From ba4b4e20fd4a31ef689be2dde59a6a7c021262ca Mon Sep 17 00:00:00 2001
From: Eduard Tihomirov <tikhomirov@micord.ru>
Date: Mon, 17 Feb 2025 11:10:19 +0300
Subject: [PATCH] remove SUPPORT-8822

---
 .../esia/service/EsiaAuthService.java         | 28 +++++++++----------
 1 file changed, 13 insertions(+), 15 deletions(-)

diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
index 300427d..333f486 100644
--- a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
+++ b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
@@ -14,6 +14,7 @@ import java.time.format.DateTimeFormatter;
 import java.util.LinkedHashMap;
 import java.util.Map;
 import java.util.Objects;
+import java.util.UUID;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -35,7 +36,6 @@ import ru.micord.ervu.security.esia.model.EsiaHeader;
 import ru.micord.ervu.security.esia.model.EsiaTokenResponse;
 import ru.micord.ervu.security.esia.model.FormUrlencoded;
 import ru.micord.ervu.security.esia.model.PersonModel;
-import ru.micord.ervu.security.esia.model.SignResponse;
 import ru.micord.ervu.security.esia.token.EsiaTokensStore;
 import ru.micord.ervu.security.esia.config.EsiaConfig;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -91,6 +91,7 @@ public class EsiaAuthService {
       DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy.MM.dd HH:mm:ss xx");
       ZonedDateTime dt = ZonedDateTime.now();
       String timestamp = dt.format(formatter);
+      String state = UUID.randomUUID().toString();
       String redirectUrl = esiaConfig.getRedirectUrl();
       String redirectUrlEncoded = redirectUrl.replaceAll(":", "%3A")
           .replaceAll("/", "%2F");
@@ -100,12 +101,10 @@ public class EsiaAuthService {
       parameters.put("client_id", clientId);
       parameters.put("scope", scope);
       parameters.put("timestamp", timestamp);
-      parameters.put("state", "%s");
+      parameters.put("state", state);
       parameters.put("redirect_uri", esiaConfig.getRedirectUrl());
 
-      SignResponse signResponse = signMap(parameters);
-      String state = signResponse.getState();
-      String clientSecret = signResponse.getSignature();
+      String clientSecret = signMap(parameters);
 
       String responseType = "code";
 
@@ -168,6 +167,7 @@ public class EsiaAuthService {
       DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy.MM.dd HH:mm:ss xx");
       ZonedDateTime dt = ZonedDateTime.now();
       String timestamp = dt.format(formatter);
+      String state = UUID.randomUUID().toString();
       String redirectUrl = esiaConfig.getRedirectUrl();
       String scope = esiaConfig.getEsiaScopes();
 
@@ -175,14 +175,13 @@ public class EsiaAuthService {
       parameters.put("client_id", clientId);
       parameters.put("scope", scope);
       parameters.put("timestamp", timestamp);
-      parameters.put("state", "%s");
+      parameters.put("state", state);
       parameters.put("redirect_uri", redirectUrl);
       parameters.put("code", esiaAuthCode);
+
       long startTime = System.currentTimeMillis();
-      SignResponse signResponse = signMap(parameters);
+      String clientSecret = signMap(parameters);
       signSecret = System.currentTimeMillis() - startTime;
-      String state = signResponse.getState();
-      String clientSecret = signResponse.getSignature();
       String authUrl = esiaConfig.getEsiaBaseUri() + esiaConfig.getEsiaTokenUrl();
       String postBody = new FormUrlencoded()
           .setParameter("client_id", clientId)
@@ -258,19 +257,18 @@ public class EsiaAuthService {
       DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy.MM.dd HH:mm:ss xx");
       ZonedDateTime dt = ZonedDateTime.now();
       String timestamp = dt.format(formatter);
+      String state = UUID.randomUUID().toString();
       String redirectUrl = esiaConfig.getRedirectUrl();
 
       Map<String, String> parameters = new LinkedHashMap<String, String>();
       parameters.put("client_id", clientId);
       parameters.put("scope", esiaConfig.getEsiaScopes());
       parameters.put("timestamp", timestamp);
-      parameters.put("state", "%s");
+      parameters.put("state", state);
       parameters.put("redirect_uri", esiaConfig.getRedirectUrl());
       parameters.put("refresh_token", refreshToken);
 
-      SignResponse signResponse = signMap(parameters);
-      String state = signResponse.getState();
-      String clientSecret = signResponse.getSignature();
+      String clientSecret = signMap(parameters);
       String authUrl = esiaConfig.getEsiaBaseUri() + esiaConfig.getEsiaTokenUrl();
       String postBody = new FormUrlencoded()
           .setParameter("client_id", clientId)
@@ -319,7 +317,7 @@ public class EsiaAuthService {
     }
   }
 
-  private SignResponse signMap(Map<String, String> paramsToSign) {
+  private String signMap(Map<String, String> paramsToSign) {
     try {
       StringBuilder toSign = new StringBuilder();
       for (String s : paramsToSign.values()) {
@@ -337,7 +335,7 @@ public class EsiaAuthService {
           .build()
           .send(request, HttpResponse.BodyHandlers.ofString());
       errorHandler(response);
-      return objectMapper.readValue(response.body(), SignResponse.class);
+      return response.body();
 
     }
     catch (Exception e) {