SUPPORT-9164: Fix

2025-05-13 10:09:43 +03:00 · 2025-05-13 10:09:43 +03:00 · aeeb8422dc
commit aeeb8422dc
parent 906a897372
3 changed files with 20 additions and 18 deletions
--- a/backend/src/main/java/ru/micord/ervu/security/esia/EsiaAuthInfoStore.java
+++ b/backend/src/main/java/ru/micord/ervu/security/esia/EsiaAuthInfoStore.java
@ -105,19 +105,24 @@ public class EsiaAuthInfoStore {
    });
  }

-  public static boolean containsState(String prnsUUID, String state) {
+  public static String getNotContainsStateErrorMessage(String prnsUUID, String state) {
    List<ExpiringState> states = PRNS_UUID_STATE_MAP.get(prnsUUID);
    if (states == null) {
-      return false;
+      return "State invalid. No state found for prnsUUID: " + prnsUUID;
    }
    long currentTime = System.currentTimeMillis();
-    states.removeIf(expiringState -> expiringState.getExpiryTime() < currentTime);
+
+    StringBuilder statesStringBuilder = new StringBuilder();
    for (ExpiringState expiringState : states) {
      if (expiringState.getState().equals(state)) {
-        return true;
+        if (expiringState.getExpiryTime() < currentTime) {
+          return "State invalid. State : " + state + " expired at : " + expiringState.getExpiryTime();
+        }
+        return null;
      }
+      statesStringBuilder.append(expiringState.getState(), 0, 8).append(", ");
    }
-    return false;
+    return "State invalid. Backend states :" + statesStringBuilder + " cookie state :" + state;
  }

  public static void removeState(String prnsUUID) {
--- a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
+++ b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
@ -34,8 +34,6 @@ import org.springframework.security.core.context.SecurityContext;
 import ru.micord.ervu.audit.constants.AuditConstants;
 import ru.micord.ervu.audit.service.AuditService;
 import org.springframework.web.util.WebUtils;
-import ru.micord.ervu.audit.constants.AuditConstants;
-import ru.micord.ervu.audit.service.AuditService;
 import ru.micord.ervu.kafka.model.Document;
 import ru.micord.ervu.kafka.model.Person;
 import ru.micord.ervu.kafka.model.Response;
@ -60,9 +58,6 @@ import ru.micord.ervu.security.webbpm.jwt.model.Token;

 import ru.cg.webbpm.modules.core.runtime.api.MessageBundleUtils;

-import static ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil.getCurrentUserEsiaId;
-import ru.cg.webbpm.modules.core.runtime.api.MessageBundleUtils;
-
 /**
 * @author Eduard Tihomirov
 */
@ -527,11 +522,9 @@ public class EsiaAuthService {
      return "State invalid. Cookie not found";
    }
    String prnsUUID = cookie.getValue();
-    if (!EsiaAuthInfoStore.containsState(prnsUUID, state)) {
-      return "State invalid. State from ESIA not equals with state before";
-    }
+    String errorMessage = EsiaAuthInfoStore.getNotContainsStateErrorMessage(prnsUUID, state);
    EsiaAuthInfoStore.removeState(prnsUUID);
-    securityHelper.clearCookie(response, PRNS_UUID, "/");
-    return null;
+    securityHelper.clearAccessCookie(response, PRNS_UUID);
+    return errorMessage;
  }
 }
--- a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/helper/SecurityHelper.java
+++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/helper/SecurityHelper.java
@ -26,6 +26,7 @@ public final class SecurityHelper {
  private boolean accessCookieSecure;
  @Value("${cookie.same.site:Lax}")
  private String accessCookieSameSite;
+  private static final String PRNS_UUID = "prns_uuid";

  @PostConstruct
  private void init() {
@ -36,9 +37,7 @@ public final class SecurityHelper {
  }

  public void clearAccessCookies(HttpServletResponse response) {
-    ResponseCookie emptyAuthToken = createCookie(AUTH_TOKEN, null, accessCookiePath)
-        .maxAge(0).build();
-    addResponseCookie(response, emptyAuthToken);
+    clearCookie(response, AUTH_TOKEN, accessCookiePath);

    ResponseCookie emptyAuthMarker = createCookie(AUTH_MARKER, null, "/")
        .maxAge(0)
@ -46,6 +45,7 @@ public final class SecurityHelper {
        .httpOnly(false)
        .build();
    addResponseCookie(response, emptyAuthMarker);
+    clearCookie(response, PRNS_UUID, accessCookiePath);
  }

  public void clearCookie(HttpServletResponse response, String name, String path) {
@ -96,4 +96,8 @@ public final class SecurityHelper {
  public ResponseCookie.ResponseCookieBuilder createAccessCookie(String name, String value) {
    return createCookie(name, value, accessCookiePath);
  }
+
+  public void clearAccessCookie(HttpServletResponse response, String name) {
+    clearCookie(response, name, accessCookiePath);
+  }
 }