Merge branch 'hotfix/1.9.10' into feature/SUPPORT-8822

# Conflicts:
#	backend/pom.xml
#	distribution/pom.xml
#	frontend/pom.xml
#	pom.xml
#	resources/pom.xml

backend/src/main/java/ru/micord/ervu/audit/config/AuditDisabledCondition.java

@@ -0,0 +1,19 @@
+package ru.micord.ervu.audit.config;
+
+import org.springframework.context.annotation.Condition;
+import org.springframework.context.annotation.ConditionContext;
+import org.springframework.core.env.Environment;
+import org.springframework.core.type.AnnotatedTypeMetadata;
+
+/**
+ * @author Adel Kalimullin
+ */
+public class AuditDisabledCondition implements Condition {
+  private static final String AUDIT_ENABLED_PROPERTY_NAME = "audit.kafka.enabled";
+
+  @Override
+  public boolean matches(ConditionContext context, AnnotatedTypeMetadata metadata) {
+    Environment env = context.getEnvironment();
+    return !Boolean.parseBoolean(env.getProperty(AUDIT_ENABLED_PROPERTY_NAME));
+  }
+}

backend/src/main/java/ru/micord/ervu/audit/config/AuditEnabledCondition.java

@@ -0,0 +1,20 @@
+package ru.micord.ervu.audit.config;
+
+
+import org.springframework.context.annotation.Condition;
+import org.springframework.context.annotation.ConditionContext;
+import org.springframework.core.env.Environment;
+import org.springframework.core.type.AnnotatedTypeMetadata;
+
+/**
+ * @author Adel Kalimullin
+ */
+public class AuditEnabledCondition implements Condition {
+  private static final String AUDIT_ENABLED_PROPERTY_NAME = "audit.kafka.enabled";
+
+  @Override
+  public boolean matches(ConditionContext context, AnnotatedTypeMetadata metadata) {
+    Environment env = context.getEnvironment();
+    return Boolean.parseBoolean(env.getProperty(AUDIT_ENABLED_PROPERTY_NAME));
+  }
+}

backend/src/main/java/ru/micord/ervu/audit/config/AuditKafkaConfig.java

@@ -11,6 +11,7 @@ import org.apache.kafka.common.config.SaslConfigs;
 import org.apache.kafka.common.serialization.StringSerializer;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Conditional;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.kafka.config.TopicBuilder;
 import org.springframework.kafka.core.DefaultKafkaProducerFactory;
@@ -22,6 +23,7 @@ import org.springframework.kafka.core.ProducerFactory;
  * @author Adel Kalimullin
  */
 @Configuration
+@Conditional(AuditEnabledCondition.class)
 public class AuditKafkaConfig {
   @Value("${audit.kafka.bootstrap.servers}")
   private String bootstrapServers;
@@ -35,11 +37,11 @@ public class AuditKafkaConfig {
   private String password;
   @Value("${audit.kafka.sasl.mechanism}")
   private String saslMechanism;
-  @Value("${audit.kafka.authorization.topic}")
+  @Value("${audit.kafka.authorization.topic:ervu.lkrp.auth.events}")
   private String authorizationTopic;
-  @Value("${audit.kafka.action.topic}")
+  @Value("${audit.kafka.action.topic:ervu.lkrp.action.events}")
   private String actionTopic;
-  @Value("${audit.kafka.file.download.topic}")
+  @Value("${audit.kafka.file.download.topic:ervu.lkrp.import.file}")
   private String fileDownloadTopic;
 
   @Bean("auditProducerFactory")

backend/src/main/java/ru/micord/ervu/audit/service/impl/BaseAuditKafkaPublisher.java

@@ -3,20 +3,20 @@ package ru.micord.ervu.audit.service.impl;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Conditional;
 import org.springframework.kafka.core.KafkaTemplate;
 import org.springframework.stereotype.Service;
+import ru.micord.ervu.audit.config.AuditEnabledCondition;
 import ru.micord.ervu.audit.service.AuditKafkaPublisher;
 
 /**
  * @author Adel Kalimullin
  */
 @Service
+@Conditional(AuditEnabledCondition.class)
 public class BaseAuditKafkaPublisher implements AuditKafkaPublisher {
   private static final Logger LOGGER = LoggerFactory.getLogger(BaseAuditKafkaPublisher.class);
   private final KafkaTemplate<String, String> kafkaTemplate;
-  @Value("${audit.kafka.enabled}")
-  private boolean auditEnabled;
 
   public BaseAuditKafkaPublisher(
       @Qualifier("auditTemplate") KafkaTemplate<String, String> kafkaTemplate) {
@@ -25,7 +25,6 @@ public class BaseAuditKafkaPublisher implements AuditKafkaPublisher {
 
   @Override
   public void publishEvent(String topic, String message) {
-    if (auditEnabled) {
       kafkaTemplate.send(topic, message)
           .addCallback(
               result -> {
@@ -35,8 +34,4 @@ public class BaseAuditKafkaPublisher implements AuditKafkaPublisher {
               )
           );
     }
-    else {
-      LOGGER.info("Audit is disabled. Event not published.");
-    }
-  }
 }

backend/src/main/java/ru/micord/ervu/audit/service/impl/BaseAuditService.java

@@ -5,7 +5,9 @@ import javax.servlet.http.HttpServletRequest;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Conditional;
 import org.springframework.stereotype.Service;
+import ru.micord.ervu.audit.config.AuditEnabledCondition;
 import ru.micord.ervu.audit.constants.AuditConstants;
 import ru.micord.ervu.audit.model.AuditActionEvent;
 import ru.micord.ervu.audit.model.AuditActionRequest;
@@ -22,15 +24,16 @@ import ru.micord.ervu.util.NetworkUtils;
  * @author Adel Kalimullin
  */
 @Service
+@Conditional(AuditEnabledCondition.class)
 public class BaseAuditService implements AuditService {
   private final AuditKafkaPublisher auditPublisher;
   private final JwtTokenService jwtTokenService;
   private final ObjectMapper objectMapper;
-  @Value("${audit.kafka.authorization.topic}")
+  @Value("${audit.kafka.authorization.topic:ervu.lkrp.auth.events}")
   private String authorizationTopic;
-  @Value("${audit.kafka.action.topic}")
+  @Value("${audit.kafka.action.topic:ervu.lkrp.action.events}")
   private String actionTopic;
-  @Value("${audit.kafka.file.download.topic}")
+  @Value("${audit.kafka.file.download.topic:ervu.lkrp.import.file}")
   private String fileDownloadTopic;
 
   public BaseAuditService(AuditKafkaPublisher auditPublisher, JwtTokenService jwtTokenService,

backend/src/main/java/ru/micord/ervu/audit/service/impl/StubAuditService.java

@@ -0,0 +1,32 @@
+package ru.micord.ervu.audit.service.impl;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.context.annotation.Conditional;
+import org.springframework.stereotype.Service;
+import ru.micord.ervu.audit.config.AuditDisabledCondition;
+import ru.micord.ervu.audit.model.AuditActionRequest;
+import ru.micord.ervu.audit.service.AuditService;
+import ru.micord.ervu.security.esia.model.PersonModel;
+
+/**
+ * @author Adel Kalimullin
+ */
+@Service
+@Conditional(AuditDisabledCondition.class)
+public class StubAuditService implements AuditService {
+
+  @Override
+  public void processActionEvent(HttpServletRequest request,
+      AuditActionRequest auditActionRequest) {}
+
+  @Override
+  public void processAuthEvent(HttpServletRequest request, PersonModel personModel, String status,
+      String eventType) {
+  }
+
+  @Override
+  public void processDownloadEvent(HttpServletRequest request, int fileSize, String fileName,
+      String formatRegistry, String status) {
+  }
+}

backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java

@@ -393,6 +393,7 @@ public class EsiaAuthService {
 
   public String logout(HttpServletRequest request, HttpServletResponse response) {
     PersonModel personModel = null;
+    String status = null;
     try {
       String userId = jwtTokenService.getUserAccountId(request);
       String accessToken = EsiaAuthInfoStore.getAccessToken(userId);
@@ -407,18 +408,19 @@ public class EsiaAuthService {
           "client_id", esiaConfig.getClientId(),
           "redirect_url", redirectUrl
       );
-      auditService.processAuthEvent(
-              request, personModel, AuditConstants.SUCCESS_STATUS, AuditConstants.LOGOUT_EVENT_TYPE
-      );
+      status = AuditConstants.SUCCESS_STATUS;
       return buildUrl(url, params);
     }
     catch (Exception e) {
+      status = AuditConstants.FAILURE_STATUS;
+      throw new EsiaException(e);
+    }
+    finally {
       if (personModel != null){
         auditService.processAuthEvent(
-                request, personModel, AuditConstants.FAILURE_STATUS, AuditConstants.LOGOUT_EVENT_TYPE
+            request, personModel, status, AuditConstants.LOGOUT_EVENT_TYPE
         );
       }
-      throw new EsiaException(e);
     }
   }
 

config/nginx.conf

@@ -81,7 +81,7 @@ http {
          	index index.html;
           	try_files $uri @index;
 
-			add_header Content-Security-Policy "frame-ancestors 'none'; default-src 'self'; connect-src 'self' https://www.sberbank.ru; script-src 'self'; style-src 'unsafe-inline' 'self' data:; font-src 'self' data:; img-src 'self' data:;";
+			add_header Content-Security-Policy "frame-ancestors 'none'; default-src 'self'; connect-src 'self' http://xn--1-6tb.xn--b1afabzvcegckfhg.xn--p1ai/ https://xn--2-6tb.xn--b1afbulhcegckfhg.xn--p1ai/; script-src 'self'; style-src 'unsafe-inline' 'self' data:; font-src 'self' data:; img-src 'self' data:;";
 
 		#Application config
 		location = /src/resources/app-config.json {
@@ -106,7 +106,7 @@ http {
 	location @index {
 		root /frontend;
     		add_header Cache-Control "no-cache";
-    		add_header Content-Security-Policy "frame-ancestors 'none'; default-src 'self'; connect-src 'self' https://www.sberbank.ru; script-src 'self'; style-src 'unsafe-inline' 'self' data:; font-src 'self' data:; img-src 'self' data:;";
+    		add_header Content-Security-Policy "frame-ancestors 'none'; default-src 'self'; connect-src 'self' http://xn--1-6tb.xn--b1afabzvcegckfhg.xn--p1ai/ https://xn--2-6tb.xn--b1afbulhcegckfhg.xn--p1ai/; script-src 'self'; style-src 'unsafe-inline' 'self' data:; font-src 'self' data:; img-src 'self' data:;";
     		expires 0;
     		try_files /index.html =404;
 	}

frontend/index.webpack.html

@@ -5,7 +5,7 @@
     <meta http-equiv="content-type" content="text/html; charset=UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta http-equiv="Content-Security-Policy"
-          content="default-src 'self'; connect-src 'self' https://www.sberbank.ru; script-src 'self'; style-src 'unsafe-inline' 'self' data:; font-src 'self' data:; img-src 'self' data:"/>
+          content="default-src 'self'; connect-src 'self' http://xn--1-6tb.xn--b1afabzvcegckfhg.xn--p1ai/ https://xn--2-6tb.xn--b1afbulhcegckfhg.xn--p1ai/; script-src 'self'; style-src 'unsafe-inline' 'self' data:; font-src 'self' data:; img-src 'self' data:"/>
     <meta name="referrer" content="strict-origin-when-cross-origin"/>
     <link rel="icon" type="image/png" href="src/resources/img/logo.png"/>
 </head>

frontend/src/resources/app-config.json

@@ -17,6 +17,6 @@
   "password_pattern_error": "Пароль должен содержать заглавные или прописные буквы и как минимум 1 цифру",
   "show.client.errors": false,
   "available_task.single_fetch": true,
-  "cert_check_url": "https://lkrp-dev2.micord.ru",
+  "cert_check_url": "http://xn--1-6tb.xn--b1afabzvcegckfhg.xn--p1ai/",
   "unknown.error.msg": "Система временно недоступна. Пожалуйста, повторите попытку позже."
 }

frontend/src/ts/ervu/service/AuditService.ts

@@ -1,6 +1,7 @@
 import {Injectable} from "@angular/core";
 import {HttpClient} from "@angular/common/http";
 import {Router} from "@angular/router";
+import {AuthenticationService} from "../../modules/security/authentication.service";
 
 
 @Injectable({
@@ -8,26 +9,30 @@ import {Router} from "@angular/router";
             })
 export class AuditService {
 
-  constructor(private httpClient: HttpClient, private router: Router) {
+  constructor(private httpClient: HttpClient,
+              private router: Router,
+              private authService: AuthenticationService) {
   }
 
   public logActionAudit(eventType: string, fileName?: string): void {
-    const currentRoute = this.router.url;
-    const sourceUrl = window.location.href;
-    const timeZone = Intl.DateTimeFormat().resolvedOptions().timeZone;
+    if (this.authService.isAuthenticated()) {
+      const currentRoute = this.router.url;
+      const sourceUrl = window.location.href;
+      const timeZone = Intl.DateTimeFormat().resolvedOptions().timeZone;
 
-    const data: AuditAction = {
-      eventType: eventType,
-      sourceUrl: sourceUrl,
-      route: currentRoute,
-      fileName: fileName
-    };
+      const data: AuditAction = {
+        eventType: eventType,
+        sourceUrl: sourceUrl,
+        route: currentRoute,
+        fileName: fileName
+      };
 
-    this.httpClient.post("audit/action", data, {
-      headers: {
-        "Client-Time-Zone": timeZone,
-      }
-    }).toPromise();
+      this.httpClient.post("audit/action", data, {
+        headers: {
+          "Client-Time-Zone": timeZone,
+        }
+      }).toPromise();
+    }
   }
 }
 

frontend/src/ts/modules/webbpm/component/webbpm.component.ts

@@ -34,12 +34,7 @@ export class WebbpmComponent {
                || event instanceof NavigationError
                || event instanceof NavigationCancel) {
         progressIndicationService.hideProgressBar();
-
-        if (event instanceof NavigationEnd
-            && event.url != '/home'
-            && event.url != '/access-denied') {
-          this.auditService.logActionAudit(AuditConstants.OPEN_PAGE_EVENT);
-        }
+        this.auditService.logActionAudit(AuditConstants.OPEN_PAGE_EVENT);
       }
     })
   }