| | |
|---|
| | | package com.pollex.pam.web.rest; |
|---|
| | | |
|---|
| | | import com.pollex.pam.config.ApplicationProperties; |
|---|
| | | import com.pollex.pam.enums.OtpLoginTypeEnum; |
|---|
| | | import com.pollex.pam.security.jwt.JWTFilter; |
|---|
| | | import com.pollex.pam.security.jwt.TokenProvider; |
|---|
| | | import com.pollex.pam.security.token.OtpAuthenticationToken; |
|---|
| | | import com.pollex.pam.service.OtpWebService; |
|---|
| | | import com.pollex.pam.service.dto.OtpResponseDTO; |
|---|
| | | import com.pollex.pam.web.rest.vm.*; |
|---|
| | | import java.util.Arrays; |
|---|
| | | import java.util.UUID; |
|---|
| | | |
|---|
| | | import org.slf4j.Logger; |
|---|
| | | import org.slf4j.LoggerFactory; |
|---|
| | | import org.springframework.beans.factory.annotation.Autowired; |
|---|
| | |
|---|
| | | import org.springframework.http.HttpStatus; |
|---|
| | | import org.springframework.http.ResponseEntity; |
|---|
| | | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; |
|---|
| | | import org.springframework.security.core.Authentication; |
|---|
| | | import org.springframework.security.core.context.SecurityContextHolder; |
|---|
| | | import org.springframework.web.bind.annotation.*; |
|---|
| | | import org.springframework.web.bind.annotation.PostMapping; |
|---|
| | | import org.springframework.web.bind.annotation.RequestBody; |
|---|
| | | import org.springframework.web.bind.annotation.RequestMapping; |
|---|
| | | import org.springframework.web.bind.annotation.RestController; |
|---|
| | | |
|---|
| | | import javax.xml.rpc.ServiceException; |
|---|
| | | import java.rmi.RemoteException; |
|---|
| | | import java.util.UUID; |
|---|
| | | import com.pollex.pam.config.ApplicationProperties; |
|---|
| | | import com.pollex.pam.domain.Customer; |
|---|
| | | import com.pollex.pam.enums.OtpLoginTypeEnum; |
|---|
| | | import com.pollex.pam.repository.CustomerRepository; |
|---|
| | | import com.pollex.pam.security.jwt.JWTFilter; |
|---|
| | | import com.pollex.pam.security.jwt.TokenProvider; |
|---|
| | | import com.pollex.pam.service.CustomerAuthService; |
|---|
| | | import com.pollex.pam.service.CustomerService; |
|---|
| | | import com.pollex.pam.service.OtpTmpService; |
|---|
| | | import com.pollex.pam.service.OtpUtilService; |
|---|
| | | import com.pollex.pam.service.OtpWebService; |
|---|
| | | import com.pollex.pam.service.dto.CustomerRegisterDTO; |
|---|
| | | import com.pollex.pam.service.dto.OtpResponseDTO; |
|---|
| | | import com.pollex.pam.web.rest.vm.OtpLoginVM; |
|---|
| | | import com.pollex.pam.web.rest.vm.VerifyOtpVM; |
|---|
| | | |
|---|
| | | @RestController |
|---|
| | | @RequestMapping("/api/otp") |
|---|
| | |
|---|
| | | @Autowired |
|---|
| | | TokenProvider tokenProvider; |
|---|
| | | |
|---|
| | | @Autowired |
|---|
| | | CustomerAuthService customerAuthService; |
|---|
| | | |
|---|
| | | @Autowired |
|---|
| | | OtpTmpService otpTmpService; |
|---|
| | | |
|---|
| | | @Autowired |
|---|
| | | CustomerService customerService; |
|---|
| | | |
|---|
| | | @Autowired |
|---|
| | | OtpUtilService otpUtilService; |
|---|
| | | |
|---|
| | | @Autowired |
|---|
| | | CustomerRepository customerRepository; |
|---|
| | | |
|---|
| | | @PostMapping("/sendOtp") |
|---|
| | | public ResponseEntity<Object> sendOtp(@RequestBody OtpLoginVM login) { |
|---|
| | | try { |
|---|
| | | if(applicationProperty.isMockLogin()) { |
|---|
| | | return new ResponseEntity<>(getMockSendOtpResponse(), HttpStatus.OK); |
|---|
| | | } |
|---|
| | | |
|---|
| | | if(login.getLoginType() == OtpLoginTypeEnum.SMS) { |
|---|
| | | return new ResponseEntity<>(otpWebService.sendByPhone(login.getAccount()), HttpStatus.OK); |
|---|
| | | } |
|---|
| | | else if(login.getLoginType() == OtpLoginTypeEnum.EMAIL) { |
|---|
| | | return new ResponseEntity<>(otpWebService.sendByEmail(login.getAccount()), HttpStatus.OK); |
|---|
| | | } |
|---|
| | | |
|---|
| | | return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("can not support this login type, loginType = " + login.getLoginType().name()); |
|---|
| | | } catch (ServiceException | RemoteException e) { |
|---|
| | | return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("connecting otp web service error"); |
|---|
| | | OtpResponseDTO otpResponse; |
|---|
| | | if(applicationProperty.isMockLogin()) { |
|---|
| | | otpResponse = getMockSendOtpResponse(); |
|---|
| | | }else if(login.getLoginType() == OtpLoginTypeEnum.SMS) { |
|---|
| | | otpResponse = otpWebService.sendByPhone(login.getAccount()); |
|---|
| | | } |
|---|
| | | else if(login.getLoginType() == OtpLoginTypeEnum.EMAIL) { |
|---|
| | | otpResponse = otpWebService.sendByEmail(login.getAccount()); |
|---|
| | | }else { |
|---|
| | | return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("can not support this login type, loginType = " + login.getLoginType().name()); |
|---|
| | | } |
|---|
| | | otpTmpService.createOtpTmp(login.getAccount(), otpResponse.getIndexKey()); |
|---|
| | | return new ResponseEntity<>(otpResponse, HttpStatus.OK); |
|---|
| | | } |
|---|
| | | |
|---|
| | | @PostMapping("/verify") |
|---|
| | | public ResponseEntity<UserJWTController.JWTToken> verifyOtp(@RequestBody VerifyOtpVM verifyOtpParam) { |
|---|
| | | OtpAccount otpAccount = new OtpAccount(verifyOtpParam.getAccount(), verifyOtpParam.getIndexKey()); |
|---|
| | | OtpAuthenticationToken authenticationToken = new OtpAuthenticationToken( |
|---|
| | | otpAccount, |
|---|
| | | verifyOtpParam.getOtpCode() |
|---|
| | | ); |
|---|
| | | otpUtilService.verifyOtp(verifyOtpParam); |
|---|
| | | |
|---|
| | | Authentication authentication = authenticationManagerBuilder.getObject().authenticate(authenticationToken); |
|---|
| | | SecurityContextHolder.getContext().setAuthentication(authenticationToken); |
|---|
| | | String jwt = tokenProvider.createToken(authentication, false); |
|---|
| | | Customer customer = customerRepository |
|---|
| | | .findOneByEmailEqualsOrPhoneEquals(verifyOtpParam.getAccount()) |
|---|
| | | .orElse(null); |
|---|
| | | |
|---|
| | | if (customer == null) { |
|---|
| | | return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build(); |
|---|
| | | } |
|---|
| | | |
|---|
| | | String jwt = customerAuthService.authorize(customer, verifyOtpParam.getIndexKey(), verifyOtpParam.getOtpCode()); |
|---|
| | | HttpHeaders httpHeaders = new HttpHeaders(); |
|---|
| | | httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt); |
|---|
| | | return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK); |
|---|
| | |
|---|
| | | |
|---|
| | | private OtpResponseDTO getMockSendOtpResponse() { |
|---|
| | | String indexKey = UUID.randomUUID().toString().substring(0, 8); |
|---|
| | | return new OtpResponseDTO(new String[]{indexKey, "0", "", ""}); |
|---|
| | | return new OtpResponseDTO(Arrays.asList(indexKey, "0", "", "")); |
|---|
| | | } |
|---|
| | | |
|---|
| | | @PostMapping("/register") |
|---|
| | | public ResponseEntity<UserJWTController.JWTToken> registerAccount(@RequestBody CustomerRegisterDTO registDTO) { |
|---|
| | | Customer account = customerService.registerCustomer(registDTO); |
|---|
| | | String jwt = customerAuthService.authorize(account, registDTO.getIndexKey(), registDTO.getOtpCode()); |
|---|
| | | HttpHeaders httpHeaders = new HttpHeaders(); |
|---|
| | | httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt); |
|---|
| | | return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK); |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | } |
|---|
