From 22a5ad3acef0bfb8353dac64d4cbe0d52f6d2a07 Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期五, 01 九月 2023 10:16:41 +0800
Subject: [PATCH] [UPDATE] 解決弱點Use of hard-coded cryptographic key , 把key移到設定檔

---
 pamapi/src/main/java/com/pollex/pam/service/CustomerService.java |   68 ++++++++++++++++++++++++++--------
 1 files changed, 52 insertions(+), 16 deletions(-)

diff --git a/pamapi/src/main/java/com/pollex/pam/service/CustomerService.java b/pamapi/src/main/java/com/pollex/pam/service/CustomerService.java
index fe9a396..98af88a 100644
--- a/pamapi/src/main/java/com/pollex/pam/service/CustomerService.java
+++ b/pamapi/src/main/java/com/pollex/pam/service/CustomerService.java
@@ -2,50 +2,67 @@
 
 import java.util.Optional;
 
+import com.pollex.pam.business.security.SecurityUtils;
+import com.pollex.pam.business.service.OtpTmpService;
+import com.pollex.pam.business.service.UsernameAlreadyUsedException;
+import com.pollex.pam.business.service.dto.CustomerDTO;
+import com.pollex.pam.business.service.mapper.CustomerMapper;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
-import com.pollex.pam.domain.Customer;
-import com.pollex.pam.domain.OtpTmp;
-import com.pollex.pam.enums.OtpLoginTypeEnum;
-import com.pollex.pam.enums.OtpTmpStatusEnum;
-import com.pollex.pam.repository.CustomerRepository;
-import com.pollex.pam.service.dto.CustomerRegisterDTO;
-import com.pollex.pam.service.mapper.CustomerDTOMapper;
+import com.pollex.pam.business.domain.Customer;
+import com.pollex.pam.business.domain.OtpTmp;
+import com.pollex.pam.business.enums.DataFromEnum;
+import com.pollex.pam.business.enums.OtpLoginTypeEnum;
+import com.pollex.pam.business.enums.OtpTmpStatusEnum;
+import com.pollex.pam.business.repository.CustomerRepository;
+import com.pollex.pam.business.service.dto.CustomerRegisterDTO;
+import com.pollex.pam.business.service.mapper.CustomerDTOMapper;
 
 @Service
 @Transactional
 public class CustomerService {
 	
+	private static final Logger log = LoggerFactory.getLogger(CustomerService.class);
+
+
 	@Autowired
 	CustomerRepository customerRepository;
-	
+
 	@Autowired
     CustomerDTOMapper customerDTOMapper;
-	
+
 	@Autowired
 	CustomerAuthService customerAuthService;
-	
+
 	@Autowired
 	OtpTmpService otpTmpService;
-	
+
+    @Autowired
+    CustomerMapper customerMapper;
+
 	public Customer save(Customer customer) {
 		return customerRepository.save(customer);
 	}
-	
+
 	public Customer registerCustomer(CustomerRegisterDTO registDTO) {
+		
 		boolean isCustomerExist = checkCustomerExist(registDTO);
 		if(isCustomerExist) {
 			throw new UsernameAlreadyUsedException();
-			
+
 		}else {
 			String account = getCustomerAccount(registDTO);
-			
+
 			OtpTmp otpTmp = otpTmpService.findByAccountAndIndexKey(account, registDTO.getIndexKey());
 	    	if(otpTmp.getStatus() == OtpTmpStatusEnum.VERRIFIED) {
 	    		Customer customer = customerDTOMapper.toCustomer(registDTO);
+	    		customer.setDataFrom(DataFromEnum.PAM);
 	        	save(customer);
 	        	return customer;
 	    	}else {
@@ -54,8 +71,27 @@
 	    				+ " => status: " + otpTmp.getStatus());
 	    	}
 		}
-		
+
 	}
+
+    public void updateLoggedCustomer(CustomerDTO customerDTO) {
+        Long customerId = SecurityUtils.getCustomerDBId();
+        Customer customer = customerRepository.findById(customerId)
+            .orElseThrow(() -> new UsernameNotFoundException("customerId which is from token is not found in customer db table, customer id = " + customerId));
+
+        customer.setEmail(customerDTO.getEmail());
+        customer.setPhone(customerDTO.getPhone());
+        customer.setName(customerDTO.getName());
+        customerRepository.save(customer);
+    }
+
+    public CustomerDTO getLoggedCustomerDTO() {
+        Long customerId = SecurityUtils.getCustomerDBId();
+        Customer customer = customerRepository.findById(customerId)
+            .orElseThrow(() -> new UsernameNotFoundException("customerId which is from token is not found in customer db table, customer id = " + customerId));
+
+        return customerMapper.toDto(customer);
+    }
 
 	private String getCustomerAccount(CustomerRegisterDTO registDTO) {
 		return registDTO.getContactType() == OtpLoginTypeEnum.EMAIL?registDTO.getEmail():registDTO.getPhone();
@@ -63,7 +99,7 @@
 
 	private boolean checkCustomerExist(CustomerRegisterDTO registDTO) {
 		String account = getCustomerAccount(registDTO);
-		Optional<Customer> customer = customerRepository.findOneByEmailEqualsOrPhoneEquals(account, account);
+		Optional<Customer> customer = customerRepository.findOneByEmailEqualsOrPhoneEquals(account);
 		return customer.isPresent();
 	}
 }

--
Gitblit v1.8.0