pcalife/PAM.git - dev.pollex.com.tw

			@@ -1,11 +1,13 @@
			package com.pollex.pam.web.rest;

			import com.pollex.pam.business.aop.logging.audit.AuditLoggingInject;
			import com.pollex.pam.business.service.ConsultantService;
			import com.pollex.pam.security.jwt.JWTFilter;
			import com.pollex.pam.security.jwt.TokenProvider;
			import com.pollex.pam.business.security.token.EServiceAuthenticationToken;
			import com.pollex.pam.business.web.vm.EServiceLoginVM;
			import static com.pollex.pam.business.aop.logging.audit.AuditLoggingType.CONSULTANT_LOGIN;

			import javax.servlet.http.HttpServletRequest;
			import javax.servlet.http.HttpServletResponse;
			import javax.servlet.http.HttpSession;

			import org.slf4j.Logger;
			import org.slf4j.LoggerFactory;
			import org.springframework.beans.factory.annotation.Autowired;
			import org.springframework.http.HttpHeaders;
			import org.springframework.http.HttpStatus;
			@@ -13,16 +15,28 @@
			import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
			import org.springframework.security.core.Authentication;
			import org.springframework.security.core.context.SecurityContextHolder;
			import org.springframework.util.StringUtils;
			import org.springframework.web.bind.annotation.PathVariable;
			import org.springframework.web.bind.annotation.PostMapping;
			import org.springframework.web.bind.annotation.RequestBody;
			import org.springframework.web.bind.annotation.RequestMapping;
			import org.springframework.web.bind.annotation.RestController;

			import static com.pollex.pam.business.aop.logging.audit.AuditLoggingType.CONSULTANT_LOGIN;
			import com.pollex.pam.business.aop.logging.audit.AuditLoggingInject;
			import com.pollex.pam.business.security.token.EServiceAuthenticationToken;
			import com.pollex.pam.business.service.ConsultantService;
			import com.pollex.pam.business.service.util.AesUtil;
			import com.pollex.pam.business.web.errors.OtpLoginFailException;
			import com.pollex.pam.business.web.vm.EServiceLoginVM;
			import com.pollex.pam.security.jwt.JWTFilter;
			import com.pollex.pam.security.jwt.TokenProvider;

			@RestController
			@RequestMapping("/api/eService")
			public class EServiceResource {

			private final static Logger log = LoggerFactory.getLogger(EServiceResource.class);


			@Autowired
			AuthenticationManagerBuilder authenticationManagerBuilder;
			@@ -34,11 +48,33 @@
			ConsultantService consultantService;

			@AuditLoggingInject(type = CONSULTANT_LOGIN)
			@PostMapping("/authenticate")
			public ResponseEntity<UserJWTController.JWTToken> authorize(@RequestBody EServiceLoginVM eServiceLoginVM) {
			EServiceAuthenticationToken authenticationToken = new EServiceAuthenticationToken(
			@PostMapping("/authenticate/{imgCode}")
			public ResponseEntity<UserJWTController.JWTToken> authorize(
			@RequestBody EServiceLoginVM eServiceLoginVM
			, HttpServletResponse response, HttpServletRequest request,
			@PathVariable String imgCode){

			String paswword = AesUtil.aesDecode(eServiceLoginVM.getPassword());
			if(!StringUtils.hasText(paswword)) {
			throw new OtpLoginFailException("密碼解密失敗");
			}

			HttpSession session = request.getSession();
			String sessionImpCode = (String) session.getAttribute("img_code");

			if (!StringUtils.hasText(sessionImpCode)
			\|\| !StringUtils.hasText(imgCode)) {
			throw new OtpLoginFailException("驗證碼輸入錯誤");
			}

			if(!imgCode.equals(sessionImpCode)) {
			throw new OtpLoginFailException("驗證碼輸入錯誤");
			}

			session.setAttribute("img_code", null);
			EServiceAuthenticationToken authenticationToken = new EServiceAuthenticationToken(
			eServiceLoginVM.getUsername(),
			eServiceLoginVM.getPassword()
			paswword
			);

			Authentication authentication = authenticationManagerBuilder.getObject().authenticate(authenticationToken);