micord/ervu-lkrp-ul
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SUPPORT-8427: Fix

Browse source
This commit is contained in:
Eduard Tihomirov 2024-09-12 14:44:11 +03:00
parent 531443697c
commit 5da678d304
4 changed files with 30 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

21
backend/src/main/java/ru/micord/ervu/security/esia/config/EsiaConfig.java
View file

@ -23,12 +23,6 @@ public class EsiaConfig {
@Value("${esia-uri.base-uri:#{null}}")
private String esiaBaseUri;
@Value("${esia-uri.code-path:#{null}}")
private String esiaCodePath;
@Value("${esia-uri.token-path:#{null}}")
private String esiaTokenPath;
@Value("${esia-client-id:#{null}}")
private String clientId;
@ -38,9 +32,6 @@ public class EsiaConfig {
@Value("${sign-url:#{null}}")
private String signUrl;
@Value("${esia-uri.logout:#{null}}")
private String logoutUrl;
@Value("${client-cert-hash:#{null}}")
private String clientCertHash;
@ -50,14 +41,6 @@ public class EsiaConfig {
@Value("${esia.connection-timeout:30}")
private long connectionTimeout;
public String getEsiaCodeUri() {
return esiaCodePath;
}
public String getEsiaTokenUri() {
return esiaTokenPath;
}
public String getEsiaOrgScopes() {
String[] scopeItems = esiaOrgScopes.split(",");
return String.join(" ", Arrays.stream(scopeItems).map(item -> orgScopeUrl + item.trim()).toArray(String[]::new));
@ -84,10 +67,6 @@ public class EsiaConfig {
return signUrl;
}
public String getLogoutUrl() {
return logoutUrl;
}
public String getClientCertHash() {return clientCertHash;}
public long getRequestTimeout() {

44
backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
View file

@ -19,6 +19,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.beans.factory.annotation.Value;
import ru.micord.ervu.security.esia.config.EsiaConfig;
import ru.micord.ervu.security.esia.model.FormUrlencoded;
import ru.micord.ervu.security.esia.model.EsiaAccessToken;
@ -37,6 +38,9 @@ import ru.micord.ervu.security.webbpm.jwt.model.Token;
@Service
public class EsiaAuthService {
@Value("${cookie-path:#{null}}")
private String path;
@Autowired
private ObjectMapper objectMapper;
@ -74,7 +78,7 @@ public class EsiaAuthService {
String responseType = "code";
String authUrl = esiaConfig.getEsiaCodeUri();
String authUrl = esiaConfig.getEsiaBaseUri() + "aas/oauth2/v2/ac";
URL url = new URL(authUrl);
Map<String, String> params = mapOf("scope", scope,
@ -146,7 +150,7 @@ public class EsiaAuthService {
parameters.put("code", esiaAuthCode);
String clientSecret = signMap(parameters);
String authUrl = esiaConfig.getEsiaTokenUri();
String authUrl = esiaConfig.getEsiaBaseUri() + "aas/oauth2/v3/te";
String postBody = new FormUrlencoded()
.setParameter("client_id", clientId)
.setParameter("code", esiaAuthCode)
@ -179,22 +183,28 @@ public class EsiaAuthService {
if (!hasRole) {
throw new RuntimeException("The user does not have the required role");
}
String path = request.getContextPath();
String cookiePath = null;
if (path != null) {
cookiePath = path;
}
else {
cookiePath = request.getContextPath();
}
Cookie cookie = new Cookie("access_token", accessToken);
cookie.setHttpOnly(true);
cookie.setPath(path);
cookie.setPath(cookiePath);
response.addCookie(cookie);
String refreshToken = tokenResponse.getRefresh_token();
Cookie cookieRefresh = new Cookie("refresh_token", refreshToken);
cookieRefresh.setHttpOnly(true);
cookieRefresh.setPath(path);
cookieRefresh.setPath(cookiePath);
response.addCookie(cookieRefresh);
EsiaAccessToken esiaAccessToken = ulDataService.readToken(accessToken);
Token token = jwtTokenService.createAccessToken(esiaAccessToken.getSbj_id(), tokenResponse.getExpires_in());
Cookie authToken = new Cookie("auth_token", token.getValue());
authToken.setPath(path);
authToken.setPath(cookiePath);
authToken.setHttpOnly(true);
response.addCookie(authToken);
SecurityContextHolder.getContext()
@ -203,7 +213,7 @@ public class EsiaAuthService {
Cookie isAuth = new Cookie("is_auth", "true");
isAuth.setMaxAge(tokenResponse.getExpires_in().intValue());
isAuth.setPath(path);
isAuth.setPath(cookiePath);
response.addCookie(isAuth);
return true;
}
@ -242,7 +252,7 @@ public class EsiaAuthService {
parameters.put("refresh_token", refreshToken);
String clientSecret = signMap(parameters);
String authUrl = esiaConfig.getEsiaTokenUri();
String authUrl = esiaConfig.getEsiaBaseUri() + "aas/oauth2/v3/te";
String postBody = new FormUrlencoded()
.setParameter("client_id", clientId)
.setParameter("refresh_token", refreshToken)
@ -273,19 +283,25 @@ public class EsiaAuthService {
String accessToken = tokenResponse.getAccess_token();
Cookie cookie = new Cookie("access_token", accessToken);
cookie.setHttpOnly(true);
String path = request.getContextPath();
cookie.setPath(path);
String cookiePath = null;
if (path != null) {
cookiePath = path;
}
else {
cookiePath = request.getContextPath();
}
cookie.setPath(cookiePath);
response.addCookie(cookie);
String newRefreshToken = tokenResponse.getRefresh_token();
Cookie cookieRefresh = new Cookie("refresh_token", newRefreshToken);
cookieRefresh.setHttpOnly(true);
cookieRefresh.setPath(path);
cookieRefresh.setPath(cookiePath);
response.addCookie(cookieRefresh);
EsiaAccessToken esiaAccessToken = ulDataService.readToken(accessToken);
Token token = jwtTokenService.createAccessToken(esiaAccessToken.getSbj_id(), tokenResponse.getExpires_in());
Cookie authToken = new Cookie("auth_token", token.getValue());
authToken.setPath(path);
authToken.setPath(cookiePath);
authToken.setHttpOnly(true);
response.addCookie(authToken);
SecurityContextHolder.getContext()
@ -294,7 +310,7 @@ public class EsiaAuthService {
Cookie isAuth = new Cookie("is_auth", "true");
isAuth.setMaxAge(tokenResponse.getExpires_in().intValue());
isAuth.setPath(path);
isAuth.setPath(cookiePath);
response.addCookie(isAuth);
}
catch (Exception e) {
@ -346,7 +362,7 @@ public class EsiaAuthService {
response.addCookie(cookie);
}
}
String logoutUrl = esiaConfig.getLogoutUrl();
String logoutUrl = esiaConfig.getEsiaBaseUri() + "idp/ext/Logout";
String redirectUrl = esiaConfig.getRedirectUrl();
URL url = new URL(logoutUrl);
Map<String, String> params = mapOf(

3
config/patches/default.cli
View file

@ -44,10 +44,7 @@ xa-data-source add \
/system-property=esia-org-scopes:add(value="org_fullname, org_shortname, org_brhs, org_brhs_ctts, org_brhs_addrs, org_type, org_ogrn, org_inn, org_leg, org_kpp, org_ctts, org_addrs, org_grps, org_emps")
/system-property=esia-org-scope-url:add(value="http://esia.gosuslugi.ru/")
/system-property=esia-uri.base-uri:add(value="https://esia-portal1.test.gosuslugi.ru/")
/system-property=esia-uri.code-path:add(value="https://esia-portal1.test.gosuslugi.ru/aas/oauth2/v2/ac")
/system-property=esia-uri.token-path:add(value="https://esia-portal1.test.gosuslugi.ru/aas/oauth2/v3/te")
/system-property=esia-client-id:add(value="MNSV89")
/system-property=esia-redirect-url:add(value="https://lkrp-dev.micord.ru/ul/")
/system-property=sign-url:add(value="https://ervu-sign-dev.k8s.micord.ru/sign")
/system-property=esia-uri.logout:add(value="https://esia-portal1.test.gosuslugi.ru/idp/ext/Logout")
/system-property=client-cert-hash:add(value="04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD")

1
config/standalone/dev/standalone.xml
View file

@ -75,7 +75,6 @@
<property name="esia-client-id" value="MNSV89"/>
<property name="esia-redirect-url" value="https://lkrp.micord.ru"/>
<property name="sign-url" value="https://ervu-sign-dev.k8s.micord.ru/sign"/>
<property name="sesia-uri.logout" value="https://esia-portal1.test.gosuslugi.ru/idp/ext/Logout"/>
<property name="client-cert-hash" value="04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD"/>
</system-properties>
<management>