From 7ee9eaf713c1ecda7b7c9c8368a8d2695953fc0d Mon Sep 17 00:00:00 2001 From: Eduard Tihomirov Date: Thu, 27 Feb 2025 11:22:12 +0300 Subject: [PATCH 1/2] Revert "remove SUPPORT-8822" This reverts commit 7c9e8497 --- .../esia/service/EsiaAuthService.java | 25 +++++++++++-------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java index 9bd82dcb..162d41d4 100644 --- a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java +++ b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java @@ -101,7 +101,6 @@ public class EsiaAuthService { DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy.MM.dd HH:mm:ss xx"); ZonedDateTime dt = ZonedDateTime.now(); String timestamp = dt.format(formatter); - String state = UUID.randomUUID().toString(); String prnsUUID = UUID.randomUUID().toString(); String redirectUrl = esiaConfig.getRedirectUrl(); String redirectUrlEncoded = redirectUrl.replaceAll(":", "%3A") @@ -114,10 +113,12 @@ public class EsiaAuthService { parameters.put("scope", scope); parameters.put("scope_org", scopeOrg); parameters.put("timestamp", timestamp); - parameters.put("state", state); + parameters.put("state", "%s"); parameters.put("redirect_uri", esiaConfig.getRedirectUrl()); - String clientSecret = signMap(parameters); + SignResponse signResponse = signMap(parameters); + String state = signResponse.getState(); + String clientSecret = signResponse.getSignature(); EsiaAuthInfoStore.addState(prnsUUID, state, esiaConfig.getEsiaStateCookieLifeTime()); ResponseCookie prnsCookie = securityHelper.createCookie(PRNS_UUID, prnsUUID, "/") .maxAge(esiaConfig.getEsiaStateCookieLifeTime()) @@ -188,7 +189,6 @@ public class EsiaAuthService { DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy.MM.dd HH:mm:ss xx"); ZonedDateTime dt = ZonedDateTime.now(); String timestamp = dt.format(formatter); - String newState = UUID.randomUUID().toString(); String redirectUrl = esiaConfig.getRedirectUrl(); String scope = esiaConfig.getEsiaScopes(); String scopeOrg = esiaConfig.getEsiaOrgScopes(); @@ -198,13 +198,15 @@ public class EsiaAuthService { parameters.put("scope", scope); parameters.put("scope_org", scopeOrg); parameters.put("timestamp", timestamp); - parameters.put("state", newState); + parameters.put("state", "%s"); parameters.put("redirect_uri", redirectUrl); parameters.put("code", esiaAuthCode); long startTime = System.currentTimeMillis(); - String clientSecret = signMap(parameters); + SignResponse signResponse = signMap(parameters); timeSignSecret = System.currentTimeMillis() - startTime; + String newState = signResponse.getState(); + String clientSecret = signResponse.getSignature(); String authUrl = esiaConfig.getEsiaBaseUri() + esiaConfig.getEsiaTokenUrl(); String postBody = new FormUrlencoded() .setParameter("client_id", clientId) @@ -298,7 +300,6 @@ public class EsiaAuthService { DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy.MM.dd HH:mm:ss xx"); ZonedDateTime dt = ZonedDateTime.now(); String timestamp = dt.format(formatter); - String state = UUID.randomUUID().toString(); String redirectUrl = esiaConfig.getRedirectUrl(); String scope = esiaConfig.getEsiaScopes(); String scopeOrg = esiaConfig.getEsiaOrgScopes(); @@ -308,11 +309,13 @@ public class EsiaAuthService { parameters.put("scope", scope); parameters.put("scope_org", scopeOrg); parameters.put("timestamp", timestamp); - parameters.put("state", state); + parameters.put("state", "%s"); parameters.put("redirect_uri", esiaConfig.getRedirectUrl()); parameters.put("refresh_token", refreshToken); - String clientSecret = signMap(parameters); + SignResponse signResponse = signMap(parameters); + String state = signResponse.getState(); + String clientSecret = signResponse.getSignature(); String authUrl = esiaConfig.getEsiaBaseUri() + esiaConfig.getEsiaTokenUrl(); String postBody = new FormUrlencoded() .setParameter("client_id", clientId) @@ -364,7 +367,7 @@ public class EsiaAuthService { } } - private String signMap(Map paramsToSign) { + private SignResponse signMap(Map paramsToSign) { try { StringBuilder toSign = new StringBuilder(); for (String s : paramsToSign.values()) { @@ -383,7 +386,7 @@ public class EsiaAuthService { .build() .send(request, HttpResponse.BodyHandlers.ofString()); errorHandler(response); - return response.body(); + return objectMapper.readValue(response.body(), SignResponse.class); } catch (Exception e) { From 4b67bd8fdc29c149e0410deb0daa9eb5bd25d2e4 Mon Sep 17 00:00:00 2001 From: Zaripov Emil Date: Thu, 6 Mar 2025 17:04:00 +0300 Subject: [PATCH 2/2] set version 1.9.10-SNAPSHOT --- backend/pom.xml | 2 +- distribution/pom.xml | 2 +- frontend/pom.xml | 2 +- pom.xml | 2 +- resources/pom.xml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/backend/pom.xml b/backend/pom.xml index 0edb0b5d..79b83887 100644 --- a/backend/pom.xml +++ b/backend/pom.xml @@ -5,7 +5,7 @@ ru.micord.ervu.lkrp ul - 1.9.9-SNAPSHOT + 1.9.10-SNAPSHOT ru.micord.ervu.lkrp.ul backend diff --git a/distribution/pom.xml b/distribution/pom.xml index 90bf2a8a..29a52350 100644 --- a/distribution/pom.xml +++ b/distribution/pom.xml @@ -4,7 +4,7 @@ ru.micord.ervu.lkrp ul - 1.9.9-SNAPSHOT + 1.9.10-SNAPSHOT ru.micord.ervu.lkrp.ul diff --git a/frontend/pom.xml b/frontend/pom.xml index 6aef1f20..de968a85 100644 --- a/frontend/pom.xml +++ b/frontend/pom.xml @@ -4,7 +4,7 @@ ru.micord.ervu.lkrp ul - 1.9.9-SNAPSHOT + 1.9.10-SNAPSHOT ru.micord.ervu.lkrp.ul diff --git a/pom.xml b/pom.xml index 0226c4a1..003d54ef 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ 4.0.0 ru.micord.ervu.lkrp ul - 1.9.9-SNAPSHOT + 1.9.10-SNAPSHOT pom backend diff --git a/resources/pom.xml b/resources/pom.xml index ba8ac5b8..8b33873c 100644 --- a/resources/pom.xml +++ b/resources/pom.xml @@ -4,7 +4,7 @@ ru.micord.ervu.lkrp ul - 1.9.9-SNAPSHOT + 1.9.10-SNAPSHOT ru.micord.ervu.lkrp.ul