From db390aa0891dbbe0954888dddb946af5f57722f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A0=D0=B0=D1=83=D1=84=20=D0=9B=D0=B0=D1=82=D1=8B=D0=BF?= =?UTF-8?q?=D0=BE=D0=B2?= Date: Tue, 14 Jan 2025 22:59:37 +0300 Subject: [PATCH 1/8] SUPPORT-8817: add extract request with empty ervu id --- .../ervu/controller/ExtractController.java | 40 +++++++++++++++---- .../ervu/dto/ExtractEmptyRequestDto.java | 8 ++++ .../webbpm/jwt/util/SecurityUtil.java | 12 +++++- config.md | 3 +- config/micord.env | 1 + config/standalone/dev/standalone.xml | 1 + 6 files changed, 55 insertions(+), 10 deletions(-) create mode 100644 backend/src/main/java/ru/micord/ervu/dto/ExtractEmptyRequestDto.java diff --git a/backend/src/main/java/ru/micord/ervu/controller/ExtractController.java b/backend/src/main/java/ru/micord/ervu/controller/ExtractController.java index f749eb6..fb2f5e1 100644 --- a/backend/src/main/java/ru/micord/ervu/controller/ExtractController.java +++ b/backend/src/main/java/ru/micord/ervu/controller/ExtractController.java @@ -16,8 +16,12 @@ import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RestController; import rtl.pgs.ervu.proto.ExtractRegistry; import rtl.pgs.ervu.proto.ResponseData; +import ru.micord.ervu.dto.ExtractEmptyRequestDto; import ru.micord.ervu.dto.ExtractRequestDto; import ru.micord.ervu.kafka.service.ReplyingKafkaService; +import ru.micord.ervu.security.esia.model.PersonModel; +import ru.micord.ervu.security.esia.service.PersonalDataService; +import ru.micord.ervu.security.esia.token.EsiaTokensStore; import ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil; /** @@ -25,28 +29,50 @@ import ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil; */ @RestController public class ExtractController { - + private final PersonalDataService personalDataService; private final ReplyingKafkaService replyingKafkaService; + @Value("${ervu.kafka.registry.extract.empty.request.topic}") + private String registryExtractEmptyRequestTopic; @Value("${ervu.kafka.registry.extract.request.topic}") private String registryExtractRequestTopic; @Value("${ervu.kafka.registry.extract.reply.topic}") private String registryExtractReplyTopic; - public ExtractController(ReplyingKafkaService replyingKafkaService) { + public ExtractController(PersonalDataService personalDataService, ReplyingKafkaService replyingKafkaService) { + this.personalDataService = personalDataService; this.replyingKafkaService = replyingKafkaService; } @GetMapping(value = "/extract/{formatRegistry}") public ResponseEntity getExtract(@PathVariable String formatRegistry) { String ervuId = SecurityUtil.getErvuId(); + byte[] reply; - if (ervuId == null) { - return ResponseEntity.noContent().build(); + if (ervuId != null) { + ExtractRequestDto request = new ExtractRequestDto(ervuId, formatRegistry); + reply = replyingKafkaService.sendMessageAndGetReply(registryExtractRequestTopic, + registryExtractReplyTopic, request + ).get(); + } + else { + String userAccountId = SecurityUtil.getUserId(); + if (userAccountId != null) { + String esiaAccessToken = EsiaTokensStore.getAccessToken(userAccountId); + PersonModel personModel = personalDataService.getPersonModel(esiaAccessToken); + + ExtractEmptyRequestDto emptyRequest = new ExtractEmptyRequestDto(personModel.getLastName(), + personModel.getFirstName(), personModel.getMiddleName(), personModel.getBirthDate(), + personModel.getSnils(), formatRegistry + ); + reply = replyingKafkaService.sendMessageAndGetReply(registryExtractEmptyRequestTopic, + registryExtractReplyTopic, emptyRequest + ).get(); + } + else { + return ResponseEntity.noContent().build(); + } } - ExtractRequestDto request = new ExtractRequestDto(ervuId, formatRegistry); - byte[] reply = replyingKafkaService.sendMessageAndGetReply(registryExtractRequestTopic, - registryExtractReplyTopic, request).get(); try { ResponseData responseData = ResponseData.parseFrom(reply); diff --git a/backend/src/main/java/ru/micord/ervu/dto/ExtractEmptyRequestDto.java b/backend/src/main/java/ru/micord/ervu/dto/ExtractEmptyRequestDto.java new file mode 100644 index 0000000..03c423a --- /dev/null +++ b/backend/src/main/java/ru/micord/ervu/dto/ExtractEmptyRequestDto.java @@ -0,0 +1,8 @@ +package ru.micord.ervu.dto; + +/** + * @author r.latypov + */ +public record ExtractEmptyRequestDto(String lastName, String firstName, String middleName, + String birthDate, String snils, String formatExtractRegistry) { +} diff --git a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java index ef8555e..1851042 100644 --- a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java +++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java @@ -24,11 +24,19 @@ public final class SecurityUtil { } public static String getErvuId() { + return getUserAccountIdPart(1); + } + + public static String getUserId() { + return getUserAccountIdPart(0); + } + + private static String getUserAccountIdPart(int index) { return Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication()) .map(a -> ((JwtAuthentication) a).getUserAccountId()) .map(userAccountId -> { - String ervuId = userAccountId.split(":")[1]; - return "null".equals(ervuId) ? null : ervuId; + String userAccountIdPart = userAccountId.split(":")[index]; + return "null".equals(userAccountIdPart) ? null : userAccountIdPart; }) .orElse(null); } diff --git a/config.md b/config.md index 0920c80..f82d9cd 100644 --- a/config.md +++ b/config.md @@ -784,7 +784,8 @@ JBPM использует 3 корневых категории логирова - `ERVU_KAFKA_RECRUIT_HEADER_CLASS` - класс для идентификации в заголовке запроса на получение данных о повестке, временных мерах и воинском учете - `ERVU_KAFKA_SUBPOENA_EXTRACT_REQUEST_TOPIC` - топик для отправки запроса на получение выписки из Реестра повесток - `ERVU_KAFKA_SUBPOENA_EXTRACT_REPLY_TOPIC` - топик для получения выписки из Реестра повесток -- `ERVU_KAFKA_REGISTRY_EXTRACT_REQUEST_TOPIC` - топик для отправки запроса на получение выписки из Реестра воинского учета +- `ERVU_KAFKA_REGISTRY_EXTRACT_EMPTY_REQUEST_TOPIC` - топик для отправки запроса на получение выписки из Реестра воинского учета при отсутствии ErvuId +- `ERVU_KAFKA_REGISTRY_EXTRACT_REQUEST_TOPIC` - топик для отправки запроса на получение выписки из Реестра воинского учета при наличии ErvuId - `ERVU_KAFKA_REGISTRY_EXTRACT_REPLY_TOPIC` - топик для получения выписки из Реестра воинского учета - `ERVU_KAFKA_EXTRACT_HEADER_CLASS` - класс для идентификации в заголовке запроса на получение выписки из Реестра повесток/Реестра воинского учета diff --git a/config/micord.env b/config/micord.env index 4d9a355..99cd3d6 100644 --- a/config/micord.env +++ b/config/micord.env @@ -28,6 +28,7 @@ ERVU_KAFKA_REPLY_TIMEOUT=30 ERVU_KAFKA_RECRUIT_REQUEST_TOPIC=ervu.recruit.info.request ERVU_KAFKA_RECRUIT_REPLY_TOPIC=ervu.recruit.info.response ERVU_KAFKA_RECRUIT_HEADER_CLASS=Request@urn://rostelekom.ru/RP-SummonsTR/1.0.5 +ERVU_KAFKA_REGISTRY_EXTRACT_EMPTY_REQUEST_TOPIC=ervu.extract.empty.request ERVU_KAFKA_REGISTRY_EXTRACT_REQUEST_TOPIC=ervu.extract.info.request ERVU_KAFKA_REGISTRY_EXTRACT_REPLY_TOPIC=ervu.extract.info.response ERVU_KAFKA_EXTRACT_HEADER_CLASS=request@urn://rostelekom.ru/ERVU-extractFromRegistryTR/1.0.3 diff --git a/config/standalone/dev/standalone.xml b/config/standalone/dev/standalone.xml index 1428635..bce507f 100644 --- a/config/standalone/dev/standalone.xml +++ b/config/standalone/dev/standalone.xml @@ -75,6 +75,7 @@ + From 9349af6def814da00eafc6af66f1c89cdfc348cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A0=D0=B0=D1=83=D1=84=20=D0=9B=D0=B0=D1=82=D1=8B=D0=BF?= =?UTF-8?q?=D0=BE=D0=B2?= Date: Tue, 14 Jan 2025 23:13:25 +0300 Subject: [PATCH 2/8] SUPPORT-8817: set visible buttons and text (by removing AC and the field personName) --- .../LK RP FL/screen-form-fl.page | 416 +----------------- 1 file changed, 2 insertions(+), 414 deletions(-) diff --git a/resources/src/main/resources/business-model/LK RP FL/screen-form-fl.page b/resources/src/main/resources/business-model/LK RP FL/screen-form-fl.page index df9e931..1f0817e 100644 --- a/resources/src/main/resources/business-model/LK RP FL/screen-form-fl.page +++ b/resources/src/main/resources/business-model/LK RP FL/screen-form-fl.page @@ -438,52 +438,7 @@ 8ef93ac5-46d8-456e-950f-2d2949d21a53 personName false - false - - - - collectible - - false - - - - visible - - false - - - - - - - - - false - - - -PersonData -esia - - true - - - -SubpoenaFieldLoadComponent -ru.micord.ervu.component.field - - true - true - - - fieldId - - "personName" - - - - + true 98594cec-0a9b-4cef-af09-e1b71cb2ad9e @@ -7376,374 +7331,7 @@ 315c5087-825a-4ade-99d9-7dbe09f87226 AC - для ненайденного пользователя в ерву false - false - - - - elseActions - - - - - - eventRefs - - - - - - behavior - - {"objectId":"74ed6920-6d22-4349-a08e-a28ccc88f7df","packageName":"ervu.component.container","className":"LoadForm","type":"TS"} - - - - propertyName - - "formLoaded" - - - - - - - - - ifCondition - - - - conditions - - - - - - _isGroupSelected - - false - - - - one - - - - conditionFirstPart - - - - objectValue - - - - behavior - -{"objectId":"8ef93ac5-46d8-456e-950f-2d2949d21a53","packageName":"component","className":"Text","type":"TS"} - - - - method - -"getValue" - - - - - - - - - - conditionSecondPart - - - - staticValue - - - string - - - "null" - - - - - - - operation - - "IS_EMPTY" - - - - - - - - - - - - - _isGroupSelected - - false - - - - one - - - - conditionFirstPart - - - - objectValue - - - - behavior - -{"objectId":"74ed6920-6d22-4349-a08e-a28ccc88f7df","packageName":"ervu.component.container","className":"LoadForm","type":"TS"} - - - - method - -"isLoaded" - - - - - - - - - - conditionSecondPart - - - - staticValue - - - boolean - - - true - - - - - - - operation - - "EQUALS" - - - - - - - - - - - - logicalOperation - - null - - - - - - - thenActions - - - - - - behavior - - {"objectId":"cfb60860-1b04-4eb5-9ccf-1e6436c27b09","packageName":"component.button","className":"Button","type":"TS"} - - - - method - - "setVisible" - - - - value - - - - staticValue - - -boolean - - - false - - - - - - - - - - - - - behavior - - {"objectId":"dd701bad-b22d-40c9-b00b-b92f070890db","packageName":"ervu.component.textwithdialoglinks","className":"TextWithDialogLinks","type":"TS"} - - - - method - - "setVisible" - - - - value - - - - staticValue - - -boolean - - - false - - - - - - - - - - - - - behavior - - {"objectId":"d68b5c38-9ed6-4596-9b0c-dd1dc542c5ef","packageName":"component.button","className":"Button","type":"TS"} - - - - method - - "setVisible" - - - - value - - - - staticValue - - -boolean - - - false - - - - - - - - - - - - - behavior - - {"objectId":"fea5aebc-c206-48bc-a613-ab31813fd639","packageName":"component.container","className":"HBox","type":"TS"} - - - - method - - "setVisible" - - - - value - - - - staticValue - - -boolean - - - false - - - - - - - - - - - - - behavior - - {"objectId":"d5fa2655-8dd8-4004-9dec-217a41e5b9ed","packageName":"component","className":"Text","type":"TS"} - - - - method - - "setVisible" - - - - value - - - - staticValue - - -boolean - - - false - - - - - - - - - - - - + true 9d1b5af1-0b8f-4b1b-b9a5-c2e6acf72d91 From 08c1555e4edb2f8ca387ed2581ef6b5ab4a6be83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A0=D0=B0=D1=83=D1=84=20=D0=9B=D0=B0=D1=82=D1=8B=D0=BF?= =?UTF-8?q?=D0=BE=D0=B2?= Date: Thu, 16 Jan 2025 13:16:09 +0300 Subject: [PATCH 3/8] SUPPORT-8817: sync with ervu-lkrp-ul --- .../webbpm/jwt/JwtAuthentication.java | 7 +++++ .../ervu/security/webbpm/jwt/UserIdsPair.java | 27 +++++++++++++++++++ .../webbpm/jwt/util/SecurityUtil.java | 7 +++++ 3 files changed, 41 insertions(+) create mode 100644 backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/UserIdsPair.java diff --git a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/JwtAuthentication.java b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/JwtAuthentication.java index 47f6567..bc6aa03 100644 --- a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/JwtAuthentication.java +++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/JwtAuthentication.java @@ -17,8 +17,11 @@ public class JwtAuthentication implements Authentication { private final Authentication authentication; private final String token; + private final UserIdsPair userIdsPair; + public JwtAuthentication(Authentication authentication, String userAccountId, String token) { this.userAccountId = userAccountId; + this.userIdsPair = new UserIdsPair(userAccountId); this.authentication = authentication; this.token = token; } @@ -31,6 +34,10 @@ public class JwtAuthentication implements Authentication { return userAccountId; } + public UserIdsPair getUserIdsPair() { + return userIdsPair; + } + @Override public Collection getAuthorities() { return authentication.getAuthorities(); diff --git a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/UserIdsPair.java b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/UserIdsPair.java new file mode 100644 index 0000000..b165686 --- /dev/null +++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/UserIdsPair.java @@ -0,0 +1,27 @@ +package ru.micord.ervu.security.webbpm.jwt; + +public class UserIdsPair { + private final String esiaUserId; + private final String ervuId; + + public UserIdsPair(String idsConcatenated) { + + if (idsConcatenated == null) { + this.esiaUserId = null; + this.ervuId = null; + } + else { + String[] ids = idsConcatenated.split(":"); + this.esiaUserId = ids[0]; + this.ervuId = ids.length == 2 ? ids[1] : null; + } + } + + public String getEsiaUserId() { + return esiaUserId; + } + + public String getErvuId() { + return ervuId; + } +} diff --git a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java index 1851042..308d2c2 100644 --- a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java +++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java @@ -8,6 +8,7 @@ import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.util.WebUtils; import ru.micord.ervu.security.webbpm.jwt.JwtAuthentication; +import ru.micord.ervu.security.webbpm.jwt.UserIdsPair; public final class SecurityUtil { public static final String AUTH_TOKEN = "auth_token"; @@ -41,6 +42,12 @@ public final class SecurityUtil { .orElse(null); } + public static UserIdsPair getUserIdsPair() { + return Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication()) + .map(a -> ((JwtAuthentication) a).getUserIdsPair()) + .orElse(null); + } + public static String getCurrentUsername() { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); if (auth != null && auth.isAuthenticated()) { From 0b29dea6a2dcb7e4aef0fd18b3ac80d377422a4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A0=D0=B0=D1=83=D1=84=20=D0=9B=D0=B0=D1=82=D1=8B=D0=BF?= =?UTF-8?q?=D0=BE=D0=B2?= Date: Thu, 16 Jan 2025 13:24:22 +0300 Subject: [PATCH 4/8] SUPPORT-8817: fix for review (1) --- .../ervu/controller/ExtractController.java | 6 +-- .../webbpm/jwt/util/SecurityUtil.java | 12 +----- config/local.env | 39 +++++++++++++++++++ 3 files changed, 44 insertions(+), 13 deletions(-) create mode 100644 config/local.env diff --git a/backend/src/main/java/ru/micord/ervu/controller/ExtractController.java b/backend/src/main/java/ru/micord/ervu/controller/ExtractController.java index fb2f5e1..fbe0f1c 100644 --- a/backend/src/main/java/ru/micord/ervu/controller/ExtractController.java +++ b/backend/src/main/java/ru/micord/ervu/controller/ExtractController.java @@ -56,9 +56,9 @@ public class ExtractController { ).get(); } else { - String userAccountId = SecurityUtil.getUserId(); - if (userAccountId != null) { - String esiaAccessToken = EsiaTokensStore.getAccessToken(userAccountId); + String esiaUserId = SecurityUtil.getUserIdsPair().getEsiaUserId(); + if (esiaUserId != null) { + String esiaAccessToken = EsiaTokensStore.getAccessToken(esiaUserId); PersonModel personModel = personalDataService.getPersonModel(esiaAccessToken); ExtractEmptyRequestDto emptyRequest = new ExtractEmptyRequestDto(personModel.getLastName(), diff --git a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java index 308d2c2..b09f8e7 100644 --- a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java +++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java @@ -25,19 +25,11 @@ public final class SecurityUtil { } public static String getErvuId() { - return getUserAccountIdPart(1); - } - - public static String getUserId() { - return getUserAccountIdPart(0); - } - - private static String getUserAccountIdPart(int index) { return Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication()) .map(a -> ((JwtAuthentication) a).getUserAccountId()) .map(userAccountId -> { - String userAccountIdPart = userAccountId.split(":")[index]; - return "null".equals(userAccountIdPart) ? null : userAccountIdPart; + String ervuId = userAccountId.split(":")[1]; + return "null".equals(ervuId) ? null : ervuId; }) .orElse(null); } diff --git a/config/local.env b/config/local.env new file mode 100644 index 0000000..65cf00d --- /dev/null +++ b/config/local.env @@ -0,0 +1,39 @@ +TZ=Europe/Moscow + +# App datasource +DB_APP_USERNAME=ervu_lkrp_fl +DB_APP_PASSWORD=ervu_lkrp_fl +DB_APP_HOST=10.10.31.119 +DB_APP_PORT=5432 +DB_APP_NAME=ervu_lkrp_fl + +ESIA_SCOPES=snils, fullname, birthdate, id_doc +ESIA_BASE_URI=https://esia-portal1.test.gosuslugi.ru/ +ESIA_ISSUER_URL=http://esia-portal1.test.gosuslugi.ru/ +ESIA_CLIENT_ID=MNSV93 +ESIA_CLIENT_CERT_HASH=CF35A98C48E48665EA73530537BAFBB51F911C434ADC89215C2F86DCD04E28C5 +ESIA_REDIRECT_URL=http://localhost:8080/ + +SIGN_URL=https://ervu-sign-dev.k8s.micord.ru/sign +SIGN_VERIFY_URL=https://ervu-sign-dev.k8s.micord.ru/verify + +ERVU_KAFKA_BOOTSTRAP_SERVERS=local-kafka:9094 +ERVU_KAFKA_USERNAME=user2 +ERVU_KAFKA_PASSWORD=Blfi9d2OFG +ERVU_KAFKA_SASL_MECHANISM=PLAIN +ERVU_KAFKA_SECURITY_PROTOCOL=PLAINTEXT +ERVU_KAFKA_GROUP_ID=ervu-lkrp-fl-new +ERVU_KAFKA_REPLY_TOPIC=ervu.lkpr.person.search.response +ERVU_KAFKA_REQUEST_TOPIC=ervu.lkpr.person.search.request +ERVU_KAFKA_REPLY_TIMEOUT=5 +ERVU_KAFKA_RECRUIT_REQUEST_TOPIC=ervu.recruit.info.request +ERVU_KAFKA_RECRUIT_REPLY_TOPIC=ervu.recruit.info.response +ERVU_KAFKA_RECRUIT_HEADER_CLASS=Request@urn://rostelekom.ru/RP-SummonsTR/1.0.5 +ERVU_KAFKA_REGISTRY_EXTRACT_EMPTY_REQUEST_TOPIC=ervu.extract.empty.request +ERVU_KAFKA_REGISTRY_EXTRACT_REQUEST_TOPIC=ervu.extract.info.request +ERVU_KAFKA_REGISTRY_EXTRACT_REPLY_TOPIC=ervu.extract.info.response +ERVU_KAFKA_EXTRACT_HEADER_CLASS=request@urn://rostelekom.ru/ERVU-extractFromRegistryTR/1.0.3 +ERVU_KAFKA_DOC_LOGIN_MODULE=org.apache.kafka.common.security.plain.PlainLoginModule + +ESIA_TOKEN_CLEAR_CRON=0 0 */1 * * * +COOKIE_PATH=/fl From 5f7d22c3d3bdaf07b4e4b8ec3a7684cd15ea1ad2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A0=D0=B0=D1=83=D1=84=20=D0=9B=D0=B0=D1=82=D1=8B=D0=BF?= =?UTF-8?q?=D0=BE=D0=B2?= Date: Thu, 16 Jan 2025 15:10:41 +0300 Subject: [PATCH 5/8] SUPPORT-8817: fix for review (2) --- .../ervu/security/esia/service/EsiaAuthService.java | 4 ++-- .../ervu/security/webbpm/jwt/util/SecurityUtil.java | 11 ++++------- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java index 387700d..4ec0575 100644 --- a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java +++ b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java @@ -47,7 +47,7 @@ import ru.micord.ervu.security.webbpm.jwt.helper.SecurityHelper; import ru.micord.ervu.security.webbpm.jwt.service.JwtTokenService; import ru.micord.ervu.security.webbpm.jwt.model.Token; -import static ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil.getCurrentUsername; +import static ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil.getUserAccountId; /** * @author Eduard Tihomirov @@ -383,7 +383,7 @@ public class EsiaAuthService { private String getMessageId(Exception exception) { return Integer.toUnsignedString(Objects - .hashCode(getCurrentUsername()), 36) + .hashCode(getUserAccountId()), 36) + "-" + Integer.toUnsignedString(exception.hashCode(), 36); } diff --git a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java index b09f8e7..740bf04 100644 --- a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java +++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java @@ -25,12 +25,9 @@ public final class SecurityUtil { } public static String getErvuId() { - return Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication()) - .map(a -> ((JwtAuthentication) a).getUserAccountId()) - .map(userAccountId -> { - String ervuId = userAccountId.split(":")[1]; - return "null".equals(ervuId) ? null : ervuId; - }) + return Optional.ofNullable(getUserIdsPair()) + .map(UserIdsPair::getErvuId) + .filter(ervuId -> !"null".equals(ervuId)) .orElse(null); } @@ -40,7 +37,7 @@ public final class SecurityUtil { .orElse(null); } - public static String getCurrentUsername() { + public static String getUserAccountId() { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); if (auth != null && auth.isAuthenticated()) { return auth.getName(); From 73a85512d46138f61bc59312822023d672289bad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A0=D0=B0=D1=83=D1=84=20=D0=9B=D0=B0=D1=82=D1=8B=D0=BF?= =?UTF-8?q?=D0=BE=D0=B2?= Date: Thu, 16 Jan 2025 17:06:11 +0300 Subject: [PATCH 6/8] SUPPORT-8817: fix for review (3) --- .../ervu/controller/ExtractController.java | 19 ++++++++++++------- .../ervu/security/webbpm/jwt/UserIdsPair.java | 9 +++++++++ .../webbpm/jwt/service/JwtTokenService.java | 14 ++++++++------ .../webbpm/jwt/util/SecurityUtil.java | 7 ------- .../micord/ervu/service/SubpoenaService.java | 4 +++- 5 files changed, 32 insertions(+), 21 deletions(-) diff --git a/backend/src/main/java/ru/micord/ervu/controller/ExtractController.java b/backend/src/main/java/ru/micord/ervu/controller/ExtractController.java index fbe0f1c..8153a0c 100644 --- a/backend/src/main/java/ru/micord/ervu/controller/ExtractController.java +++ b/backend/src/main/java/ru/micord/ervu/controller/ExtractController.java @@ -22,6 +22,7 @@ import ru.micord.ervu.kafka.service.ReplyingKafkaService; import ru.micord.ervu.security.esia.model.PersonModel; import ru.micord.ervu.security.esia.service.PersonalDataService; import ru.micord.ervu.security.esia.token.EsiaTokensStore; +import ru.micord.ervu.security.webbpm.jwt.UserIdsPair; import ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil; /** @@ -46,7 +47,14 @@ public class ExtractController { @GetMapping(value = "/extract/{formatRegistry}") public ResponseEntity getExtract(@PathVariable String formatRegistry) { - String ervuId = SecurityUtil.getErvuId(); + UserIdsPair userIdsPair = SecurityUtil.getUserIdsPair(); + + if (userIdsPair == null || (userIdsPair.getErvuId() == null + && userIdsPair.getEsiaUserId() == null)) { + return ResponseEntity.noContent().build(); + } + + String ervuId = userIdsPair.getErvuId(); byte[] reply; if (ervuId != null) { @@ -56,12 +64,13 @@ public class ExtractController { ).get(); } else { - String esiaUserId = SecurityUtil.getUserIdsPair().getEsiaUserId(); + String esiaUserId = userIdsPair.getEsiaUserId(); if (esiaUserId != null) { String esiaAccessToken = EsiaTokensStore.getAccessToken(esiaUserId); PersonModel personModel = personalDataService.getPersonModel(esiaAccessToken); - ExtractEmptyRequestDto emptyRequest = new ExtractEmptyRequestDto(personModel.getLastName(), + ExtractEmptyRequestDto emptyRequest = new ExtractEmptyRequestDto( + personModel.getLastName(), personModel.getFirstName(), personModel.getMiddleName(), personModel.getBirthDate(), personModel.getSnils(), formatRegistry ); @@ -69,10 +78,6 @@ public class ExtractController { registryExtractReplyTopic, emptyRequest ).get(); } - else { - return ResponseEntity.noContent().build(); - } - } try { ResponseData responseData = ResponseData.parseFrom(reply); diff --git a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/UserIdsPair.java b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/UserIdsPair.java index b165686..e28f8f2 100644 --- a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/UserIdsPair.java +++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/UserIdsPair.java @@ -17,6 +17,11 @@ public class UserIdsPair { } } + public UserIdsPair(String esiaUserId, String ervuId) { + this.esiaUserId = esiaUserId; + this.ervuId = ervuId; + } + public String getEsiaUserId() { return esiaUserId; } @@ -24,4 +29,8 @@ public class UserIdsPair { public String getErvuId() { return ervuId; } + + public String getIdsConcatenated() { + return esiaUserId + (ervuId == null ? "" : ":" + ervuId); + } } diff --git a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java index aab89b6..a7dc81c 100644 --- a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java +++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java @@ -15,6 +15,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; import ru.micord.ervu.security.esia.token.EsiaTokensStore; +import ru.micord.ervu.security.webbpm.jwt.UserIdsPair; import ru.micord.ervu.security.webbpm.jwt.model.Token; import ru.cg.webbpm.modules.resources.api.ResourceMetadataUtils; @@ -42,16 +43,17 @@ public class JwtTokenService { } public Token createAccessToken(String userAccountId, Long expiresIn, String ervuId) { + String idsConcatenated = new UserIdsPair(userAccountId, ervuId).getIdsConcatenated(); Date expirationDate = new Date(System.currentTimeMillis() + 1000L * expiresIn); String value = Jwts.builder() - .setSubject(userAccountId + ":" + ervuId) + .setSubject(idsConcatenated) .setIssuer(tokenIssuerName) .setIssuedAt(new Date(System.currentTimeMillis())) .setExpiration(expirationDate) .signWith(SIGNING_KEY) .compact(); - return new Token(userAccountId + ":" + ervuId, tokenIssuerName, expirationDate, value); + return new Token(idsConcatenated, tokenIssuerName, expirationDate, value); } public boolean isValid(Token token) { @@ -64,8 +66,8 @@ public class JwtTokenService { LOGGER.info("Token {} is expired ", token.getValue()); return false; } - String[] ids = token.getUserAccountId().split(":"); - return EsiaTokensStore.validateAccessToken(ids[0]); + String esiaUserId = new UserIdsPair(token.getUserAccountId()).getEsiaUserId(); + return EsiaTokensStore.validateAccessToken(esiaUserId); } public Token getToken(String token) { @@ -89,8 +91,8 @@ public class JwtTokenService { String authToken = extractAuthToken(request); if (authToken != null) { - String[] ids = getToken(authToken).getUserAccountId().split(":"); - return ids[0]; + String esiaUserId = new UserIdsPair(getToken(authToken).getUserAccountId()).getEsiaUserId(); + return esiaUserId; } else { throw new RuntimeException("Failed to get auth data. User unauthorized."); diff --git a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java index 740bf04..2f0aa62 100644 --- a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java +++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java @@ -24,13 +24,6 @@ public final class SecurityUtil { return cookie != null ? cookie.getValue() : null; } - public static String getErvuId() { - return Optional.ofNullable(getUserIdsPair()) - .map(UserIdsPair::getErvuId) - .filter(ervuId -> !"null".equals(ervuId)) - .orElse(null); - } - public static UserIdsPair getUserIdsPair() { return Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication()) .map(a -> ((JwtAuthentication) a).getUserIdsPair()) diff --git a/backend/src/main/java/ru/micord/ervu/service/SubpoenaService.java b/backend/src/main/java/ru/micord/ervu/service/SubpoenaService.java index 438338d..9093bce 100644 --- a/backend/src/main/java/ru/micord/ervu/service/SubpoenaService.java +++ b/backend/src/main/java/ru/micord/ervu/service/SubpoenaService.java @@ -31,7 +31,9 @@ public class SubpoenaService { } public SubpoenaResponseDto getSubpoenaData() { - String ervuId = SecurityUtil.getErvuId(); + String ervuId = SecurityUtil.getUserIdsPair() == null + ? null + : SecurityUtil.getUserIdsPair().getErvuId(); if (ervuId == null) { return new SubpoenaResponseDto.Builder().build(); From 5081cbd5b8f5fb3bdb654ef2590bb476e8639c5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A0=D0=B0=D1=83=D1=84=20=D0=9B=D0=B0=D1=82=D1=8B=D0=BF?= =?UTF-8?q?=D0=BE=D0=B2?= Date: Thu, 16 Jan 2025 17:10:06 +0300 Subject: [PATCH 7/8] SUPPORT-8817: fix for review (3.2) --- .../ervu/controller/ExtractController.java | 25 +++++++++---------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/backend/src/main/java/ru/micord/ervu/controller/ExtractController.java b/backend/src/main/java/ru/micord/ervu/controller/ExtractController.java index 8153a0c..3c74e16 100644 --- a/backend/src/main/java/ru/micord/ervu/controller/ExtractController.java +++ b/backend/src/main/java/ru/micord/ervu/controller/ExtractController.java @@ -64,20 +64,19 @@ public class ExtractController { ).get(); } else { - String esiaUserId = userIdsPair.getEsiaUserId(); - if (esiaUserId != null) { - String esiaAccessToken = EsiaTokensStore.getAccessToken(esiaUserId); - PersonModel personModel = personalDataService.getPersonModel(esiaAccessToken); + String esiaUserId = userIdsPair.getEsiaUserId(); // esiaUserid is not null here + String esiaAccessToken = EsiaTokensStore.getAccessToken(esiaUserId); + PersonModel personModel = personalDataService.getPersonModel(esiaAccessToken); - ExtractEmptyRequestDto emptyRequest = new ExtractEmptyRequestDto( - personModel.getLastName(), - personModel.getFirstName(), personModel.getMiddleName(), personModel.getBirthDate(), - personModel.getSnils(), formatRegistry - ); - reply = replyingKafkaService.sendMessageAndGetReply(registryExtractEmptyRequestTopic, - registryExtractReplyTopic, emptyRequest - ).get(); - } + ExtractEmptyRequestDto emptyRequest = new ExtractEmptyRequestDto( + personModel.getLastName(), + personModel.getFirstName(), personModel.getMiddleName(), personModel.getBirthDate(), + personModel.getSnils(), formatRegistry + ); + reply = replyingKafkaService.sendMessageAndGetReply(registryExtractEmptyRequestTopic, + registryExtractReplyTopic, emptyRequest + ).get(); + } try { ResponseData responseData = ResponseData.parseFrom(reply); From f1c274d267695330c650ab818a6188d5365921ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A0=D0=B0=D1=83=D1=84=20=D0=9B=D0=B0=D1=82=D1=8B=D0=BF?= =?UTF-8?q?=D0=BE=D0=B2?= Date: Mon, 20 Jan 2025 15:36:41 +0300 Subject: [PATCH 8/8] SUPPORT-8817: fix for review (4) --- .../java/ru/micord/ervu/controller/ExtractController.java | 5 ----- .../micord/ervu/security/esia/service/EsiaAuthService.java | 4 ++-- .../micord/ervu/security/webbpm/jwt/util/SecurityUtil.java | 2 +- 3 files changed, 3 insertions(+), 8 deletions(-) diff --git a/backend/src/main/java/ru/micord/ervu/controller/ExtractController.java b/backend/src/main/java/ru/micord/ervu/controller/ExtractController.java index 3c74e16..f8de58e 100644 --- a/backend/src/main/java/ru/micord/ervu/controller/ExtractController.java +++ b/backend/src/main/java/ru/micord/ervu/controller/ExtractController.java @@ -49,11 +49,6 @@ public class ExtractController { public ResponseEntity getExtract(@PathVariable String formatRegistry) { UserIdsPair userIdsPair = SecurityUtil.getUserIdsPair(); - if (userIdsPair == null || (userIdsPair.getErvuId() == null - && userIdsPair.getEsiaUserId() == null)) { - return ResponseEntity.noContent().build(); - } - String ervuId = userIdsPair.getErvuId(); byte[] reply; diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java index 4ec0575..2457d4d 100644 --- a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java +++ b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java @@ -47,7 +47,7 @@ import ru.micord.ervu.security.webbpm.jwt.helper.SecurityHelper; import ru.micord.ervu.security.webbpm.jwt.service.JwtTokenService; import ru.micord.ervu.security.webbpm.jwt.model.Token; -import static ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil.getUserAccountId; +import static ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil.getCurrentUserEsiaId; /** * @author Eduard Tihomirov @@ -383,7 +383,7 @@ public class EsiaAuthService { private String getMessageId(Exception exception) { return Integer.toUnsignedString(Objects - .hashCode(getUserAccountId()), 36) + .hashCode(getCurrentUserEsiaId()), 36) + "-" + Integer.toUnsignedString(exception.hashCode(), 36); } diff --git a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java index 2f0aa62..d1dcafe 100644 --- a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java +++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java @@ -30,7 +30,7 @@ public final class SecurityUtil { .orElse(null); } - public static String getUserAccountId() { + public static String getCurrentUserEsiaId() { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); if (auth != null && auth.isAuthenticated()) { return auth.getName();