[UPDATE] 解決弱點掃描Use of hard-coded cryptographic key問題, 須把key參數移動到設定檔

jack

2023-09-05 b50be4ce1a51d66a54eb3edb144f72c735171e65

[UPDATE] 解決弱點掃描Use of hard-coded cryptographic key問題, 須把key參數移動到設定檔

 pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java

@@ -47,6 +47,9 @@
    @Autowired
    ConsultantService consultantService;

    @Autowired
    AesUtil aesUtil;

    @AuditLoggingInject(type = CONSULTANT_LOGIN)
    @PostMapping("/authenticate/{imgCode}")
    public ResponseEntity<UserJWTController.JWTToken> authorize(
@@ -55,7 +58,7 @@
            @PathVariable String imgCode) throws Exception{
        
        
        String paswword = AesUtil.aesDecode(eServiceLoginVM.getPassword());
        String paswword = aesUtil.aesDecode(eServiceLoginVM.getPassword());
        if(!StringUtils.hasText(paswword)) {
            throw new OtpLoginFailException("密碼解密失敗");
        }