[UPDATE] 新增顧問登入OTP流程和文件

jack

2024-12-25 db15612798841319bafcb3ed4e77c7c013b9446f

 pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java

@@ -4,9 +4,14 @@
import java.util.UUID;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.pollex.pam.business.aop.logging.audit.AuditLoggingInject;
import com.pollex.pam.business.domain.Consultant;
import com.pollex.pam.business.security.token.EServiceAuthenticationToken;
import com.pollex.pam.business.service.ConsultantService;
import com.pollex.pam.business.web.vm.EServiceLoginVM;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -14,6 +19,8 @@
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
@@ -38,6 +45,7 @@
import com.pollex.pam.business.web.vm.OtpLoginVM;
import com.pollex.pam.business.web.vm.VerifyOtpVM;

import static com.pollex.pam.business.aop.logging.audit.AuditLoggingType.CONSULTANT_LOGIN;
import static com.pollex.pam.business.aop.logging.audit.AuditLoggingType.CUSTOMER_LOGIN;

@RestController
@@ -73,8 +81,27 @@
    @Autowired
    CustomerRepository customerRepository;

    @PostMapping("/sendOtp")
    public ResponseEntity<Object> sendOtp(@RequestBody OtpLoginVM login) {
    @Autowired
    ConsultantService consultantService;

    @PostMapping("/sendOtp/{imgCode}")
    public ResponseEntity<Object> sendOtp(@RequestBody OtpLoginVM login
          , @PathVariable String imgCode, HttpServletRequest request) {

       HttpSession session = request.getSession();
       String sessionImpCode = (String) session.getAttribute("img_code");

       if (!StringUtils.hasText(sessionImpCode)
            || !StringUtils.hasText(imgCode)) {
          throw new OtpLoginFailException("驗證碼輸入錯誤");
      }

       if(!imgCode.equals(sessionImpCode)) {
          throw new OtpLoginFailException("驗證碼輸入錯誤");
       }

       session.setAttribute("img_code", null);

       OtpResponseDTO otpResponse;
        if(applicationProperty.isMockLogin()) {
            otpResponse = getMockSendOtpResponse();
@@ -87,25 +114,15 @@
            return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("can not support this login type, loginType = " + login.getLoginType().name());
        }
        otpTmpService.createOtpTmp(login.getAccount(), otpResponse.getIndexKey());

        return new ResponseEntity<>(otpResponse, HttpStatus.OK);
    }

    @AuditLoggingInject(type = CUSTOMER_LOGIN)
    @PostMapping("/verify/{imgCode}")
    @PostMapping("/verify")
    public ResponseEntity<UserJWTController.JWTToken> verifyOtp(@RequestBody VerifyOtpVM verifyOtpParam
          , @PathVariable String imgCode, HttpServletRequest request) {
       HttpSession session = request.getSession();
       String sessionImpCode = (String) session.getAttribute("img_code");
    	
       if (!StringUtils.hasText(sessionImpCode)
            || !StringUtils.hasText(imgCode)) {
          throw new OtpLoginFailException("驗證碼輸入錯誤");
      }
    	
       if(!imgCode.equals(sessionImpCode)) {
          throw new OtpLoginFailException("驗證碼輸入錯誤");
       }
    	
          ) {

       otpUtilService.verifyOtp(verifyOtpParam);

       Customer customer = customerRepository
@@ -136,5 +153,52 @@
        return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK);
    }

    @PostMapping("/consultant/sendOtp/{login}")
    public ResponseEntity<Object> consultantSendOtp(@PathVariable String login) {
        Consultant consultant = consultantService.findByAgentNo(login);
        OtpResponseDTO otpResponse;
        if(applicationProperty.isMockLogin()) {
            otpResponse = getMockSendOtpResponse();
        }else if(StringUtils.hasText(consultant.getPhoneNumber())) {
            otpResponse = otpWebService.sendByPhone(consultant.getPhoneNumber());
        }else if(StringUtils.hasText(consultant.getEmail())) {
            otpResponse = otpWebService.sendByEmail(consultant.getEmail());
        }else {
            return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("can not find phone and email to send otp, loginType = " + login);
        }
        otpTmpService.createOtpTmp(login, otpResponse.getIndexKey());

        return new ResponseEntity<>(otpResponse, HttpStatus.OK);
    }

    @PostMapping("/consultant/verifyOtp")
    public ResponseEntity<UserJWTController.JWTToken> consultantVerifyOtp(@RequestBody VerifyOtpVM verifyOtpParam
     , HttpServletRequest request) {

        HttpSession session = request.getSession();
        Authentication authentication = (Authentication) session.getAttribute("authentication");
        String authAccount = authentication.getPrincipal().toString();

        if(!authAccount.equals(verifyOtpParam.getAccount())){
            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
        }

        otpUtilService.verifyOtp(verifyOtpParam);
        Consultant consultant = consultantService.findByAgentNo(verifyOtpParam.getAccount());

        if (consultant == null) {
            return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
        }

        consultantService.updateLoginTime(verifyOtpParam.getAccount());
        SecurityContextHolder.getContext().setAuthentication(authentication);

        String jwt = tokenProvider.createToken(authentication, false);
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt);
        session.setAttribute("authentication", null);
        return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK);

    }

}