保誠-保戶業務員媒合平台
上個版本: 7253237b | 修補檔 | 提交 | 忽略空白
jack
2022-07-18 aa109c6e83f23a3c81ccc4645ce233492364307d 
[UPDATE] 驗證碼驗證失敗改為回傳401
[BUG] 調整spring security設定
修改3個檔案
18 ■■■■■ 已變更過的檔案
pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java 2 ●●● 修補檔 | 檢視 | 原始 | 究查 | 歷程
pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java 11 ●●●●● 修補檔 | 檢視 | 原始 | 究查 | 歷程
pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java 5 ●●●●● 修補檔 | 檢視 | 原始 | 究查 | 歷程 
 pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java


@@ -85,7 +85,7 @@


            .antMatchers("/api/test/sendMsg/**").permitAll()


            .antMatchers("/api/otp/**").permitAll()


            .antMatchers("/api/login/validate/**").permitAll()


            .antMatchers("/api/eService/authenticate").permitAll()


            .antMatchers("/api/eService/authenticate/**").permitAll()


            .antMatchers("/api/account/reset-password/init").permitAll()


            .antMatchers("/api/account/reset-password/finish").permitAll()


            .antMatchers("/api/consultant/recommend").permitAll()




 pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java


@@ -4,7 +4,11 @@


import com.pollex.pam.business.service.ConsultantService;


import com.pollex.pam.security.jwt.JWTFilter;


import com.pollex.pam.security.jwt.TokenProvider;




import io.undertow.util.BadRequestException;




import com.pollex.pam.business.security.token.EServiceAuthenticationToken;


import com.pollex.pam.business.web.errors.OtpLoginFailException;


import com.pollex.pam.business.web.vm.EServiceLoginVM;




import org.slf4j.Logger;


@@ -50,18 +54,17 @@


    public ResponseEntity<UserJWTController.JWTToken> authorize(


            @RequestBody EServiceLoginVM eServiceLoginVM


            , HttpServletResponse response, HttpServletRequest request,


            @PathVariable String imgCode) {


        log.debug("imgCode:::::::"+imgCode);


            @PathVariable String imgCode) throws BadRequestException {


        HttpSession session = request.getSession();


        String sessionImpCode = (String) session.getAttribute("img_code");


        


        if (!StringUtils.hasText(sessionImpCode)


                || !StringUtils.hasText(imgCode)) {


            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();


            throw new OtpLoginFailException("驗證碼輸入錯誤");


        }


        


        if(!imgCode.equals(sessionImpCode)) {


            return ResponseEntity.status(HttpStatus.BAD_REQUEST).build();


            throw new OtpLoginFailException("驗證碼輸入錯誤");


        }


        


        




 pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java


@@ -34,6 +34,7 @@


import com.pollex.pam.service.OtpWebService;


import com.pollex.pam.business.service.dto.CustomerRegisterDTO;


import com.pollex.pam.business.service.dto.OtpResponseDTO;


import com.pollex.pam.business.web.errors.OtpLoginFailException;


import com.pollex.pam.business.web.vm.OtpLoginVM;


import com.pollex.pam.business.web.vm.VerifyOtpVM;




@@ -98,11 +99,11 @@


        


        if (!StringUtils.hasText(sessionImpCode)


                || !StringUtils.hasText(imgCode)) {


            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();


            throw new OtpLoginFailException("驗證碼輸入錯誤");


        }


        


        if(!imgCode.equals(sessionImpCode)) {


            return ResponseEntity.status(HttpStatus.BAD_REQUEST).build();


            throw new OtpLoginFailException("驗證碼輸入錯誤");


        }


        


        otpUtilService.verifyOtp(verifyOtpParam);