Merge branch '滲透' of https://dev.pollex.com.tw:8443/r/pcalife/PAM into 滲透

Tomas

2023-09-01 23f937de7378d94c74e81e6f0ef1d6a1e0f1fa0e

 pamapi/src/main/java/com/pollex/pam/service/OtpUtilService.java

@@ -1,16 +1,17 @@
package com.pollex.pam.service;

import com.pollex.pam.domain.OtpTmp;
import com.pollex.pam.enums.OtpTmpStatusEnum;
import com.pollex.pam.web.rest.vm.VerifyOtpVM;
import com.pollex.pam.business.domain.OtpTmp;
import com.pollex.pam.business.enums.OtpTmpStatusEnum;
import com.pollex.pam.business.service.OtpTmpService;
import com.pollex.pam.business.web.errors.OtpLoginFailException;
import com.pollex.pam.business.web.vm.VerifyOtpVM;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.stereotype.Service;

import com.pollex.pam.config.ApplicationProperties;
import com.pollex.pam.service.dto.OtpResponseDTO;
import com.pollex.pam.business.service.dto.OtpResponseDTO;
import org.springframework.transaction.annotation.Transactional;

@Service
@@ -27,9 +28,6 @@
    @Autowired
    OtpTmpService otpTmpService;

    @Autowired
    LoginRecordService loginRecordService;

    @Transactional
    public void verifyOtp(VerifyOtpVM verifyOtpParam) {
        verifyOtp(verifyOtpParam.getAccount(), verifyOtpParam.getIndexKey(), verifyOtpParam.getOtpCode());
@@ -37,31 +35,36 @@

    @Transactional
    public void verifyOtp(String account, String indexKey, String otpCode) {
       try {
            if(applicationProperty.isMockLogin()){
                loginRecordService.saveOTPLoginSuccessRecord(account);
                log.debug("Do MockLogin");
            } else {  // otp logon
                OtpResponseDTO otpResponseDTO = otpWebService.verifyOTP(indexKey, otpCode);
                if (otpResponseDTO.isSuccess()) {
                    loginRecordService.saveOTPLoginSuccessRecord(account);
                }
                else {
                    loginRecordService.saveOTPLoginFailRecord(account, otpResponseDTO.getFailReason());
                    throw new AuthenticationCredentialsNotFoundException("");
                }
        
       OtpTmp otpTmp = otpTmpService.findByAccountAndIndexKey(account, indexKey);
       if(otpTmp==null) {
          log.info("otp login fail... , account = {}, indexKey = {}, failReason = {}", account, indexKey, "Index key and account field mismatch");
            throw new OtpLoginFailException("otp error");
       }
    	
       if (applicationProperty.isMockLogin()) {
            log.debug("Do MockLogin");
        } else {  // otp logon
        	
           OtpResponseDTO otpResponseDTO = otpWebService.verifyOTP(indexKey, otpCode);
            if (otpResponseDTO.isSuccess()) {
                log.info("otp login success!, account = {}", account);
            }
            setVerrifiedOtpTmp(account, indexKey);
       } catch (Exception e) {
            log.error("Exception: ", e);
            throw new AuthenticationCredentialsNotFoundException("");
            else {
                log.info("otp login fail... , account = {}, error code = {}, failReason = {}", account, otpResponseDTO.getFailCode(), otpResponseDTO.getFailReason());
                throw new OtpLoginFailException(otpResponseDTO.getFailCode());
            }
        }
        setVerrifiedOtpTmp(account, indexKey);
    }

    private void setVerrifiedOtpTmp(String account, String indexKey) {
        OtpTmp otpTmp = otpTmpService.findByAccountAndIndexKey(account, indexKey);
        otpTmp.setStatus(OtpTmpStatusEnum.VERRIFIED);
        otpTmpService.save(otpTmp);
        if(otpTmp!=null) {
           otpTmp.setStatus(OtpTmpStatusEnum.VERRIFIED);
            otpTmpService.save(otpTmp);
        }
        
    }