pcalife/PAM.git - dev.pollex.com.tw

			@@ -4,9 +4,14 @@
			import java.util.UUID;

			import javax.servlet.http.HttpServletRequest;
			import javax.servlet.http.HttpServletResponse;
			import javax.servlet.http.HttpSession;

			import com.pollex.pam.business.aop.logging.audit.AuditLoggingInject;
			import com.pollex.pam.business.domain.Consultant;
			import com.pollex.pam.business.security.token.EServiceAuthenticationToken;
			import com.pollex.pam.business.service.ConsultantService;
			import com.pollex.pam.business.web.vm.EServiceLoginVM;
			import org.slf4j.Logger;
			import org.slf4j.LoggerFactory;
			import org.springframework.beans.factory.annotation.Autowired;
			@@ -14,6 +19,8 @@
			import org.springframework.http.HttpStatus;
			import org.springframework.http.ResponseEntity;
			import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
			import org.springframework.security.core.Authentication;
			import org.springframework.security.core.context.SecurityContextHolder;
			import org.springframework.util.StringUtils;
			import org.springframework.web.bind.annotation.PathVariable;
			import org.springframework.web.bind.annotation.PostMapping;
			@@ -38,6 +45,7 @@
			import com.pollex.pam.business.web.vm.OtpLoginVM;
			import com.pollex.pam.business.web.vm.VerifyOtpVM;

			import static com.pollex.pam.business.aop.logging.audit.AuditLoggingType.CONSULTANT_LOGIN;
			import static com.pollex.pam.business.aop.logging.audit.AuditLoggingType.CUSTOMER_LOGIN;

			@RestController
			@@ -72,6 +80,9 @@

			@Autowired
			CustomerRepository customerRepository;

			@Autowired
			ConsultantService consultantService;

			@PostMapping("/sendOtp/{imgCode}")
			public ResponseEntity<Object> sendOtp(@RequestBody OtpLoginVM login
			@@ -142,5 +153,52 @@
			return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK);
			}

			@PostMapping("/consultant/sendOtp/{login}")
			public ResponseEntity<Object> consultantSendOtp(@PathVariable String login) {
			Consultant consultant = consultantService.findByAgentNo(login);
			OtpResponseDTO otpResponse;
			if(applicationProperty.isMockLogin()) {
			otpResponse = getMockSendOtpResponse();
			}else if(StringUtils.hasText(consultant.getPhoneNumber())) {
			otpResponse = otpWebService.sendByPhone(consultant.getPhoneNumber());
			}else if(StringUtils.hasText(consultant.getEmail())) {
			otpResponse = otpWebService.sendByEmail(consultant.getEmail());
			}else {
			return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("can not find phone and email to send otp, loginType = " + login);
			}
			otpTmpService.createOtpTmp(login, otpResponse.getIndexKey());

			return new ResponseEntity<>(otpResponse, HttpStatus.OK);
			}

			@PostMapping("/consultant/verifyOtp")
			public ResponseEntity<UserJWTController.JWTToken> consultantVerifyOtp(@RequestBody VerifyOtpVM verifyOtpParam
			, HttpServletRequest request) {

			HttpSession session = request.getSession();
			Authentication authentication = (Authentication) session.getAttribute("authentication");
			String authAccount = authentication.getPrincipal().toString();

			if(!authAccount.equals(verifyOtpParam.getAccount())){
			return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
			}

			otpUtilService.verifyOtp(verifyOtpParam);
			Consultant consultant = consultantService.findByAgentNo(verifyOtpParam.getAccount());

			if (consultant == null) {
			return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
			}

			consultantService.updateLoginTime(verifyOtpParam.getAccount());
			SecurityContextHolder.getContext().setAuthentication(authentication);

			String jwt = tokenProvider.createToken(authentication, false);
			HttpHeaders httpHeaders = new HttpHeaders();
			httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt);
			session.setAttribute("authentication", null);
			return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK);

			}

			}