micord/ervu-lkrp-ul
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'feature/SUPPORT-8682_fix_exit' into develop

Browse source
This commit is contained in:
Eduard Tihomirov 2024-11-26 10:53:43 +03:00
commit b2bac5ba3c
4 changed files with 75 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

4
backend/src/main/java/ru/micord/ervu/security/esia/controller/EsiaController.java
View file

@ -32,8 +32,8 @@ public class EsiaController {
} }
@GetMapping(value = "/esia/auth", params = "code") @GetMapping(value = "/esia/auth", params = "code")
public ResponseEntity<?> esiaAuth(@RequestParam("code") String code, HttpServletRequest request, HttpServletResponse response) { public ResponseEntity<?> esiaAuth(@RequestParam("code") String code, @RequestParam("error") String error, HttpServletRequest request, HttpServletResponse response) {
return esiaAuthService.getEsiaTokensByCode(code, request, response); return esiaAuthService.getEsiaTokensByCode(code, error, request, response);
} }
@PostMapping(value = "/esia/refresh") @PostMapping(value = "/esia/refresh")

76
backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
View file

@ -15,6 +15,7 @@ import java.time.format.DateTimeFormatter;
import java.util.Arrays; import java.util.Arrays;
import java.util.LinkedHashMap; import java.util.LinkedHashMap;
import java.util.Map; import java.util.Map;
import java.util.Objects;
import java.util.UUID; import java.util.UUID;
import javax.servlet.http.Cookie; import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
@ -52,12 +53,15 @@ import ru.micord.ervu.security.webbpm.jwt.helper.SecurityHelper;
import ru.micord.ervu.security.webbpm.jwt.service.JwtTokenService; import ru.micord.ervu.security.webbpm.jwt.service.JwtTokenService;
import ru.micord.ervu.security.webbpm.jwt.model.Token; import ru.micord.ervu.security.webbpm.jwt.model.Token;
import static ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil.getCurrentUsername;
/** /**
* @author Eduard Tihomirov * @author Eduard Tihomirov
*/ */
@Service @Service
public class EsiaAuthService { public class EsiaAuthService {
private static final Logger LOGGER = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); private static final Logger LOGGER = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
private static final Long EXPIRES_IN = 3600L;
@Autowired @Autowired
private ObjectMapper objectMapper; private ObjectMapper objectMapper;
@Autowired @Autowired
@ -157,8 +161,16 @@ public class EsiaAuthService {
return uriBuilder.toString(); return uriBuilder.toString();
} }
public ResponseEntity<?> getEsiaTokensByCode(String esiaAuthCode, HttpServletRequest request, HttpServletResponse response) { public ResponseEntity<?> getEsiaTokensByCode(String esiaAuthCode, String error,
HttpServletRequest request, HttpServletResponse response) {
try { try {
if (error != null) {
createTokenAndAddCookie(response, null, null, false, EXPIRES_IN);
return new ResponseEntity<>(
"Произошла неизвестная ошибка. Обратитесь к системному администратору",
HttpStatus.FORBIDDEN
);
}
String clientId = esiaConfig.getClientId(); String clientId = esiaConfig.getClientId();
DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy.MM.dd HH:mm:ss xx"); DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy.MM.dd HH:mm:ss xx");
ZonedDateTime dt = ZonedDateTime.now(); ZonedDateTime dt = ZonedDateTime.now();
@ -223,20 +235,7 @@ public class EsiaAuthService {
Long expiresIn = tokenResponse.getExpires_in(); Long expiresIn = tokenResponse.getExpires_in();
TokensStore.addAccessToken(prnOid, esiaAccessTokenStr, expiresIn); TokensStore.addAccessToken(prnOid, esiaAccessTokenStr, expiresIn);
TokensStore.addRefreshToken(prnOid, esiaRefreshTokenStr, expiresIn); TokensStore.addRefreshToken(prnOid, esiaRefreshTokenStr, expiresIn);
Token token = jwtTokenService.createAccessToken(esiaAccessToken.getSbj_id(), expiresIn, ervuId, hasRole); createTokenAndAddCookie(response, esiaAccessToken.getSbj_id(), ervuId, hasRole, expiresIn);
int expiry = tokenResponse.getExpires_in().intValue();
Cookie accessCookie = securityHelper.createAccessCookie(token.getValue(), expiry);
response.addCookie(accessCookie);
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
new UsernamePasswordAuthenticationToken(token.getUserAccountId(), null);
SecurityContext context = SecurityContextHolder.createEmptyContext();
JwtAuthentication jwtAuthentication = new JwtAuthentication(usernamePasswordAuthenticationToken,
esiaAccessToken.getSbj_id(), token.getValue());
authenticationManager.authenticate(jwtAuthentication);
context.setAuthentication(jwtAuthentication);
SecurityContextHolder.setContext(context);
Cookie authMarkerCookie = securityHelper.createAuthMarkerCookie("true", expiry);
response.addCookie(authMarkerCookie);
if (!hasRole) { if (!hasRole) {
LOGGER.error("The user with id = " + prnOid + " does not have the required role"); LOGGER.error("The user with id = " + prnOid + " does not have the required role");
return new ResponseEntity<>( return new ResponseEntity<>(
@ -247,7 +246,14 @@ public class EsiaAuthService {
return ResponseEntity.ok("Authentication successful"); return ResponseEntity.ok("Authentication successful");
} }
catch (Exception e) { catch (Exception e) {
throw new RuntimeException(e); createTokenAndAddCookie(response, null, null, false, EXPIRES_IN);
String messageId = getMessageId(e);
String messageWithId = String.format("[%s] %s", messageId, e.getMessage());
LOGGER.error(messageWithId, e);
return new ResponseEntity<>(
"Произошла ошибка " + messageId + ". Обратитесь к системному администратору",
HttpStatus.FORBIDDEN
);
} }
} }
@ -309,19 +315,7 @@ public class EsiaAuthService {
TokensStore.addAccessToken(prnOid, accessToken, expiresIn); TokensStore.addAccessToken(prnOid, accessToken, expiresIn);
TokensStore.addRefreshToken(prnOid, newRefreshToken, expiresIn); TokensStore.addRefreshToken(prnOid, newRefreshToken, expiresIn);
String ervuId = getErvuId(accessToken, prnOid); String ervuId = getErvuId(accessToken, prnOid);
Token token = jwtTokenService.createAccessToken(esiaAccessToken.getSbj_id(), expiresIn, ervuId, true); createTokenAndAddCookie(response, esiaAccessToken.getSbj_id(), ervuId, true, expiresIn);
int expiry = tokenResponse.getExpires_in().intValue();
Cookie accessCookie = securityHelper.createAccessCookie(token.getValue(), expiry);
response.addCookie(accessCookie);
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
new UsernamePasswordAuthenticationToken(token.getUserAccountId(), null);
SecurityContext context = SecurityContextHolder.createEmptyContext();
JwtAuthentication authentication = new JwtAuthentication(usernamePasswordAuthenticationToken,
esiaAccessToken.getSbj_id(), token.getValue());
context.setAuthentication(authentication);
SecurityContextHolder.setContext(context);
Cookie authMarkerCookie = securityHelper.createAuthMarkerCookie("true", expiry);
response.addCookie(authMarkerCookie);
} }
catch (Exception e) { catch (Exception e) {
throw new RuntimeException(e); throw new RuntimeException(e);
@ -457,4 +451,28 @@ public class EsiaAuthService {
employee.setOrgOid(employeeModel.getOrgOid()); employee.setOrgOid(employeeModel.getOrgOid());
return employee; return employee;
} }
private String getMessageId(Exception exception) {
return Integer.toUnsignedString(Objects
.hashCode(getCurrentUsername()), 36)
+ "-"
+ Integer.toUnsignedString(exception.hashCode(), 36);
}
private void createTokenAndAddCookie(HttpServletResponse response, String userId, String ervuId,
Boolean hasRole, Long expiresIn) {
Token token = jwtTokenService.createAccessToken(userId, expiresIn, ervuId, hasRole);
Cookie accessCookie = securityHelper.createAccessCookie(token.getValue(), expiresIn.intValue());
response.addCookie(accessCookie);
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
new UsernamePasswordAuthenticationToken(token.getUserAccountId(), null);
SecurityContext context = SecurityContextHolder.createEmptyContext();
JwtAuthentication authentication = new JwtAuthentication(usernamePasswordAuthenticationToken,
userId, token.getValue());
context.setAuthentication(authentication);
authenticationManager.authenticate(authentication);
SecurityContextHolder.setContext(context);
Cookie authMarkerCookie = securityHelper.createAuthMarkerCookie("true", expiresIn.intValue());
response.addCookie(authMarkerCookie);
}
} }

10
backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java
View file

@ -5,6 +5,8 @@ import java.nio.charset.StandardCharsets;
import javax.servlet.http.Cookie; import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.context.request.RequestAttributes; import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.util.WebUtils; import org.springframework.web.util.WebUtils;
@ -42,4 +44,12 @@ public final class SecurityUtil {
Cookie cookie = WebUtils.getCookie(httpRequest, AUTH_TOKEN); Cookie cookie = WebUtils.getCookie(httpRequest, AUTH_TOKEN);
return cookie != null ? cookie.getValue() : null; return cookie != null ? cookie.getValue() : null;
} }
public static String getCurrentUsername() {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null && auth.isAuthenticated()) {
return auth.getName();
}
return null;
}
} }

30
frontend/src/ts/modules/security/guard/auth.guard.ts
View file

@ -34,18 +34,8 @@ export abstract class AuthGuard implements CanActivate {
if (isAccess) { if (isAccess) {
return true; return true;
} }
else if (error) { if (code || error) {
let userErrorMessage = 'Произошла неизвестная ошибка. Обратитесь к системному администратору'; const params = new HttpParams().set('code', code).set('error', error);
let errorCode = this.extractCode(errorDescription);
if (errorCode) {
userErrorMessage = EsiaErrorDetail.getDescription(errorCode);
}
let errorMessage = error + ', error description = ' + errorDescription;
this.messageService.error(userErrorMessage)
throw new Error(errorMessage);
}
else if (code) {
const params = new HttpParams().set('code', code);
this.httpClient.get("esia/auth", this.httpClient.get("esia/auth",
{ {
params: params, responseType: 'text', observe: 'response', headers: { params: params, responseType: 'text', observe: 'response', headers: {
@ -61,8 +51,20 @@ export abstract class AuthGuard implements CanActivate {
let errorMessage = reason.error.messages != null let errorMessage = reason.error.messages != null
? reason.error.messages ? reason.error.messages
: reason.error.replaceAll('\\', ''); : reason.error.replaceAll('\\', '');
this.messageService.error(errorMessage); if (error) {
console.error(reason); errorMessage = 'Произошла неизвестная ошибка. Обратитесь к системному администратору';
let errorCode = this.extractCode(errorDescription);
if (errorCode) {
errorMessage = EsiaErrorDetail.getDescription(errorCode);
}
let consoleError = error + ', error description = ' + errorDescription;
this.messageService.error(errorMessage);
console.error(consoleError);
}
else {
this.messageService.error(errorMessage);
console.error(reason);
}
}); });
return false; return false;
} }