micord/ervu-lkrp-ul
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'feature/SUPPORT-8427_new' into feature/SUPPORT-8471_load_classifier

Browse source
This commit is contained in:
Eduard Tihomirov 2024-09-13 09:41:46 +03:00
commit 19486d381a
9 changed files with 64 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

21
backend/src/main/java/ru/micord/ervu/security/esia/config/EsiaConfig.java
View file

@ -23,12 +23,6 @@ public class EsiaConfig {
@Value("${esia-uri.base-uri:#{null}}")
private String esiaBaseUri;
@Value("${esia-uri.code-path:#{null}}")
private String esiaCodePath;
@Value("${esia-uri.token-path:#{null}}")
private String esiaTokenPath;
@Value("${esia-client-id:#{null}}")
private String clientId;
@ -38,9 +32,6 @@ public class EsiaConfig {
@Value("${sign-url:#{null}}")
private String signUrl;
@Value("${esia-uri.logout:#{null}}")
private String logoutUrl;
@Value("${client-cert-hash:#{null}}")
private String clientCertHash;
@ -50,14 +41,6 @@ public class EsiaConfig {
@Value("${esia.connection-timeout:30}")
private long connectionTimeout;
public String getEsiaCodeUri() {
return esiaCodePath;
}
public String getEsiaTokenUri() {
return esiaTokenPath;
}
public String getEsiaOrgScopes() {
String[] scopeItems = esiaOrgScopes.split(",");
return String.join(" ", Arrays.stream(scopeItems).map(item -> orgScopeUrl + item.trim()).toArray(String[]::new));
@ -84,10 +67,6 @@ public class EsiaConfig {
return signUrl;
}
public String getLogoutUrl() {
return logoutUrl;
}
public String getClientCertHash() {return clientCertHash;}
public long getRequestTimeout() {

4
backend/src/main/java/ru/micord/ervu/security/esia/controller/EsiaController.java
View file

@ -30,8 +30,8 @@ public class EsiaController {
}
@RequestMapping(value = "/esia/auth", params = "code", method = RequestMethod.GET)
public boolean esiaAuth(@RequestParam("code") String code, HttpServletResponse response) {
return esiaAuthService.getEsiaTokensByCode(code, response);
public boolean esiaAuth(@RequestParam("code") String code, HttpServletRequest request, HttpServletResponse response) {
return esiaAuthService.getEsiaTokensByCode(code, request, response);
}
@RequestMapping(value = "/esia/refresh")

51
backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
View file

@ -19,6 +19,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.beans.factory.annotation.Value;
import ru.micord.ervu.security.esia.config.EsiaConfig;
import ru.micord.ervu.security.esia.model.FormUrlencoded;
import ru.micord.ervu.security.esia.model.EsiaAccessToken;
@ -37,6 +38,9 @@ import ru.micord.ervu.security.webbpm.jwt.model.Token;
@Service
public class EsiaAuthService {
@Value("${cookie-path:#{null}}")
private String path;
@Autowired
private ObjectMapper objectMapper;
@ -74,7 +78,7 @@ public class EsiaAuthService {
String responseType = "code";
String authUrl = esiaConfig.getEsiaCodeUri();
String authUrl = esiaConfig.getEsiaBaseUri() + "aas/oauth2/v2/ac";
URL url = new URL(authUrl);
Map<String, String> params = mapOf("scope", scope,
@ -125,7 +129,7 @@ public class EsiaAuthService {
return uriBuilder.toString();
}
public boolean getEsiaTokensByCode(String esiaAuthCode, HttpServletResponse response) {
public boolean getEsiaTokensByCode(String esiaAuthCode, HttpServletRequest request, HttpServletResponse response) {
try {
String clientId = esiaConfig.getClientId();
DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy.MM.dd HH:mm:ss xx");
@ -146,7 +150,7 @@ public class EsiaAuthService {
parameters.put("code", esiaAuthCode);
String clientSecret = signMap(parameters);
String authUrl = esiaConfig.getEsiaTokenUri();
String authUrl = esiaConfig.getEsiaBaseUri() + "aas/oauth2/v3/te";
String postBody = new FormUrlencoded()
.setParameter("client_id", clientId)
.setParameter("code", esiaAuthCode)
@ -179,21 +183,28 @@ public class EsiaAuthService {
if (!hasRole) {
throw new RuntimeException("The user does not have the required role");
}
String cookiePath = null;
if (path != null) {
cookiePath = path;
}
else {
cookiePath = request.getContextPath();
}
Cookie cookie = new Cookie("access_token", accessToken);
cookie.setHttpOnly(true);
cookie.setPath("/");
cookie.setPath(cookiePath);
response.addCookie(cookie);
String refreshToken = tokenResponse.getRefresh_token();
Cookie cookieRefresh = new Cookie("refresh_token", refreshToken);
cookieRefresh.setHttpOnly(true);
cookieRefresh.setPath("/");
cookieRefresh.setPath(cookiePath);
response.addCookie(cookieRefresh);
EsiaAccessToken esiaAccessToken = ulDataService.readToken(accessToken);
Token token = jwtTokenService.createAccessToken(esiaAccessToken.getSbj_id(), tokenResponse.getExpires_in());
Cookie authToken = new Cookie("auth_token", token.getValue());
authToken.setPath("/");
authToken.setPath(cookiePath);
authToken.setHttpOnly(true);
response.addCookie(authToken);
SecurityContextHolder.getContext()
@ -201,7 +212,8 @@ public class EsiaAuthService {
new UsernamePasswordAuthenticationToken(esiaAccessToken.getSbj_id(), null));
Cookie isAuth = new Cookie("is_auth", "true");
isAuth.setPath("/");
isAuth.setMaxAge(tokenResponse.getExpires_in().intValue());
isAuth.setPath(cookiePath);
response.addCookie(isAuth);
return true;
}
@ -240,7 +252,7 @@ public class EsiaAuthService {
parameters.put("refresh_token", refreshToken);
String clientSecret = signMap(parameters);
String authUrl = esiaConfig.getEsiaTokenUri();
String authUrl = esiaConfig.getEsiaBaseUri() + "aas/oauth2/v3/te";
String postBody = new FormUrlencoded()
.setParameter("client_id", clientId)
.setParameter("refresh_token", refreshToken)
@ -271,18 +283,25 @@ public class EsiaAuthService {
String accessToken = tokenResponse.getAccess_token();
Cookie cookie = new Cookie("access_token", accessToken);
cookie.setHttpOnly(true);
cookie.setPath("/");
String cookiePath = null;
if (path != null) {
cookiePath = path;
}
else {
cookiePath = request.getContextPath();
}
cookie.setPath(cookiePath);
response.addCookie(cookie);
String newRefreshToken = tokenResponse.getRefresh_token();
Cookie cookieRefresh = new Cookie("refresh_token", newRefreshToken);
cookieRefresh.setHttpOnly(true);
cookieRefresh.setPath("/");
cookieRefresh.setPath(cookiePath);
response.addCookie(cookieRefresh);
EsiaAccessToken esiaAccessToken = ulDataService.readToken(accessToken);
Token token = jwtTokenService.createAccessToken(esiaAccessToken.getSbj_id(), tokenResponse.getExpires_in());
Cookie authToken = new Cookie("auth_token", token.getValue());
authToken.setPath("/");
authToken.setPath(cookiePath);
authToken.setHttpOnly(true);
response.addCookie(authToken);
SecurityContextHolder.getContext()
@ -290,7 +309,8 @@ public class EsiaAuthService {
new UsernamePasswordAuthenticationToken(esiaAccessToken.getSbj_id(), null));
Cookie isAuth = new Cookie("is_auth", "true");
isAuth.setPath("/");
isAuth.setMaxAge(tokenResponse.getExpires_in().intValue());
isAuth.setPath(cookiePath);
response.addCookie(isAuth);
}
catch (Exception e) {
@ -338,19 +358,16 @@ public class EsiaAuthService {
if (cookie.getName().equals("auth_token") || cookie.getName().equals("refresh_token")
|| cookie.getName().equals("access_token") || cookie.getName().equals("is_auth")) {
cookie.setValue("");
cookie.setPath("/");
cookie.setMaxAge(0);
response.addCookie(cookie);
}
}
String logoutUrl = esiaConfig.getLogoutUrl();
String logoutUrl = esiaConfig.getEsiaBaseUri() + "idp/ext/Logout";
String redirectUrl = esiaConfig.getRedirectUrl();
String redirectUrlEncoded = redirectUrl.replaceAll(":", "%3A")
.replaceAll("/", "%2F");
URL url = new URL(logoutUrl);
Map<String, String> params = mapOf(
"client_id", esiaConfig.getClientId(),
"redirect_uri", redirectUrlEncoded);
"redirect_url", redirectUrl);
return makeRequest(url, params);
}
catch (Exception e) {

3
config/patches/default.cli
View file

@ -44,12 +44,9 @@ xa-data-source add \
/system-property=esia-org-scopes:add(value="org_fullname, org_shortname, org_brhs, org_brhs_ctts, org_brhs_addrs, org_type, org_ogrn, org_inn, org_leg, org_kpp, org_ctts, org_addrs, org_grps, org_emps")
/system-property=esia-org-scope-url:add(value="http://esia.gosuslugi.ru/")
/system-property=esia-uri.base-uri:add(value="https://esia-portal1.test.gosuslugi.ru/")
/system-property=esia-uri.code-path:add(value="https://esia-portal1.test.gosuslugi.ru/aas/oauth2/v2/ac")
/system-property=esia-uri.token-path:add(value="https://esia-portal1.test.gosuslugi.ru/aas/oauth2/v3/te")
/system-property=esia-client-id:add(value="MNSV89")
/system-property=esia-redirect-url:add(value="https://lkrp-dev.micord.ru/ul/")
/system-property=sign-url:add(value="https://ervu-sign-dev.k8s.micord.ru/sign")
/system-property=esia-uri.logout:add(value="https://esia-portal1.test.gosuslugi.ru/idp/ext/Logout")
/system-property=client-cert-hash:add(value="04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD")
/system-property=ervu.cron.load.enable(value="true")
/system-property=ervu.cron.load.time(value="0 0 */1 * * *")

3
config/standalone/dev/standalone.xml
View file

@ -70,12 +70,9 @@
<property name="esia-org-scopes" value="org_fullname, org_shortname, org_brhs, org_brhs_ctts, org_brhs_addrs, org_type, org_ogrn, org_inn, org_leg, org_kpp, org_ctts, org_addrs, org_grps, org_emps"/>
<property name="esia-org-scope-url" value="http://esia.gosuslugi.ru/"/>
<property name="esia-uri.base-uri" value="https://esia-portal1.test.gosuslugi.ru/"/>
<property name="esia-uri.code-path" value="https://esia-portal1.test.gosuslugi.ru/aas/oauth2/v2/ac"/>
<property name="esia-uri.token-path" value="https://esia-portal1.test.gosuslugi.ru/aas/oauth2/v3/te"/>
<property name="esia-client-id" value="MNSV89"/>
<property name="esia-redirect-url" value="https://lkrp.micord.ru"/>
<property name="sign-url" value="https://ervu-sign-dev.k8s.micord.ru/sign"/>
<property name="sesia-uri.logout" value="https://esia-portal1.test.gosuslugi.ru/idp/ext/Logout"/>
<property name="client-cert-hash" value="04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD"/>
<property name="ervu.cron.load.time" value="0 0 */1 * * *"/>
<property name="ervu.esnsi.classifier.url.load" value="https://esnsi.gosuslugi.ru/rest/ext/v1/classifiers/11465/file?extension=JSON&amp;encoding=UTF_8"/>

23
config/tomcat/tomee/conf/webbpm.properties
View file

@ -13,3 +13,26 @@ webbpm.mode=production
webbpm.jbpm.hibernate_statistics.enabled=false
webbpm.cache.hazelcast.hosts=127.0.0.1
webbpm.cache.hazelcast.outbound_port_definitions=5801-5820
file.webdav.upload.url=https://ervu-webdav.k8s.micord.ru
file.webdav.upload.username=test
file.webdav.upload.password=test
kafka.send.message.topic.name=file-upload-v2
kafka.send.url=http://10.10.31.11:32609
kafka.send.security.protocol=SASL_PLAINTEXT
kafka.sasl.mechanism=SCRAM-SHA-256
kafka.send.username=user1
kafka.send.password=Blfi9d2OFG
ervu.fileupload.max_file_size=5242880
ervu.fileupload.max_request_size=6291456
ervu.fileupload.file_size_threshold=0
esia-scopes=fullname, snils, id_doc, birthdate, usr_org, openid
esia-org-scopes=org_fullname, org_shortname, org_brhs, org_brhs_ctts, org_brhs_addrs, org_type, org_ogrn, org_inn, org_leg, org_kpp, org_ctts, org_addrs, org_grps, org_emps
esia-org-scope-url=http://esia.gosuslugi.ru/
esia-uri.base-uri=https://esia-portal1.test.gosuslugi.ru/
esia-client-id=MNSV89
esia-redirect-url=https://lkrp-dev.micord.ru/ul/
sign-url=https://ervu-sign-dev.k8s.micord.ru/sign
client-cert-hash=04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD

2
frontend/src/resources/app-config.json
View file

@ -5,7 +5,7 @@
"filter_cleanup_check_period_minutes": 30,
"auth_method": "form",
"enable.version.in.url": "%enable.version.in.url%",
"backend.context": "ul",
"backend.context": "ul/ul",
"guard.confirm_exit": false,
"message_service_error_timeout": "",
"message_service_warning_timeout": "",

6
frontend/src/ts/modules/app/component/logout.component.ts
View file

@ -1,8 +1,7 @@
import {Component, OnInit} from "@angular/core";
import {ChangeDetectorRef, Component, OnInit} from "@angular/core";
import {Router} from "@angular/router";
import {HttpClient} from "@angular/common/http";
import {CookieService} from "ngx-cookie";
import {Deferred} from "@webbpm/base-package";
@Component({
moduleId: module.id,
@ -16,7 +15,7 @@ export class LogOutComponent implements OnInit{
constructor(private router: Router, private httpClient: HttpClient,
private cookieService: CookieService) {
private cookieService: CookieService, private cd: ChangeDetectorRef) {
}
ngOnInit(): void {
@ -28,6 +27,7 @@ export class LogOutComponent implements OnInit{
]).then(([userFullname, orgUnitName]) => {
this.userFullname = userFullname;
this.orgUnitName = orgUnitName;
this.cd.markForCheck();
});
}
}

2
frontend/src/ts/modules/security/guard/auth.guard.ts
View file

@ -33,7 +33,7 @@ export abstract class AuthGuard implements CanActivate {
else if (code) {
const params = new HttpParams().set('code', code);
this.httpClient.get<boolean>("esia/auth", {params: params}).toPromise().then(
() => window.open(url.origin, "_self"))
() => window.open(url.origin + url.pathname, "_self"))
.catch((reason) =>
console.error(reason)
);