From 679a3e1ce5c86ee10f66b61fa2be7d18515360cf Mon Sep 17 00:00:00 2001 From: Eduard Tihomirov Date: Fri, 23 Aug 2024 14:49:08 +0300 Subject: [PATCH] SUPPORT-8407: Fix --- .../java/esia/service/EsiaAuthService.java | 11 +++++---- .../main/java/esia/service/UlDataService.java | 2 ++ .../java/esia/service/UlDataServiceImpl.java | 24 +++++++++++++++++++ 3 files changed, 33 insertions(+), 4 deletions(-) diff --git a/backend/src/main/java/esia/service/EsiaAuthService.java b/backend/src/main/java/esia/service/EsiaAuthService.java index d3b583c2..885d2d37 100644 --- a/backend/src/main/java/esia/service/EsiaAuthService.java +++ b/backend/src/main/java/esia/service/EsiaAuthService.java @@ -24,7 +24,6 @@ import esia.config.FormUrlencoded; import esia.model.EmployeeModel; import esia.model.EsiaTokenResponse; import esia.model.OrganizationModel; -import esia.model.PersonModel; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpHeaders; import org.springframework.stereotype.Service; @@ -47,7 +46,7 @@ public class EsiaAuthService { private EsiaConfig esiaConfig; @Autowired - private UlDataService personalDataService; + private UlDataService ulDataService; public String generateAuthCodeUrl() { try { @@ -175,6 +174,10 @@ public class EsiaAuthService { throw new RuntimeException(tokenResponse.getError_description()); } String accessToken = tokenResponse.getAccess_token(); + boolean hasRole = ulDataService.checkRole(accessToken); + if (!hasRole) { + throw new RuntimeException("The user does not have the required role"); + } Cookie cookie = new Cookie("access_token", accessToken); cookie.setHttpOnly(true); cookie.setSecure(true); @@ -192,8 +195,8 @@ public class EsiaAuthService { isAuthToken.setPath("/"); response.addCookie(isAuthToken); - EmployeeModel employeeModel = personalDataService.getPersonModel(accessToken); - OrganizationModel organizationModel = personalDataService.getOrganizationModel(accessToken); + EmployeeModel employeeModel = ulDataService.getPersonModel(accessToken); + OrganizationModel organizationModel = ulDataService.getOrganizationModel(accessToken); return true; } catch (Exception e) { diff --git a/backend/src/main/java/esia/service/UlDataService.java b/backend/src/main/java/esia/service/UlDataService.java index 5dacd9b6..825ca6fa 100644 --- a/backend/src/main/java/esia/service/UlDataService.java +++ b/backend/src/main/java/esia/service/UlDataService.java @@ -9,6 +9,8 @@ import esia.model.PersonModel; */ public interface UlDataService { + boolean checkRole(String accessToken); + EmployeeModel getPersonModel(String accessToken); PersonModel getChiefPersonModel(String accessToken); diff --git a/backend/src/main/java/esia/service/UlDataServiceImpl.java b/backend/src/main/java/esia/service/UlDataServiceImpl.java index 3aa8307e..b2525e36 100644 --- a/backend/src/main/java/esia/service/UlDataServiceImpl.java +++ b/backend/src/main/java/esia/service/UlDataServiceImpl.java @@ -155,4 +155,28 @@ public class UlDataServiceImpl implements UlDataService { } } + @Override + public boolean checkRole(String accessToken) { + try { + EsiaAccessToken esiaAccessToken = readToken(accessToken); + String prsnId = esiaAccessToken.getSbj_id(); + String url = esiaConfig.getEsiaBaseUri() + "rs/orgs/" + prsnId + "/grps?embed=(elements)"; + HttpRequest getReq = HttpRequest.newBuilder(URI.create(url)) + .header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded") + .header("Authorization", "Bearer ".concat(accessToken)) + .GET() + .timeout(Duration.ofSeconds(60)) + .build(); + HttpResponse getResp = HttpClient.newBuilder() + .connectTimeout(Duration.ofSeconds(30)) + .build() + .send(getReq, HttpResponse.BodyHandlers.ofString()); + errorHandler(getResp); + + } + catch (Exception e) { + throw new RuntimeException(e); + } + return false; + } }