Merge branch 'feature/SUPPORT-8571_check_browser' into develop

2024-11-19 09:55:32 +03:00 · 2024-11-19 09:55:32 +03:00 · 23dadc5b46
commit 23dadc5b46
parent 8f6179f35f 12a85ca47a
6 changed files with 53 additions and 3 deletions
--- a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/filter/JwtAuthenticationFilter.java
+++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/filter/JwtAuthenticationFilter.java
@ -59,6 +59,10 @@ public class JwtAuthenticationFilter extends AbstractAuthenticationProcessingFil
    }
    try {
      authentication = getAuthenticationManager().authenticate(authentication);
+      String browser = httpServletRequest.getHeader("User-Agent");
+      if (browser == null || !browser.contains("YaBrowser") || !browser.contains("Chromium GOST")) {
+        throw new CredentialsExpiredException("Invalid browser. Use YaBrowser or Chromium GOST");
+      }
      if (!httpServletRequest.getRequestURI().endsWith("esia/logout")) {
        Token token = jwtTokenService.getToken(tokenStr);
        if (!token.getHasRole()) {
--- a/frontend/home.html
+++ b/frontend/home.html
@ -13,6 +13,21 @@
 </div>

 <div class="container">
+    <div id="browser-check-info">
+        <div class="browser-check-content">
+            <div class="browser-check-text">
+                <p class="plain-text text-header">
+                    Доступ к личному кабинету для юридических лиц осуществляется исключительно через браузеры Яндекс или Chromium gost.
+                </p>
+                <p class="plain-text">
+                    Пожалуйста, попробуйте снова, выбрав один из этих браузеров.
+                </p>
+            </div>
+        </div>
+    </div>
+    <script>
+      document.getElementById("browser-check-info").hidden = navigator.userAgent.indexOf("Chromium GOST") > -1 || navigator.userAgent.indexOf("YaBrowser") > -1;
+    </script>
 	<div class="container-inside">
 		<div class="list-group lk-what">
 			<div>
--- a/frontend/src/resources/css/components-lkrp.css
+++ b/frontend/src/resources/css/components-lkrp.css
@ -914,7 +914,6 @@
 	background-image: url(../img/svg/win-success.svg);
 }

-
 /* temp fix + add flex-wrap*/
 .webbpm.ervu_lkrp_ul :is(.fieldset, .warning-group) .horizontal-container text + button-component:not(.info) {
 	margin-top: -2px;
--- a/frontend/src/resources/css/inbox-lkrp.css
+++ b/frontend/src/resources/css/inbox-lkrp.css
@ -359,4 +359,4 @@ body.webbpm.ervu_lkrp_ul {
    87.5% {
        box-shadow: 0em -2.6em 0em 0em rgba(198, 78, 27, 0.3), 1.8em -1.8em 0 0em rgba(198, 78, 27, 0.3), 2.5em 0em 0 0em rgba(198, 78, 27, 0.3), 1.75em 1.75em 0 0em rgba(198, 78, 27, 0.3), 0em 2.5em 0 0em rgba(198, 78, 27, 0.3), -1.8em 1.8em 0 0em rgba(198, 78, 27, 0.7), -2.6em 0em 0 0em rgba(198, 78, 27, 1), -1.8em -1.8em 0 0em #ffffff;
    }
-} 
+}
--- a/frontend/src/resources/landing/home.css
+++ b/frontend/src/resources/landing/home.css
@ -624,6 +624,29 @@ a.btn:is(:hover, :focus, :active) {
    color: var(--color-link);
 }

+.browser-check-content {
+    font-family: 'Golos';
+    font-size: var(--size-text-secondary);    
+    padding: var(--indent-mini) var(--w-screen) var(--indent-mini) calc(var(--w-screen) + 38px);
+    background-color: var(--bg-warn);
+}
+.browser-check-text {
+    position: relative;
+    padding-left: 40px;
+}
+.browser-check-text::before {
+    position: absolute;
+    content: url(../img/svg/info.svg);
+    left: 0;
+    top: calc((100% - 24px) / 2);
+}
+.text-header {
+    color: var(--color-link);
+    font-family: 'GolosB';
+    font-size: var(--size-text-primary);
+    margin-bottom: 4px;
+}
+
 /*@media ((max-width: 780px) or ((orientation: landscape) and (max-device-width : 1024px))) {*/
@media (max-width: 1024px) {
    body {
--- a/frontend/src/ts/modules/security/guard/auth.guard.ts
+++ b/frontend/src/ts/modules/security/guard/auth.guard.ts
@ -18,10 +18,14 @@ export abstract class AuthGuard implements CanActivate {

  public canActivate(route: ActivatedRouteSnapshot,
                     state: RouterStateSnapshot): Observable<boolean> | Promise<boolean> | boolean {
+    let url = new URL(window.location.href);
+    if (!this.checkBrowser()) {
+      window.open(url.origin + url.pathname + "home.html", "_self");
+      return false;
+    }
    let hasAccess: Promise<boolean> | boolean = this.checkAccess();

    return Promise.resolve(hasAccess).then((isAccess) => {
-      let url = new URL(window.location.href);
      let params = new URLSearchParams(url.search);
      let code = params.get('code');
      let error = params.get('error');
@ -82,4 +86,9 @@ export abstract class AuthGuard implements CanActivate {
    const match = message.match(regex);
    return match ? match[0] : null;
  }
+
+  private checkBrowser(): boolean {
+    const userAgent = navigator.userAgent;
+    return userAgent.indexOf("Chromium GOST") > -1 || userAgent.indexOf("YaBrowser") > -1;
+  }
 }