diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/EsiaAuthInfoStore.java b/backend/src/main/java/ru/micord/ervu/security/esia/EsiaAuthInfoStore.java index 2bb669b6..7b813a15 100644 --- a/backend/src/main/java/ru/micord/ervu/security/esia/EsiaAuthInfoStore.java +++ b/backend/src/main/java/ru/micord/ervu/security/esia/EsiaAuthInfoStore.java @@ -12,6 +12,7 @@ import org.springframework.context.support.MessageSourceAccessor; import ru.micord.ervu.security.esia.exception.EsiaException; import ru.micord.ervu.security.esia.model.ExpiringState; import ru.micord.ervu.security.esia.model.ExpiringToken; +import ru.micord.ervu.security.exception.UnauthorizedException; import ru.cg.webbpm.modules.core.runtime.api.LocalizedException; import ru.cg.webbpm.modules.core.runtime.api.MessageBundleUtils; @@ -35,7 +36,14 @@ public class EsiaAuthInfoStore { } public static String getAccessToken(String prnOid) { - return ACCESS_TOKENS_MAP.get(prnOid).getAccessToken(); + ExpiringToken token = ACCESS_TOKENS_MAP.get(prnOid); + if (token == null || token.getAccessToken() == null) { + throw new UnauthorizedException("Failed to get access token. No access token found for prnOid: " + prnOid); + } + else if (token.isExpired()) { + throw new UnauthorizedException("Failed to get access token. Access token is expired for prnOid: " + prnOid); + } + return token.getAccessToken(); } public static boolean validateAccessToken(String prnOid) { diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java index 81a3a263..79626923 100644 --- a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java +++ b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java @@ -57,6 +57,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpHeaders; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.context.SecurityContextHolder; +import ru.micord.ervu.security.exception.UnauthorizedException; import ru.micord.ervu.security.webbpm.jwt.JwtAuthentication; import ru.micord.ervu.security.webbpm.jwt.helper.SecurityHelper; import ru.micord.ervu.security.webbpm.jwt.service.JwtTokenService; @@ -418,16 +419,18 @@ public class EsiaAuthService { try { try { userId = jwtTokenService.getUserAccountId(request); - String accessToken = EsiaAuthInfoStore.getAccessToken(userId); + String accessToken = jwtTokenService.getAccessTokenByUserId(userId); orgInfo = getOrgInfo(accessToken); - securityHelper.clearAccessCookies(response); EsiaAuthInfoStore.removeAccessToken(userId); EsiaAuthInfoStore.removeRefreshToken(userId); } - catch (Exception e) { + catch (UnauthorizedException e) { //logout should always happen } - + catch (Exception e) { + LOGGER.error(e.getMessage()); + } + securityHelper.clearAccessCookies(response); String logoutUrl = esiaConfig.getEsiaBaseUri() + esiaConfig.getEsiaLogoutUrl(); String redirectUrl = esiaConfig.getLogoutRedirectUrl(); URL url = new URL(logoutUrl); diff --git a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java index 3e388a90..75b1eabe 100644 --- a/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java +++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java @@ -84,6 +84,10 @@ public class JwtTokenService { return EsiaAuthInfoStore.getAccessToken(getUserAccountId(request)); } + public String getAccessTokenByUserId(String userId) { + return EsiaAuthInfoStore.getAccessToken(userId); + } + public String getRefreshToken(HttpServletRequest request) { return EsiaAuthInfoStore.getRefreshToken(getUserAccountId(request)); }