pcalife/PAM.git - dev.pollex.com.tw

			@@ -73,8 +73,24 @@
			@Autowired
			CustomerRepository customerRepository;

			@PostMapping("/sendOtp")
			public ResponseEntity<Object> sendOtp(@RequestBody OtpLoginVM login) {
			@PostMapping("/sendOtp/{imgCode}")
			public ResponseEntity<Object> sendOtp(@RequestBody OtpLoginVM login
			, @PathVariable String imgCode, HttpServletRequest request) {

			HttpSession session = request.getSession();
			String sessionImpCode = (String) session.getAttribute("img_code");

			if (!StringUtils.hasText(sessionImpCode)
			\|\| !StringUtils.hasText(imgCode)) {
			throw new OtpLoginFailException("驗證碼輸入錯誤");
			}

			if(!imgCode.equals(sessionImpCode)) {
			throw new OtpLoginFailException("驗證碼輸入錯誤");
			}

			session.setAttribute("img_code", null);

			OtpResponseDTO otpResponse;
			if(applicationProperty.isMockLogin()) {
			otpResponse = getMockSendOtpResponse();
			@@ -87,24 +103,14 @@
			return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("can not support this login type, loginType = " + login.getLoginType().name());
			}
			otpTmpService.createOtpTmp(login.getAccount(), otpResponse.getIndexKey());

			return new ResponseEntity<>(otpResponse, HttpStatus.OK);
			}

			@AuditLoggingInject(type = CUSTOMER_LOGIN)
			@PostMapping("/verify/{imgCode}")
			@PostMapping("/verify")
			public ResponseEntity<UserJWTController.JWTToken> verifyOtp(@RequestBody VerifyOtpVM verifyOtpParam
			, @PathVariable String imgCode, HttpServletRequest request) {
			HttpSession session = request.getSession();
			String sessionImpCode = (String) session.getAttribute("img_code");

			if (!StringUtils.hasText(sessionImpCode)
			\|\| !StringUtils.hasText(imgCode)) {
			throw new OtpLoginFailException("驗證碼輸入錯誤");
			}

			if(!imgCode.equals(sessionImpCode)) {
			throw new OtpLoginFailException("驗證碼輸入錯誤");
			}
			) {

			otpUtilService.verifyOtp(verifyOtpParam);