pcalife/PAM.git - dev.pollex.com.tw

			@@ -3,7 +3,10 @@
			import java.util.Arrays;
			import java.util.UUID;

			import com.pollex.pam.web.rest.errors.CustomerNotRegisteredException;
			import javax.servlet.http.HttpServletRequest;
			import javax.servlet.http.HttpSession;

			import com.pollex.pam.business.aop.logging.audit.AuditLoggingInject;
			import org.slf4j.Logger;
			import org.slf4j.LoggerFactory;
			import org.springframework.beans.factory.annotation.Autowired;
			@@ -11,26 +14,31 @@
			import org.springframework.http.HttpStatus;
			import org.springframework.http.ResponseEntity;
			import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
			import org.springframework.util.StringUtils;
			import org.springframework.web.bind.annotation.PathVariable;
			import org.springframework.web.bind.annotation.PostMapping;
			import org.springframework.web.bind.annotation.RequestBody;
			import org.springframework.web.bind.annotation.RequestMapping;
			import org.springframework.web.bind.annotation.RestController;

			import com.pollex.pam.config.ApplicationProperties;
			import com.pollex.pam.domain.Customer;
			import com.pollex.pam.enums.OtpLoginTypeEnum;
			import com.pollex.pam.repository.CustomerRepository;
			import com.pollex.pam.business.domain.Customer;
			import com.pollex.pam.business.enums.OtpLoginTypeEnum;
			import com.pollex.pam.business.repository.CustomerRepository;
			import com.pollex.pam.security.jwt.JWTFilter;
			import com.pollex.pam.security.jwt.TokenProvider;
			import com.pollex.pam.service.CustomerAuthService;
			import com.pollex.pam.service.CustomerService;
			import com.pollex.pam.service.OtpTmpService;
			import com.pollex.pam.business.service.OtpTmpService;
			import com.pollex.pam.service.OtpUtilService;
			import com.pollex.pam.service.OtpWebService;
			import com.pollex.pam.service.dto.CustomerRegisterDTO;
			import com.pollex.pam.service.dto.OtpResponseDTO;
			import com.pollex.pam.web.rest.vm.OtpLoginVM;
			import com.pollex.pam.web.rest.vm.VerifyOtpVM;
			import com.pollex.pam.business.service.dto.CustomerRegisterDTO;
			import com.pollex.pam.business.service.dto.OtpResponseDTO;
			import com.pollex.pam.business.web.errors.OtpLoginFailException;
			import com.pollex.pam.business.web.vm.OtpLoginVM;
			import com.pollex.pam.business.web.vm.VerifyOtpVM;

			import static com.pollex.pam.business.aop.logging.audit.AuditLoggingType.CUSTOMER_LOGIN;

			@RestController
			@RequestMapping("/api/otp")
			@@ -65,8 +73,24 @@
			@Autowired
			CustomerRepository customerRepository;

			@PostMapping("/sendOtp")
			public ResponseEntity<Object> sendOtp(@RequestBody OtpLoginVM login) {
			@PostMapping("/sendOtp/{imgCode}")
			public ResponseEntity<Object> sendOtp(@RequestBody OtpLoginVM login
			, @PathVariable String imgCode, HttpServletRequest request) {

			HttpSession session = request.getSession();
			String sessionImpCode = (String) session.getAttribute("img_code");

			if (!StringUtils.hasText(sessionImpCode)
			\|\| !StringUtils.hasText(imgCode)) {
			throw new OtpLoginFailException("驗證碼輸入錯誤");
			}

			if(!imgCode.equals(sessionImpCode)) {
			throw new OtpLoginFailException("驗證碼輸入錯誤");
			}

			session.setAttribute("img_code", null);

			OtpResponseDTO otpResponse;
			if(applicationProperty.isMockLogin()) {
			otpResponse = getMockSendOtpResponse();
			@@ -79,11 +103,15 @@
			return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("can not support this login type, loginType = " + login.getLoginType().name());
			}
			otpTmpService.createOtpTmp(login.getAccount(), otpResponse.getIndexKey());

			return new ResponseEntity<>(otpResponse, HttpStatus.OK);
			}

			@AuditLoggingInject(type = CUSTOMER_LOGIN)
			@PostMapping("/verify")
			public ResponseEntity<UserJWTController.JWTToken> verifyOtp(@RequestBody VerifyOtpVM verifyOtpParam) {
			public ResponseEntity<UserJWTController.JWTToken> verifyOtp(@RequestBody VerifyOtpVM verifyOtpParam
			) {

			otpUtilService.verifyOtp(verifyOtpParam);

			Customer customer = customerRepository