micord/ervu-lkrp-ul
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SUPPORT-9171: Fix

Browse source
This commit is contained in:
Eduard Tihomirov 2025-05-15 16:32:18 +03:00
parent e768fc8fb5
commit 42a2024bc8
3 changed files with 20 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
backend/src/main/java/ru/micord/ervu/security/esia/EsiaAuthInfoStore.java
View file

@ -12,6 +12,7 @@ import org.springframework.context.support.MessageSourceAccessor;
import ru.micord.ervu.security.esia.exception.EsiaException;
import ru.micord.ervu.security.esia.model.ExpiringState;
import ru.micord.ervu.security.esia.model.ExpiringToken;
import ru.micord.ervu.security.exception.UnauthorizedException;
import ru.cg.webbpm.modules.core.runtime.api.LocalizedException;
import ru.cg.webbpm.modules.core.runtime.api.MessageBundleUtils;
@ -35,7 +36,14 @@ public class EsiaAuthInfoStore {
}
public static String getAccessToken(String prnOid) {
return ACCESS_TOKENS_MAP.get(prnOid).getAccessToken();
ExpiringToken token = ACCESS_TOKENS_MAP.get(prnOid);
if (token == null || token.getAccessToken() == null) {
throw new UnauthorizedException("Failed to get access token. No access token found for prnOid: " + prnOid);
}
else if (token.isExpired()) {
throw new UnauthorizedException("Failed to get access token. Access token is expired for prnOid: " + prnOid);
}
return token.getAccessToken();
}
public static boolean validateAccessToken(String prnOid) {

11
backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
View file

@ -57,6 +57,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpHeaders;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import ru.micord.ervu.security.exception.UnauthorizedException;
import ru.micord.ervu.security.webbpm.jwt.JwtAuthentication;
import ru.micord.ervu.security.webbpm.jwt.helper.SecurityHelper;
import ru.micord.ervu.security.webbpm.jwt.service.JwtTokenService;
@ -418,16 +419,18 @@ public class EsiaAuthService {
try {
try {
userId = jwtTokenService.getUserAccountId(request);
String accessToken = EsiaAuthInfoStore.getAccessToken(userId);
String accessToken = jwtTokenService.getAccessTokenByUserId(userId);
orgInfo = getOrgInfo(accessToken);
securityHelper.clearAccessCookies(response);
EsiaAuthInfoStore.removeAccessToken(userId);
EsiaAuthInfoStore.removeRefreshToken(userId);
}
catch (Exception e) {
catch (UnauthorizedException e) {
//logout should always happen
}
catch (Exception e) {
LOGGER.error(e.getMessage());
}
securityHelper.clearAccessCookies(response);
String logoutUrl = esiaConfig.getEsiaBaseUri() + esiaConfig.getEsiaLogoutUrl();
String redirectUrl = esiaConfig.getLogoutRedirectUrl();
URL url = new URL(logoutUrl);

4
backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java
View file

@ -84,6 +84,10 @@ public class JwtTokenService {
return EsiaAuthInfoStore.getAccessToken(getUserAccountId(request));
}
public String getAccessTokenByUserId(String userId) {
return EsiaAuthInfoStore.getAccessToken(userId);
}
public String getRefreshToken(HttpServletRequest request) {
return EsiaAuthInfoStore.getRefreshToken(getUserAccountId(request));
}