fix marker verify

(cherry picked from commit f46ddfc623589bdadcafabfce77a18d8d4f569f0)
2024-11-14 10:42:06 +03:00 · 2024-11-14 10:42:06 +03:00 · c4e5bab8b6
commit c4e5bab8b6
parent b6072d9bf4
4 changed files with 11 additions and 2 deletions
--- a/backend/src/main/java/ru/micord/ervu/security/esia/config/EsiaConfig.java
+++ b/backend/src/main/java/ru/micord/ervu/security/esia/config/EsiaConfig.java
@ -47,6 +47,9 @@ public class EsiaConfig {
  @Value("${sign.verify.url}")
  private String signVerifyUrl;

+  @Value("${esia.issuer.url}")
+  private String esiaIssuerUrl;
+
  public String getEsiaScopes() {
    String[] scopeItems = esiaScopes.split(",");
    return String.join(" ", Arrays.stream(scopeItems).map(String::trim).toArray(String[]::new));
@ -93,4 +96,8 @@ public class EsiaConfig {
  public String getSignVerifyUrl() {
    return signVerifyUrl;
  }
+
+  public String getEsiaIssuerUrl() {
+    return esiaIssuerUrl;
+  }
 }
--- a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
+++ b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
@ -433,8 +433,8 @@ public ResponseEntity<?> getEsiaTokensByCode(String esiaAuthCode, String error,
    if (!esiaAccessToken.getClient_id().equals(esiaConfig.getClientId())) {
      return "Token invalid. Token clientId: " + esiaAccessToken.getClient_id() + " invalid";
    }
-    if (!esiaAccessToken.getIss().equals(esiaConfig.getEsiaBaseUri())) {
-      return "Token invalid. The token publisher does not comply with the standard accepted in the ESIA";
+    if (!esiaAccessToken.getIss().equals(esiaConfig.getEsiaIssuerUrl())) {
+      return "Token invalid. Token issuer:" + esiaAccessToken.getIss() + " invalid";
    }
    LocalDateTime iatTime = LocalDateTime.ofInstant(Instant.ofEpochSecond(esiaAccessToken.getIat()),
        ZoneId.systemDefault()
--- a/config/micord.env
+++ b/config/micord.env
@ -9,6 +9,7 @@ DB_APP_NAME=ervu_lkrp_fl

 ESIA_SCOPES=snils, fullname, birthdate, id_doc
 ESIA_BASE_URI=https://esia-portal1.test.gosuslugi.ru/
+ESIA_BASE_URI=https://esia-portal1.test.gosuslugi.ru/
 ESIA_CLIENT_ID=MNSV89
 ESIA_CLIENT_CERT_HASH=04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD
 ESIA_REDIRECT_URL=https://lkrp-dev.micord.ru/fl/
--- a/config/standalone/dev/standalone.xml
+++ b/config/standalone/dev/standalone.xml
@ -56,6 +56,7 @@
        <property name="com.arjuna.ats.arjuna.allowMultipleLastResources" value="true"/>
        <property name="esia.scopes" value="snils, fullname, birthdate, id_doc"/>
        <property name="esia.base.uri" value="https://esia-portal1.test.gosuslugi.ru/"/>
+        <property name="esia.issuer.url" value="http://esia-portal1.test.gosuslugi.ru/"/>
        <property name="esia.client.id" value="MNSV89"/>
        <property name="esia.redirect.url" value="https://lkrp.micord.ru"/>
        <property name="sign.url" value="https://ervu-sign-dev.k8s.micord.ru/sign"/>