SUPPORT-8755: Fix

2024-12-24 20:11:53 +03:00 · 2024-12-24 20:11:53 +03:00 · f86a8afd2f
commit f86a8afd2f
parent 65872ef7da
3 changed files with 12 additions and 9 deletions
--- a/backend/src/main/java/ru/micord/ervu/security/esia/token/TokensStore.java
+++ b/backend/src/main/java/ru/micord/ervu/security/esia/token/TokensStore.java
@ -3,6 +3,8 @@ package ru.micord.ervu.security.esia.token;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;

+import org.springframework.security.authentication.CredentialsExpiredException;
+
 /**
 * @author Eduard Tihomirov
 */
@ -18,7 +20,14 @@ public class TokensStore {
  }

  public static String getAccessToken(String prnOid) {
-    return accessTokensMap.get(prnOid).getAccessToken();
+    ExpiringToken token = accessTokensMap.get(prnOid);
+    if (token == null) {
+      throw new CredentialsExpiredException("No access token for prnOid: " + prnOid);
+    }
+    else if (token.isExpired()) {
+      throw new CredentialsExpiredException("Access token expired for prnOid: " + prnOid);
+    }
+    return token.getAccessToken();
  }

  public static void removeExpiredAccessToken() {
--- a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/filter/JwtAuthenticationFilter.java
+++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/filter/JwtAuthenticationFilter.java
@ -16,6 +16,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 import org.springframework.security.web.util.matcher.RequestMatcher;
+import ru.micord.ervu.security.esia.token.TokensStore;
 import ru.micord.ervu.security.webbpm.jwt.JwtAuthentication;
 import ru.micord.ervu.security.webbpm.jwt.helper.SecurityHelper;
 import ru.micord.ervu.security.webbpm.jwt.model.Token;
@ -64,6 +65,7 @@ public class JwtAuthenticationFilter extends AbstractAuthenticationProcessingFil
        if (ids.length != 2) {
          throw new CredentialsExpiredException("Invalid token. User has no ervuId");
        }
+        TokensStore.getAccessToken(token.getUserAccountId());
      }
    }
    catch (CredentialsExpiredException e) {
--- a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java
+++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java
@ -34,9 +34,6 @@ public class JwtTokenService {
          ResourceMetadataUtils.PROJECT_GROUP_ID + "." + ResourceMetadataUtils.PROJECT_ARTIFACT_ID;
  private final SecretKey SIGNING_KEY;

-  @Autowired
-  private HttpServletRequest request;
-
  @Autowired
  public JwtTokenService(@Value("${webbpm.security.token.secret.key:ZjE5ZjMxNmYtODViZC00ZTQ5LWIxZmYtOGEzYzE3Yjc1MDVk}")
                             String secretKey) {
@ -79,11 +76,6 @@ public class JwtTokenService {
    return new Token(claims.getSubject(), claims.getIssuer(), claims.getExpiration(), token);
  }

-  public String getErvuId() {
-    String extractAuthToken = extractAuthToken(request);
-    return getToken(extractAuthToken).getUserAccountId().split(":")[1];
-  }
-
  public String getAccessToken(HttpServletRequest request) {
    return TokensStore.getAccessToken(getUserAccountId(request));
  }