SubpoenaService subpoenaService) {
|
||||
this.subpoenaService = subpoenaService;
|
||||
}
|
||||
|
||||
@GetMapping(
|
||||
value = "/recruit",
|
||||
produces = MediaType.APPLICATION_JSON_VALUE
|
||||
)
|
||||
@GetMapping(value = "/recruit", produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
public SubpoenaResponseDto getData() {
|
||||
String ervuId = SecurityUtil.getErvuId();
|
||||
|
||||
if (ervuId == null) {
|
||||
return new SubpoenaResponseDto.Builder().build();
|
||||
}
|
||||
SubpoenaRequestDto subpoenaRequestDto = new SubpoenaRequestDto(ervuId);
|
||||
byte[] reply = replyingKafkaService.sendMessageAndGetReply(recruitRequestTopic,
|
||||
recruitReplyTopic, subpoenaRequestDto).get();
|
||||
|
||||
try {
|
||||
SummonsResponseData responseData = SummonsResponseData.parseFrom(reply);
|
||||
return converter.convert(responseData);
|
||||
}
|
||||
catch (InvalidProtocolBufferException e) {
|
||||
throw new ProtobufParsingException("Failed to parse data", e);
|
||||
}
|
||||
return subpoenaService.getSubpoenaData();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -39,9 +39,11 @@ public class SummonsResponseDataConverter {
|
|||
.issueDate(responseData.getIssueDate())
|
||||
.issueOrg(responseData.getIssueOrg())
|
||||
.issueIdCode(responseData.getIssueIdCode())
|
||||
.militaryCommissariatName(responseData.getRecruitmentInfo().getMilitaryCommissariatName())
|
||||
.residenceAddress(getAddressByCode(responseData.getAddressesList(), RESIDENCE_ADDRESS_CODE))
|
||||
.stayAddress(getAddressByCode(responseData.getAddressesList(), STAY_ADDRESS_CODE))
|
||||
.actualAddress(getAddressByCode(responseData.getAddressesList(), ACTUAL_ADDRESS_CODE));
|
||||
|
||||
Optional<SummonsInfo> summonsInfoOpt = responseData.getSummonsInfosList().stream()
|
||||
// get last subpoena
|
||||
.max(Comparator.comparing(
|
||||
|
|
|
|||
|
|
@ -25,9 +25,7 @@ public class LogoutSuccessHandler
|
|||
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response,
|
||||
Authentication authentication) throws IOException {
|
||||
String url = esiaAuthService.logout(request, response);
|
||||
response.setStatus(HttpServletResponse.SC_OK);
|
||||
response.getWriter().write(url);
|
||||
response.getWriter().flush();
|
||||
response.sendRedirect(url);
|
||||
CsrfToken csrfToken = this.csrfTokenRepository.generateToken(request);
|
||||
this.csrfTokenRepository.saveToken(csrfToken, request, response);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,7 +25,6 @@ import ru.micord.ervu.security.webbpm.jwt.JwtMatcher;
|
|||
import ru.micord.ervu.security.webbpm.jwt.UnauthorizedEntryPoint;
|
||||
import ru.micord.ervu.security.webbpm.jwt.filter.JwtAuthenticationFilter;
|
||||
import ru.micord.ervu.security.webbpm.jwt.helper.SecurityHelper;
|
||||
import ru.micord.ervu.security.webbpm.jwt.service.JwtTokenService;
|
||||
|
||||
import static ru.micord.ervu.security.SecurityConstants.ESIA_LOGOUT;
|
||||
|
||||
|
|
@ -105,10 +104,9 @@ public class SecurityConfig {
|
|||
|
||||
@Bean
|
||||
public JwtAuthenticationFilter jwtAuthenticationFilter(SecurityHelper securityHelper,
|
||||
AuthenticationManager manager,
|
||||
JwtTokenService jwtTokenService) {
|
||||
AuthenticationManager manager) {
|
||||
JwtAuthenticationFilter jwtAuthenticationFilter = new JwtAuthenticationFilter(
|
||||
new JwtMatcher("/**", PERMIT_ALL), entryPoint(), securityHelper, jwtTokenService);
|
||||
new JwtMatcher("/**", PERMIT_ALL), entryPoint(), securityHelper);
|
||||
jwtAuthenticationFilter.setAuthenticationManager(manager);
|
||||
return jwtAuthenticationFilter;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -23,6 +23,9 @@ public class EsiaConfig {
|
|||
@Value("${esia.redirect.url}")
|
||||
private String redirectUrl;
|
||||
|
||||
@Value("${esia.logout.redirect.url}")
|
||||
private String logoutRedirectUrl;
|
||||
|
||||
@Value("${sign.url}")
|
||||
private String signUrl;
|
||||
|
||||
|
|
@ -93,6 +96,10 @@ public class EsiaConfig {
|
|||
return esiaTokenUrl;
|
||||
}
|
||||
|
||||
public String getLogoutRedirectUrl() {
|
||||
return logoutRedirectUrl;
|
||||
}
|
||||
|
||||
public String getSignVerifyUrl() {
|
||||
return signVerifyUrl;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,7 +16,6 @@ import java.util.LinkedHashMap;
|
|||
import java.util.Map;
|
||||
import java.util.Objects;
|
||||
import java.util.UUID;
|
||||
import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
|
|
@ -33,7 +32,7 @@ import ru.micord.ervu.kafka.model.Document;
|
|||
import ru.micord.ervu.kafka.model.Person;
|
||||
import ru.micord.ervu.kafka.model.Response;
|
||||
import ru.micord.ervu.kafka.service.ReplyingKafkaService;
|
||||
import ru.micord.ervu.security.esia.token.TokensStore;
|
||||
import ru.micord.ervu.security.esia.token.EsiaTokensStore;
|
||||
import ru.micord.ervu.security.esia.config.EsiaConfig;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.HttpHeaders;
|
||||
|
|
@ -120,7 +119,7 @@ public class EsiaAuthService {
|
|||
"redirect_uri", redirectUrlEncoded,
|
||||
"client_certificate_hash", esiaConfig.getClientCertHash());
|
||||
|
||||
return makeRequest(url, params);
|
||||
return buildUrl(url, params);
|
||||
}
|
||||
catch (Exception e) {
|
||||
throw new EsiaException(e);
|
||||
|
|
@ -147,12 +146,13 @@ public class EsiaAuthService {
|
|||
}
|
||||
}
|
||||
|
||||
private static String makeRequest(URL url, Map<String, String> params) {
|
||||
private static String buildUrl(URL url, Map<String, String> params) {
|
||||
StringBuilder uriBuilder = new StringBuilder(url.toString());
|
||||
uriBuilder.append('?');
|
||||
for (Map.Entry<String, String> node : params.entrySet()) {
|
||||
uriBuilder.append(node.getKey()).append('=').append(node.getValue()).append("&");
|
||||
}
|
||||
uriBuilder.deleteCharAt(uriBuilder.length() - 1);
|
||||
return uriBuilder.toString();
|
||||
}
|
||||
|
||||
|
|
@ -217,25 +217,15 @@ public ResponseEntity<?> getEsiaTokensByCode(String esiaAuthCode, String error,
|
|||
if (tokenResponse.getError() != null) {
|
||||
throw new EsiaException(tokenResponse.getErrorDescription());
|
||||
}
|
||||
String accessToken = tokenResponse.getAccessToken();
|
||||
String verifyResult = verifyToken(accessToken);
|
||||
if (verifyResult != null) {
|
||||
throw new EsiaException(verifyResult);
|
||||
}
|
||||
String refreshToken = tokenResponse.getRefreshToken();
|
||||
EsiaAccessToken esiaAccessToken = personalDataService.readToken(accessToken);
|
||||
String esiaAccessTokenStr = tokenResponse.getAccessToken();
|
||||
String esiaRefreshTokenStr = tokenResponse.getRefreshToken();
|
||||
EsiaAccessToken esiaAccessToken = personalDataService.readToken(esiaAccessTokenStr);
|
||||
String prnOid = esiaAccessToken.getSbjId();
|
||||
Long expiresIn = tokenResponse.getExpiresIn();
|
||||
TokensStore.addAccessToken(prnOid, accessToken, expiresIn);
|
||||
TokensStore.addRefreshToken(prnOid, refreshToken, expiresIn);
|
||||
Response ervuIdResponse = getErvuIdResponse(accessToken);
|
||||
EsiaTokensStore.addAccessToken(prnOid, esiaAccessTokenStr, expiresIn);
|
||||
EsiaTokensStore.addRefreshToken(prnOid, esiaRefreshTokenStr, expiresIn);
|
||||
Response ervuIdResponse = getErvuIdResponse(esiaAccessTokenStr);
|
||||
createTokenAndAddCookie(response, esiaAccessToken.getSbjId(), ervuIdResponse.getErvuId(), expiresIn);
|
||||
if (ervuIdResponse.getErrorData() != null) {
|
||||
return new ResponseEntity<>(
|
||||
"Доступ запрещен. " + ervuIdResponse.getErrorData().getName(),
|
||||
HttpStatus.FORBIDDEN
|
||||
);
|
||||
}
|
||||
return ResponseEntity.ok("Authentication successful");
|
||||
}
|
||||
catch (Exception e) {
|
||||
|
|
@ -296,18 +286,14 @@ public ResponseEntity<?> getEsiaTokensByCode(String esiaAuthCode, String error,
|
|||
if (tokenResponse != null && tokenResponse.getError() != null) {
|
||||
throw new EsiaException(tokenResponse.getErrorDescription());
|
||||
}
|
||||
String accessToken = tokenResponse.getAccessToken();
|
||||
String verifyResult = verifyToken(accessToken);
|
||||
if (verifyResult != null) {
|
||||
throw new EsiaException(verifyResult);
|
||||
}
|
||||
String newRefreshToken = tokenResponse.getRefreshToken();
|
||||
EsiaAccessToken esiaAccessToken = personalDataService.readToken(accessToken);
|
||||
String esiaAccessTokenStr = tokenResponse.getAccessToken();
|
||||
String esiaNewRefreshTokenStr = tokenResponse.getRefreshToken();
|
||||
EsiaAccessToken esiaAccessToken = personalDataService.readToken(esiaAccessTokenStr);
|
||||
String prnOid = esiaAccessToken.getSbjId();
|
||||
Long expiresIn = tokenResponse.getExpiresIn();
|
||||
TokensStore.addAccessToken(prnOid, accessToken, expiresIn);
|
||||
TokensStore.addRefreshToken(prnOid, newRefreshToken, expiresIn);
|
||||
Response ervuIdResponse = getErvuIdResponse(accessToken);
|
||||
EsiaTokensStore.addAccessToken(prnOid, esiaAccessTokenStr, expiresIn);
|
||||
EsiaTokensStore.addRefreshToken(prnOid, esiaNewRefreshTokenStr, expiresIn);
|
||||
Response ervuIdResponse = getErvuIdResponse(esiaAccessTokenStr);
|
||||
createTokenAndAddCookie(response, esiaAccessToken.getSbjId(), ervuIdResponse.getErvuId(), expiresIn);
|
||||
}
|
||||
catch (Exception e) {
|
||||
|
|
@ -351,15 +337,15 @@ public ResponseEntity<?> getEsiaTokensByCode(String esiaAuthCode, String error,
|
|||
try {
|
||||
securityHelper.clearAccessCookies(response);
|
||||
String userId = jwtTokenService.getUserAccountId(request);
|
||||
TokensStore.removeAccessToken(userId);
|
||||
TokensStore.removeRefreshToken(userId);
|
||||
EsiaTokensStore.removeAccessToken(userId);
|
||||
EsiaTokensStore.removeRefreshToken(userId);
|
||||
String logoutUrl = esiaConfig.getEsiaBaseUri() + esiaConfig.getEsiaLogoutUrl();
|
||||
String redirectUrl = esiaConfig.getRedirectUrl();
|
||||
String redirectUrl = esiaConfig.getLogoutRedirectUrl();
|
||||
URL url = new URL(logoutUrl);
|
||||
Map<String, String> params = mapOf(
|
||||
"client_id", esiaConfig.getClientId(),
|
||||
"redirect_url", redirectUrl);
|
||||
return makeRequest(url, params);
|
||||
return buildUrl(url, params);
|
||||
}
|
||||
catch (Exception e) {
|
||||
throw new EsiaException(e);
|
||||
|
|
@ -405,8 +391,7 @@ public ResponseEntity<?> getEsiaTokensByCode(String esiaAuthCode, String error,
|
|||
private void createTokenAndAddCookie(HttpServletResponse response, String userId, String ervuId,
|
||||
Long expiresIn) {
|
||||
Token token = jwtTokenService.createAccessToken(userId, expiresIn, ervuId);
|
||||
Cookie accessCookie = securityHelper.createAccessCookie(token.getValue(), expiresIn.intValue());
|
||||
response.addCookie(accessCookie);
|
||||
securityHelper.addAccessCookies(response, token.getValue(), expiresIn.intValue());
|
||||
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
|
||||
new UsernamePasswordAuthenticationToken(token.getUserAccountId(), null);
|
||||
SecurityContext context = SecurityContextHolder.createEmptyContext();
|
||||
|
|
@ -414,8 +399,6 @@ public ResponseEntity<?> getEsiaTokensByCode(String esiaAuthCode, String error,
|
|||
userId, token.getValue());
|
||||
context.setAuthentication(authentication);
|
||||
SecurityContextHolder.setContext(context);
|
||||
Cookie authMarkerCookie = securityHelper.createAuthMarkerCookie("true", expiresIn.intValue());
|
||||
response.addCookie(authMarkerCookie);
|
||||
}
|
||||
|
||||
private String verifyToken(String accessToken) {
|
||||
|
|
|
|||
|
|
@ -1,12 +1,17 @@
|
|||
package ru.micord.ervu.security.esia.token;
|
||||
|
||||
import java.lang.invoke.MethodHandles;
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
/**
|
||||
* @author Eduard Tihomirov
|
||||
*/
|
||||
public class TokensStore {
|
||||
public class EsiaTokensStore {
|
||||
private static final Logger LOGGER = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
|
||||
private static final Map<String, ExpiringToken> ACCESS_TOKENS_MAP = new ConcurrentHashMap<>();
|
||||
private static final Map<String, ExpiringToken> REFRESH_TOKENS_MAP = new ConcurrentHashMap<>();
|
||||
|
||||
|
|
@ -21,6 +26,19 @@ public class TokensStore {
|
|||
return ACCESS_TOKENS_MAP.get(prnOid).getAccessToken();
|
||||
}
|
||||
|
||||
public static boolean validateAccessToken(String prnOid) {
|
||||
ExpiringToken token = ACCESS_TOKENS_MAP.get(prnOid);
|
||||
if (token == null || token.getAccessToken() == null) {
|
||||
LOGGER.error("No ESIA access token for prnOid: " + prnOid);
|
||||
return false;
|
||||
}
|
||||
else if (token.isExpired()) {
|
||||
LOGGER.error("ESIA access token expired for prnOid: " + prnOid);
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
public static void removeExpiredAccessToken() {
|
||||
for (String key : ACCESS_TOKENS_MAP.keySet()) {
|
||||
ExpiringToken token = ACCESS_TOKENS_MAP.get(key);
|
||||
|
|
@ -14,7 +14,7 @@ public class TokensClearShedulerService {
|
|||
@SchedulerLock(name = "clearToken")
|
||||
@Transactional
|
||||
public void load() {
|
||||
TokensStore.removeExpiredRefreshToken();
|
||||
TokensStore.removeExpiredAccessToken();
|
||||
EsiaTokensStore.removeExpiredRefreshToken();
|
||||
EsiaTokensStore.removeExpiredAccessToken();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,8 @@ package ru.micord.ervu.security.webbpm.jwt;
|
|||
|
||||
import java.util.Collections;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import io.jsonwebtoken.ExpiredJwtException;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.authentication.AuthenticationProvider;
|
||||
|
|
@ -11,9 +13,13 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
|
|||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.context.request.RequestAttributes;
|
||||
import org.springframework.web.context.request.RequestContextHolder;
|
||||
import ru.micord.ervu.security.webbpm.jwt.model.Token;
|
||||
import ru.micord.ervu.security.webbpm.jwt.service.JwtTokenService;
|
||||
|
||||
import static org.springframework.web.context.request.RequestAttributes.REFERENCE_REQUEST;
|
||||
|
||||
@Component
|
||||
public class JwtAuthenticationProvider implements AuthenticationProvider {
|
||||
|
||||
|
|
@ -42,16 +48,26 @@ public class JwtAuthenticationProvider implements AuthenticationProvider {
|
|||
throw new BadCredentialsException("Authentication Failed.", e);
|
||||
}
|
||||
|
||||
if (!jwtTokenService.isValid(token)) {
|
||||
throw new BadCredentialsException("Auth token is not valid for user " + token.getUserAccountId());
|
||||
if (jwtTokenService.isValid(token)) {
|
||||
RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
|
||||
HttpServletRequest request = (HttpServletRequest) requestAttributes.resolveReference(
|
||||
REFERENCE_REQUEST);
|
||||
String[] ids = token.getUserAccountId().split(":");
|
||||
if (request == null) {
|
||||
throw new IllegalStateException("No request found in request attributes");
|
||||
}
|
||||
if (request.getRequestURI().endsWith("esia/logout") || ids.length == 2) {
|
||||
UsernamePasswordAuthenticationToken pwdToken =
|
||||
UsernamePasswordAuthenticationToken.authenticated(token.getUserAccountId(), null,
|
||||
Collections.emptyList()
|
||||
);
|
||||
|
||||
return new JwtAuthentication(pwdToken, token.getUserAccountId(), token.getValue());
|
||||
}
|
||||
}
|
||||
|
||||
UsernamePasswordAuthenticationToken pwdToken =
|
||||
UsernamePasswordAuthenticationToken.authenticated(token.getUserAccountId(), null,
|
||||
Collections.emptyList()
|
||||
);
|
||||
|
||||
return new JwtAuthentication(pwdToken, token.getUserAccountId(), token.getValue());
|
||||
throw new BadCredentialsException(
|
||||
"Auth token is not valid for user " + token.getUserAccountId());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ import javax.servlet.http.HttpServletResponse;
|
|||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.security.authentication.CredentialsExpiredException;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
|
|
@ -18,8 +17,6 @@ import org.springframework.security.web.authentication.AbstractAuthenticationPro
|
|||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
import ru.micord.ervu.security.webbpm.jwt.JwtAuthentication;
|
||||
import ru.micord.ervu.security.webbpm.jwt.helper.SecurityHelper;
|
||||
import ru.micord.ervu.security.webbpm.jwt.model.Token;
|
||||
import ru.micord.ervu.security.webbpm.jwt.service.JwtTokenService;
|
||||
|
||||
import static ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil.extractAuthToken;
|
||||
|
||||
|
|
@ -35,16 +32,12 @@ public class JwtAuthenticationFilter extends AbstractAuthenticationProcessingFil
|
|||
|
||||
private final SecurityHelper securityHelper;
|
||||
|
||||
private final JwtTokenService jwtTokenService;
|
||||
|
||||
public JwtAuthenticationFilter(RequestMatcher requestMatcher,
|
||||
AuthenticationEntryPoint entryPoint,
|
||||
SecurityHelper securityHelper,
|
||||
JwtTokenService jwtTokenService) {
|
||||
SecurityHelper securityHelper) {
|
||||
super(requestMatcher);
|
||||
this.entryPoint = entryPoint;
|
||||
this.securityHelper = securityHelper;
|
||||
this.jwtTokenService = jwtTokenService;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -58,18 +51,11 @@ public class JwtAuthenticationFilter extends AbstractAuthenticationProcessingFil
|
|||
}
|
||||
try {
|
||||
authentication = getAuthenticationManager().authenticate(authentication);
|
||||
if (!httpServletRequest.getRequestURI().endsWith("esia/logout")) {
|
||||
Token token = jwtTokenService.getToken(tokenStr);
|
||||
String[] ids = token.getUserAccountId().split(":");
|
||||
if (ids.length != 2) {
|
||||
throw new CredentialsExpiredException("Invalid token. User has no ervuId");
|
||||
}
|
||||
}
|
||||
}
|
||||
catch (CredentialsExpiredException e) {
|
||||
catch (AuthenticationException e) {
|
||||
LOGGER.warn(e.getMessage());
|
||||
securityHelper.clearAccessCookies(httpServletResponse);
|
||||
httpServletResponse.setStatus(401);
|
||||
LOGGER.warn(e.getMessage());
|
||||
return null;
|
||||
}
|
||||
return authentication;
|
||||
|
|
|
|||
|
|
@ -1,43 +1,89 @@
|
|||
package ru.micord.ervu.security.webbpm.jwt.helper;
|
||||
|
||||
import javax.servlet.http.Cookie;
|
||||
import java.net.IDN;
|
||||
import java.net.URLEncoder;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import javax.annotation.PostConstruct;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil;
|
||||
import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.http.ResponseCookie;
|
||||
import org.springframework.web.context.request.RequestAttributes;
|
||||
import org.springframework.web.context.request.RequestContextHolder;
|
||||
|
||||
import static org.springframework.web.context.request.RequestAttributes.REFERENCE_REQUEST;
|
||||
import static ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil.AUTH_MARKER;
|
||||
import static ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil.AUTH_TOKEN;
|
||||
import static ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil.createCookie;
|
||||
|
||||
public final class SecurityHelper {
|
||||
@Value("${cookie.path:#{null}}")
|
||||
private String accessCookiePath;
|
||||
@Value("${cookie.domain:#{null}}")
|
||||
private String accessCookieDomain;
|
||||
@Value("${cookie.secure:false}")
|
||||
private boolean accessCookieSecure;
|
||||
@Value("${cookie.same.site:Lax}")
|
||||
private String accessCookieSameSite;
|
||||
|
||||
@PostConstruct
|
||||
private void init() {
|
||||
|
||||
if (accessCookieDomain != null) {
|
||||
accessCookieDomain = IDN.toASCII(accessCookieDomain);
|
||||
}
|
||||
}
|
||||
|
||||
public void clearAccessCookies(HttpServletResponse response) {
|
||||
Cookie tokenCookie = createCookie(AUTH_TOKEN, null, null);
|
||||
tokenCookie.setMaxAge(0);
|
||||
tokenCookie.setPath(accessCookiePath);
|
||||
tokenCookie.setHttpOnly(true);
|
||||
response.addCookie(tokenCookie);
|
||||
ResponseCookie emptyAuthToken = createCookie(AUTH_TOKEN, null, accessCookiePath)
|
||||
.maxAge(0).build();
|
||||
addResponseCookie(response, emptyAuthToken);
|
||||
|
||||
Cookie markerCookie = createCookie(AUTH_MARKER, null, null);
|
||||
markerCookie.setMaxAge(0);
|
||||
markerCookie.setPath("/");
|
||||
response.addCookie(markerCookie);
|
||||
ResponseCookie emptyAuthMarker = createCookie(AUTH_MARKER, null, "/")
|
||||
.maxAge(0)
|
||||
.secure(false)
|
||||
.httpOnly(false)
|
||||
.build();
|
||||
addResponseCookie(response, emptyAuthMarker);
|
||||
}
|
||||
|
||||
public Cookie createAccessCookie(String cookieValue, int expiry) {
|
||||
Cookie authToken = createCookie(SecurityUtil.AUTH_TOKEN, cookieValue, accessCookiePath);
|
||||
authToken.setPath(accessCookiePath);
|
||||
authToken.setMaxAge(expiry);
|
||||
return authToken;
|
||||
private void addResponseCookie(HttpServletResponse response, ResponseCookie cookie) {
|
||||
response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString());
|
||||
}
|
||||
|
||||
public Cookie createAuthMarkerCookie(String cookieValue, int expiry) {
|
||||
Cookie marker = createCookie(AUTH_MARKER, cookieValue, "/");
|
||||
marker.setMaxAge(expiry);
|
||||
marker.setHttpOnly(false);
|
||||
return marker;
|
||||
public void addAccessCookies(HttpServletResponse response, String cookieValue, int expiry) {
|
||||
ResponseCookie authTokenCookie = createCookie(AUTH_TOKEN, cookieValue, accessCookiePath)
|
||||
.maxAge(expiry)
|
||||
.build();
|
||||
addResponseCookie(response, authTokenCookie);
|
||||
|
||||
ResponseCookie authMarker = createCookie(AUTH_MARKER, "true", "/")
|
||||
.maxAge(expiry)
|
||||
.secure(false)
|
||||
.httpOnly(false)
|
||||
.build();
|
||||
addResponseCookie(response, authMarker);
|
||||
}
|
||||
|
||||
public ResponseCookie.ResponseCookieBuilder createCookie(String name, String value, String path) {
|
||||
RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
|
||||
|
||||
if (requestAttributes == null) {
|
||||
throw new IllegalStateException("Must be called only in request context");
|
||||
}
|
||||
HttpServletRequest request = (HttpServletRequest) requestAttributes.resolveReference(
|
||||
REFERENCE_REQUEST);
|
||||
|
||||
if (request == null) {
|
||||
throw new IllegalStateException("Must be called only in request context");
|
||||
}
|
||||
String cookieValue = value != null ? URLEncoder.encode(value, StandardCharsets.UTF_8) : "";
|
||||
return ResponseCookie.from(name, cookieValue)
|
||||
.path(path != null ? path : request.getContextPath())
|
||||
.httpOnly(true)
|
||||
.domain(accessCookieDomain)
|
||||
.secure(accessCookieSecure)
|
||||
.sameSite(accessCookieSameSite);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ import org.slf4j.LoggerFactory;
|
|||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.stereotype.Component;
|
||||
import ru.micord.ervu.security.esia.token.TokensStore;
|
||||
import ru.micord.ervu.security.esia.token.EsiaTokensStore;
|
||||
import ru.micord.ervu.security.exception.UnauthorizedException;
|
||||
import ru.micord.ervu.security.webbpm.jwt.model.Token;
|
||||
|
||||
|
|
@ -35,9 +35,6 @@ public class JwtTokenService {
|
|||
ResourceMetadataUtils.PROJECT_GROUP_ID + "." + ResourceMetadataUtils.PROJECT_ARTIFACT_ID;
|
||||
private final SecretKey signingKey;
|
||||
|
||||
@Autowired
|
||||
private HttpServletRequest request;
|
||||
|
||||
@Autowired
|
||||
public JwtTokenService(@Value("${webbpm.security.token.secret.key:ZjE5ZjMxNmYtODViZC00ZTQ5LWIxZmYtOGEzYzE3Yjc1MDVk}")
|
||||
String secretKey) {
|
||||
|
|
@ -68,7 +65,8 @@ public class JwtTokenService {
|
|||
LOGGER.info("Token {} is expired ", token.getValue());
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
String[] ids = token.getUserAccountId().split(":");
|
||||
return EsiaTokensStore.validateAccessToken(ids[0]);
|
||||
}
|
||||
|
||||
public Token getToken(String token) {
|
||||
|
|
@ -80,17 +78,12 @@ public class JwtTokenService {
|
|||
return new Token(claims.getSubject(), claims.getIssuer(), claims.getExpiration(), token);
|
||||
}
|
||||
|
||||
public String getErvuId() {
|
||||
String extractAuthToken = extractAuthToken(request);
|
||||
return getToken(extractAuthToken).getUserAccountId().split(":")[1];
|
||||
}
|
||||
|
||||
public String getAccessToken(HttpServletRequest request) {
|
||||
return TokensStore.getAccessToken(getUserAccountId(request));
|
||||
return EsiaTokensStore.getAccessToken(getUserAccountId(request));
|
||||
}
|
||||
|
||||
public String getRefreshToken(HttpServletRequest request) {
|
||||
return TokensStore.getRefreshToken(getUserAccountId(request));
|
||||
return EsiaTokensStore.getRefreshToken(getUserAccountId(request));
|
||||
}
|
||||
|
||||
public String getUserAccountId(HttpServletRequest request) {
|
||||
|
|
|
|||
|
|
@ -1,20 +1,14 @@
|
|||
package ru.micord.ervu.security.webbpm.jwt.util;
|
||||
|
||||
import java.net.URLEncoder;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.util.Optional;
|
||||
import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.web.context.request.RequestAttributes;
|
||||
import org.springframework.web.context.request.RequestContextHolder;
|
||||
import org.springframework.web.util.WebUtils;
|
||||
import ru.micord.ervu.security.webbpm.jwt.JwtAuthentication;
|
||||
|
||||
import static org.springframework.web.context.request.RequestAttributes.REFERENCE_REQUEST;
|
||||
|
||||
public final class SecurityUtil {
|
||||
public static final String AUTH_TOKEN = "auth_token";
|
||||
|
||||
|
|
@ -24,24 +18,6 @@ public final class SecurityUtil {
|
|||
//empty
|
||||
}
|
||||
|
||||
public static Cookie createCookie(String name, String value, String path) {
|
||||
String cookieValue = value != null ? URLEncoder.encode(value, StandardCharsets.UTF_8) : null;
|
||||
Cookie cookie = new Cookie(name, cookieValue);
|
||||
RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
|
||||
HttpServletRequest request = (HttpServletRequest) requestAttributes.resolveReference(
|
||||
REFERENCE_REQUEST);
|
||||
|
||||
if (path != null) {
|
||||
cookie.setPath(path);
|
||||
}
|
||||
else {
|
||||
cookie.setPath(request.getContextPath());
|
||||
}
|
||||
cookie.setHttpOnly(true);
|
||||
|
||||
return cookie;
|
||||
}
|
||||
|
||||
public static String extractAuthToken(HttpServletRequest httpRequest) {
|
||||
Cookie cookie = WebUtils.getCookie(httpRequest, AUTH_TOKEN);
|
||||
return cookie != null ? cookie.getValue() : null;
|
||||
|
|
|
|||
|
|
@ -0,0 +1,51 @@
|
|||
package ru.micord.ervu.service;
|
||||
|
||||
import com.google.protobuf.InvalidProtocolBufferException;
|
||||
import org.apache.kafka.common.utils.Bytes;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.stereotype.Service;
|
||||
import proto.ervu.rp.summons.SummonsResponseData;
|
||||
import ru.micord.ervu.converter.SummonsResponseDataConverter;
|
||||
import ru.micord.ervu.dto.SubpoenaRequestDto;
|
||||
import ru.micord.ervu.dto.SubpoenaResponseDto;
|
||||
import ru.micord.ervu.kafka.service.ReplyingKafkaService;
|
||||
import ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil;
|
||||
|
||||
@Service
|
||||
public class SubpoenaService {
|
||||
|
||||
private final ReplyingKafkaService<Object, Bytes> replyingKafkaService;
|
||||
private final SummonsResponseDataConverter converter;
|
||||
|
||||
@Value("${ervu.kafka.recruit.request.topic}")
|
||||
private String recruitRequestTopic;
|
||||
@Value("${ervu.kafka.recruit.reply.topic}")
|
||||
private String recruitReplyTopic;
|
||||
|
||||
public SubpoenaService(
|
||||
@Qualifier("recruit") ReplyingKafkaService<Object, Bytes> replyingKafkaService,
|
||||
SummonsResponseDataConverter converter) {
|
||||
this.replyingKafkaService = replyingKafkaService;
|
||||
this.converter = converter;
|
||||
}
|
||||
|
||||
public SubpoenaResponseDto getSubpoenaData() {
|
||||
String ervuId = SecurityUtil.getErvuId();
|
||||
|
||||
if (ervuId == null) {
|
||||
return new SubpoenaResponseDto.Builder().build();
|
||||
}
|
||||
SubpoenaRequestDto subpoenaRequestDto = new SubpoenaRequestDto(ervuId);
|
||||
byte[] reply = replyingKafkaService.sendMessageAndGetReply(recruitRequestTopic,
|
||||
recruitReplyTopic, subpoenaRequestDto).get();
|
||||
|
||||
try {
|
||||
SummonsResponseData responseData = SummonsResponseData.parseFrom(reply);
|
||||
return converter.convert(responseData);
|
||||
}
|
||||
catch (InvalidProtocolBufferException e) {
|
||||
throw new RuntimeException("Failed to parse data", e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -3,6 +3,9 @@ package ru.micord.ervu.service.rpc;
|
|||
import java.util.List;
|
||||
|
||||
import model.FieldData;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import ru.micord.ervu.dto.SubpoenaResponseDto;
|
||||
import ru.micord.ervu.service.SubpoenaService;
|
||||
import service.container.FormService;
|
||||
|
||||
import ru.cg.webbpm.modules.standard_annotations.validation.NotNull;
|
||||
|
|
@ -19,8 +22,13 @@ public class LoadFormRpcService extends Behavior {
|
|||
@NotNull
|
||||
public FormService formService;
|
||||
|
||||
//todo: Remove this shit
|
||||
@Autowired
|
||||
public SubpoenaService subpoenaService;
|
||||
|
||||
@RpcCall
|
||||
public List<FieldData> loadData(Object dto) {
|
||||
return formService.loadData(dto);
|
||||
public List<FieldData> loadData() {
|
||||
SubpoenaResponseDto subpoenaData = subpoenaService.getSubpoenaData();
|
||||
return formService.loadData(subpoenaData);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -760,6 +760,10 @@ JBPM использует 3 корневых категории логирова
|
|||
Важно: `ESIA_REDIRECT_URL` должна содержать полный адрес вплоть до последнего слэша:
|
||||
> - https://lkul.ervu.loc/ - правильное значение параметра
|
||||
> - https://lkul.ervu.loc - неправильное значение параметра
|
||||
- `ESIA_LOGOUT_REDIRECT_URL` - ссылка, по которой должен быть направлен пользователь после logout-a
|
||||
Важно: `ESIA_LOGOUT_REDIRECT_URL` должна содержать полный адрес вплоть до последнего слэша:
|
||||
> - https://lkul.ervu.loc/home.html - правильное значение параметра
|
||||
> - https://lkul.ervu.loc - неправильное значение параметра
|
||||
|
||||
- `SIGN_URL` - url для подписания с помощью КриптоПро секрета клиента, необходимого для аутентификации через ЕСИА
|
||||
- `ESIA_CLIENT_CERT_HASH` - параметр, содержащий хэш сертификата (fingerprint сертификата) системы-клиента в hex–формате
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ ESIA_BASE_URI=https://esia-portal1.test.gosuslugi.ru/
|
|||
ESIA_CLIENT_ID=MNSV89
|
||||
ESIA_CLIENT_CERT_HASH=04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD
|
||||
ESIA_REDIRECT_URL=https://lkrp-dev.micord.ru/fl/
|
||||
ESIA_LOGOUT_REDIRECT_URL=https://lkrp-dev.micord.ru/fl/home.html
|
||||
|
||||
SIGN_URL=https://ervu-sign-dev.k8s.micord.ru/sign
|
||||
SIGN_VERIFY_URL=https://ervu-sign-dev.k8s.micord.ru/verify
|
||||
|
|
|
|||
|
|
@ -78,7 +78,12 @@ http {
|
|||
root /frontend;
|
||||
index index.html;
|
||||
try_files $uri @index;
|
||||
|
||||
|
||||
#Application config
|
||||
location = /src/resources/app-config.json {
|
||||
add_header Cache-Control "no-cache";
|
||||
expires 0;
|
||||
}
|
||||
# Media: images, icons, video, audio, HTC
|
||||
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|mp3|ogg|ogv|webm|htc|woff2|woff|ttf)$ {
|
||||
expires 1M;
|
||||
|
|
@ -96,7 +101,7 @@ http {
|
|||
|
||||
location @index {
|
||||
root /frontend;
|
||||
add_header Cache-Control no-cache;
|
||||
add_header Cache-Control "no-cache";
|
||||
expires 0;
|
||||
try_files /index.html =404;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,6 +4,9 @@
|
|||
<title>Личный кабинет физ.лица</title>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<meta http-equiv="Content-Security-Policy"
|
||||
content="default-src 'self'; script-src 'self'; style-src 'unsafe-inline' 'self' data:; font-src 'self' data:; img-src 'self' data:"/>
|
||||
<meta name="referrer" content="strict-origin-when-cross-origin"/>
|
||||
<link rel="icon" type="image/png" href="src/resources/img/logo.png"/>
|
||||
</head>
|
||||
<body webbpm class="webbpm ervu_lkrp_fl">
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
<form #logoutForm method="post" [action]="formAction" hidden style="display: none">
|
||||
<input type="hidden" name="_csrf" [value]="csrfValue"/>
|
||||
</form>
|
||||
<button class="user-info" ngbDropdownToggle *ngIf="getIsAuth()">{{getUserFullname()}}</button>
|
||||
<div ngbDropdownMenu *ngIf="getIsAuth()">
|
||||
<a routerLink="/mydata" class="data">Мои данные</a>
|
||||
<button ngbDropdownItem class="exit" (click)="logout()">Выйти</button>
|
||||
<button ngbDropdownItem class="exit" (click)="logoutForm.submit()">Выйти</button>
|
||||
</div>
|
||||
<button class="exit" *ngIf="!getIsAuth()" (click)="logout()">Выйти</button>
|
||||
<button class="exit" *ngIf="!getIsAuth()" (click)="logoutForm.submit()">Выйти</button>
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
import {Form} from "@webbpm/base-package";
|
||||
import {ChangeDetectionStrategy, Component} from "@angular/core";
|
||||
import {ErvuDataService} from "../../../modules/app/service/ervu-data.service";
|
||||
import {Subscription} from "rxjs";
|
||||
import {LoadFormRpcService} from "../../../generated/ru/micord/ervu/service/rpc/LoadFormRpcService";
|
||||
|
||||
@Component({
|
||||
|
|
@ -14,25 +13,16 @@ export class LoadForm extends Form {
|
|||
|
||||
private formRpcService: LoadFormRpcService;
|
||||
private ervuDataService: ErvuDataService;
|
||||
private subscription: Subscription;
|
||||
|
||||
private valuesData: string;
|
||||
|
||||
initialize() {
|
||||
super.initialize();
|
||||
this.formRpcService = this.getScript(LoadFormRpcService);
|
||||
this.ervuDataService = this.injector.get(ErvuDataService);
|
||||
this.subscription = this.ervuDataService.message.subscribe(value => {
|
||||
if (value) {
|
||||
this.valuesData = value;
|
||||
this.loadData();
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
loadData(): Promise<any> {
|
||||
return this.formRpcService
|
||||
.loadData(this.valuesData)
|
||||
.loadData()
|
||||
.then(fieldDataList => this.setData(fieldDataList))
|
||||
.catch(reason => {
|
||||
throw new Error(reason);
|
||||
|
|
@ -49,6 +39,5 @@ export class LoadForm extends Form {
|
|||
|
||||
ngOnDestroy() {
|
||||
super.ngOnDestroy();
|
||||
this.subscription.unsubscribe();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,21 +1,45 @@
|
|||
import {ChangeDetectorRef, Component, OnInit} from "@angular/core";
|
||||
import {HttpClient} from "@angular/common/http";
|
||||
import {ChangeDetectorRef, Component, DoCheck, OnInit} from "@angular/core";
|
||||
import {HttpClient, HttpXsrfTokenExtractor} from "@angular/common/http";
|
||||
import {CookieService} from "ngx-cookie";
|
||||
import {AppConfigService} from "@webbpm/base-package";
|
||||
|
||||
@Component({
|
||||
moduleId: module.id,
|
||||
selector: "[log-out]",
|
||||
templateUrl: "../../../../../src/resources/template/app/component/log_out.html"
|
||||
})
|
||||
export class LogOutComponent implements OnInit{
|
||||
export class LogOutComponent implements OnInit, DoCheck{
|
||||
private static readonly BACKEND_URL: string = "backend.url";
|
||||
private static readonly BACKEND_CONTEXT: string = "backend.context";
|
||||
private static readonly LOGOUT_URL_POSTFIX: string = "/esia/logout";
|
||||
|
||||
private userFullname: string;
|
||||
csrfValue: any;
|
||||
formAction: any;
|
||||
|
||||
constructor(private httpClient: HttpClient,
|
||||
private cookieService: CookieService, private cd: ChangeDetectorRef) {
|
||||
private cookieService: CookieService,
|
||||
private appConfigService: AppConfigService,
|
||||
private tokenExtractor: HttpXsrfTokenExtractor,
|
||||
private cd: ChangeDetectorRef) {
|
||||
let backendUrl = this.appConfigService.getParamValue(LogOutComponent.BACKEND_URL);
|
||||
let backendContext = this.appConfigService.getParamValue(
|
||||
LogOutComponent.BACKEND_CONTEXT);
|
||||
|
||||
if (backendUrl) {
|
||||
this.formAction = `${backendUrl}${LogOutComponent.LOGOUT_URL_POSTFIX}`;
|
||||
}
|
||||
else if (backendContext) {
|
||||
this.formAction = `/${backendContext}${LogOutComponent.LOGOUT_URL_POSTFIX}`;
|
||||
}
|
||||
}
|
||||
|
||||
ngDoCheck(): void {
|
||||
this.csrfValue = this.tokenExtractor.getToken();
|
||||
}
|
||||
|
||||
ngOnInit(): void {
|
||||
this.csrfValue = this.tokenExtractor.getToken();
|
||||
let isAuth = this.getIsAuth();
|
||||
if (isAuth) {
|
||||
Promise.all([
|
||||
|
|
@ -27,12 +51,6 @@ export class LogOutComponent implements OnInit{
|
|||
}
|
||||
}
|
||||
|
||||
logout(): Promise<any> {
|
||||
return this.httpClient.post<string>('esia/logout', {}, { responseType: 'text' as 'json' }).toPromise().then(url => {
|
||||
window.open(url, "_self");
|
||||
});
|
||||
}
|
||||
|
||||
public getUserFullname(): string {
|
||||
return this.userFullname;
|
||||
}
|
||||
|
|
@ -40,4 +58,4 @@ export class LogOutComponent implements OnInit{
|
|||
public getIsAuth(): boolean {
|
||||
return this.cookieService.get("webbpm.ervu-lkrp-fl") != null;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue