micord/ervu-lkrp-ul
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SUPPORT-9164: Fix

Browse source
This commit is contained in:
Eduard Tihomirov 2025-05-13 12:37:09 +03:00
parent 0004f45403
commit c3752803df
5 changed files with 25 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

3
backend/src/main/java/ru/micord/ervu/security/SecurityConstants.java
View file

@ -2,4 +2,7 @@ package ru.micord.ervu.security;
public class SecurityConstants {
public static final String ESIA_LOGOUT = "/esia/logout";
public static final String AUTH_TOKEN = "auth_token";
public static final String AUTH_MARKER = "webbpm.ervu-lkrp-ul";
public static final String PRNS_UUID = "prns_uuid_ul";
}

11
backend/src/main/java/ru/micord/ervu/security/esia/EsiaAuthInfoStore.java
View file

@ -9,6 +9,7 @@ import java.util.concurrent.CopyOnWriteArrayList;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.support.MessageSourceAccessor;
import ru.micord.ervu.security.esia.exception.EsiaException;
import ru.micord.ervu.security.esia.model.ExpiringState;
import ru.micord.ervu.security.esia.model.ExpiringToken;
@ -105,10 +106,10 @@ public class EsiaAuthInfoStore {
});
}
public static String getNotContainsStateErrorMessage(String prnsUUID, String state) {
public static void validateState(String prnsUUID, String state) {
List<ExpiringState> states = PRNS_UUID_STATE_MAP.get(prnsUUID);
if (states == null) {
return "State invalid. No state found for prnsUUID: " + prnsUUID;
throw new EsiaException("State invalid. No state found");
}
long currentTime = System.currentTimeMillis();
@ -116,13 +117,13 @@ public class EsiaAuthInfoStore {
for (ExpiringState expiringState : states) {
if (expiringState.getState().equals(state)) {
if (expiringState.getExpiryTime() < currentTime) {
return "State invalid. State : " + state + " expired at : " + expiringState.getExpiryTime();
throw new EsiaException("State invalid. State : " + state + " expired at : " + expiringState.getExpiryTime());
}
return null;
return;
}
statesStringBuilder.append(expiringState.getState(), 0, 8).append(", ");
}
return "State invalid. Backend states :" + statesStringBuilder + " cookie state :" + state;
throw new EsiaException("State invalid. Backend states :" + statesStringBuilder + " cookie state :" + state);
}
public static void removeState(String prnsUUID) {

23
backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
View file

@ -65,6 +65,8 @@ import ru.micord.ervu.security.webbpm.jwt.model.Token;
import ru.cg.webbpm.modules.core.runtime.api.LocalizedException;
import ru.cg.webbpm.modules.core.runtime.api.MessageBundleUtils;
import static ru.micord.ervu.security.SecurityConstants.PRNS_UUID;
/**
* @author Eduard Tihomirov
*/
@ -73,7 +75,6 @@ public class EsiaAuthService {
private static final Logger LOGGER = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
private static final MessageSourceAccessor MESSAGE_SOURCE = MessageBundleUtils.createAccessor(
"messages/common_errors_messages");
private static final String PRNS_UUID = "prns_uuid";
@Autowired
private ObjectMapper objectMapper;
@Autowired
@ -184,10 +185,7 @@ public class EsiaAuthService {
Long expiresIn = null;
boolean hasRole = false;
long timeSignSecret = 0, timeRequestAccessToken = 0, timeVerifySecret = 0;
String verifyStateResult = verifyStateFromCookie(request, state, response);
if (verifyStateResult != null) {
throw new EsiaException(verifyStateResult);
}
verifyStateFromCookie(request, state, response);
try {
String clientId = esiaConfig.getClientId();
DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy.MM.dd HH:mm:ss xx");
@ -601,15 +599,18 @@ public class EsiaAuthService {
}
}
private String verifyStateFromCookie(HttpServletRequest request, String state, HttpServletResponse response) {
private void verifyStateFromCookie(HttpServletRequest request, String state, HttpServletResponse response) {
Cookie cookie = WebUtils.getCookie(request, PRNS_UUID);
if (cookie == null) {
return "State invalid. Cookie not found";
throw new RuntimeException("State invalid. Cookie not found");
}
String prnsUUID = cookie.getValue();
String errorMessage = EsiaAuthInfoStore.getNotContainsStateErrorMessage(prnsUUID, state);
EsiaAuthInfoStore.removeState(prnsUUID);
securityHelper.clearAccessCookie(response, PRNS_UUID);
return errorMessage;
try {
EsiaAuthInfoStore.validateState(prnsUUID, state);
}
finally {
EsiaAuthInfoStore.removeState(prnsUUID);
securityHelper.clearAccessCookie(response, PRNS_UUID);
}
}
}

6
backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/helper/SecurityHelper.java
View file

@ -14,8 +14,9 @@ import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import static org.springframework.web.context.request.RequestAttributes.REFERENCE_REQUEST;
import static ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil.AUTH_MARKER;
import static ru.micord.ervu.security.webbpm.jwt.util.SecurityUtil.AUTH_TOKEN;
import static ru.micord.ervu.security.SecurityConstants.AUTH_MARKER;
import static ru.micord.ervu.security.SecurityConstants.AUTH_TOKEN;
import static ru.micord.ervu.security.SecurityConstants.PRNS_UUID;
public final class SecurityHelper {
@Value("${cookie.path:#{null}}")
@ -26,7 +27,6 @@ public final class SecurityHelper {
private boolean accessCookieSecure;
@Value("${cookie.same.site:Lax}")
private String accessCookieSameSite;
private static final String PRNS_UUID = "prns_uuid";
@PostConstruct
private void init() {

4
backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/util/SecurityUtil.java
View file

@ -11,10 +11,8 @@ import ru.micord.ervu.security.webbpm.jwt.JwtAuthentication;
import ru.micord.ervu.security.webbpm.jwt.UserIdsPair;
import static ru.micord.ervu.security.SecurityConstants.AUTH_TOKEN;
public final class SecurityUtil {
public static final String AUTH_TOKEN = "auth_token";
public static final String AUTH_MARKER = "webbpm.ervu-lkrp-ul";
private SecurityUtil() {
//empty