| pamapi/src/doc/登入API/客戶認證OTP並登入.txt | ●●●●● 修補檔 | 檢視 | 原始 | 究查 | 歷程 | |
| pamapi/src/main/java/com/pollex/pam/security/provider/OtpAuthenticationProvider.java | ●●●●● 修補檔 | 檢視 | 原始 | 究查 | 歷程 | |
| pamapi/src/main/java/com/pollex/pam/service/OtpUtilService.java | ●●●●● 修補檔 | 檢視 | 原始 | 究查 | 歷程 | |
| pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java | ●●●●● 修補檔 | 檢視 | 原始 | 究查 | 歷程 | |
| pamapi/src/main/java/com/pollex/pam/web/rest/errors/CustomerNotRegisteredException.java | ●●●●● 修補檔 | 檢視 | 原始 | 究查 | 歷程 | |
| pamapi/src/main/java/com/pollex/pam/web/rest/errors/OtpLoginFailException.java | ●●●●● 修補檔 | 檢視 | 原始 | 究查 | 歷程 |
pamapi/src/doc/µn¤JAPI/«È¤á»{ÃÒOTP¨Ãµn¤J.txt
@@ -8,10 +8,13 @@ "otpCode": "123" // ç±ææ©æä¿¡ç®±æ¶å°çèªè碼 } ç®ådevä¸å®¢æ¶å¸³èå¯ç¨èªå·±Teamsçemailä¿¡ç®±åç»å ¥ (åååå¾ç«¯å·¥ç¨å¸«åQA帳èå·²ç¶é好)ã èindexKeyåotpCodeå¨devæ¯ä¸æåä»»ä½é©èï¼å¯ä»¥ç´æ¥ç»å ¥ response body: response body: è¥Otpèªèééã該帳è已註åæ¤ç³»çµ± { "id_token": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ3YXluZUBwb2xsZXguY29tLnR3IiwiYXV0aCI6IlJPTEVfVVNFUiIsImRldGFpbHMiOnsiQ3VzdG9tZXJBY2NvdW50Ijoid2F5bmVAcG9sbGV4LmNvbS50dyIsIkN1c3RvbWVySWQiOiI2IiwiQ3VzdG9tZXJOYW1lIjoiV2F5bmUifSwiZXhwIjoxNjM3NjQ5NzUzfQ.6xqkWG7kQPUHOys8vPdx6ebgH1wgZ4gysFEa1t1jCnKB44VsFZ8PjtUlN2mvroBdGtPwpOynoTHU7HvAQ3_mnQ" } è¥Otpèªèé¯èª¤æå 401ï¼detailææ該次Otp系統åçé¯èª¤è¨æ¯ è¥Otpèªèééï¼ä½è©²accountå°æªè¨»ååå 403 è¥æå ¶ä»ç³»çµ±é¯èª¤çµ±ä¸å500 pamapi/src/main/java/com/pollex/pam/security/provider/OtpAuthenticationProvider.java
@@ -1,16 +1,14 @@ package com.pollex.pam.security.provider; import com.pollex.pam.web.rest.errors.CustomerNotRegisteredException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.stereotype.Component; import com.pollex.pam.domain.Customer; import com.pollex.pam.domain.OtpTmp; import com.pollex.pam.enums.OtpTmpStatusEnum; import com.pollex.pam.repository.CustomerRepository; import com.pollex.pam.security.token.OtpAuthenticationToken; import com.pollex.pam.service.CustomerAuthService; @@ -46,7 +44,7 @@ .orElse(null); if (customer == null) { throw new AuthenticationCredentialsNotFoundException(""); throw new CustomerNotRegisteredException(); } return customerAuthService.buildCustomerAuthToken(customer, otpCode, indexKey); pamapi/src/main/java/com/pollex/pam/service/OtpUtilService.java
@@ -2,6 +2,7 @@ import com.pollex.pam.domain.OtpTmp; import com.pollex.pam.enums.OtpTmpStatusEnum; import com.pollex.pam.web.rest.errors.OtpLoginFailException; import com.pollex.pam.web.rest.vm.VerifyOtpVM; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -37,25 +38,21 @@ @Transactional public void verifyOtp(String account, String indexKey, String otpCode) { try { if(applicationProperty.isMockLogin()){ loginRecordService.saveOTPLoginSuccessRecord(account); log.debug("Do MockLogin"); } else { // otp logon OtpResponseDTO otpResponseDTO = otpWebService.verifyOTP(indexKey, otpCode); if (otpResponseDTO.isSuccess()) { loginRecordService.saveOTPLoginSuccessRecord(account); } else { loginRecordService.saveOTPLoginFailRecord(account, otpResponseDTO.getFailReason()); throw new AuthenticationCredentialsNotFoundException(""); } if (applicationProperty.isMockLogin()) { log.debug("Do MockLogin"); } else { // otp logon OtpResponseDTO otpResponseDTO = otpWebService.verifyOTP(indexKey, otpCode); if (otpResponseDTO.isSuccess()) { log.info("otp login success!"); } setVerrifiedOtpTmp(account, indexKey); } catch (Exception e) { log.error("Exception: ", e); throw new AuthenticationCredentialsNotFoundException(""); else { log.info("otp login fail... , account = {}, failReason = {}", account, otpResponseDTO.getFailReason()); loginRecordService.saveOTPLoginFailRecord(account, otpResponseDTO.getFailReason()); throw new OtpLoginFailException(otpResponseDTO.getFailReason()); } } loginRecordService.saveOTPLoginSuccessRecord(account); setVerrifiedOtpTmp(account, indexKey); } private void setVerrifiedOtpTmp(String account, String indexKey) { pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
@@ -3,6 +3,7 @@ import java.util.Arrays; import java.util.UUID; import com.pollex.pam.web.rest.errors.CustomerNotRegisteredException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -90,7 +91,7 @@ .orElse(null); if (customer == null) { return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build(); return ResponseEntity.status(HttpStatus.FORBIDDEN).build(); } String jwt = customerAuthService.authorize(customer, verifyOtpParam.getIndexKey(), verifyOtpParam.getOtpCode()); pamapi/src/main/java/com/pollex/pam/web/rest/errors/CustomerNotRegisteredException.java
¤ñ¹ï·sÀÉ®× @@ -0,0 +1,8 @@ package com.pollex.pam.web.rest.errors; import org.springframework.http.HttpStatus; import org.springframework.web.bind.annotation.ResponseStatus; @ResponseStatus(code = HttpStatus.FORBIDDEN, reason = "CustomerNotRegistered") public class CustomerNotRegisteredException extends RuntimeException{ } pamapi/src/main/java/com/pollex/pam/web/rest/errors/OtpLoginFailException.java
¤ñ¹ï·sÀÉ®× @@ -0,0 +1,11 @@ package com.pollex.pam.web.rest.errors; import org.springframework.http.HttpStatus; import org.springframework.web.bind.annotation.ResponseStatus; @ResponseStatus(code = HttpStatus.UNAUTHORIZED) public class OtpLoginFailException extends RuntimeException{ public OtpLoginFailException(String message) { super(message); } }
