From 22a5ad3acef0bfb8353dac64d4cbe0d52f6d2a07 Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期五, 01 九月 2023 10:16:41 +0800
Subject: [PATCH] [UPDATE] 解決弱點Use of hard-coded cryptographic key , 把key移到設定檔

---
 pamapi/src/main/java/com/pollex/pam/service/CustomerService.java |   11 ++++++++++-
 1 files changed, 10 insertions(+), 1 deletions(-)

diff --git a/pamapi/src/main/java/com/pollex/pam/service/CustomerService.java b/pamapi/src/main/java/com/pollex/pam/service/CustomerService.java
index 3f1b6c4..98af88a 100644
--- a/pamapi/src/main/java/com/pollex/pam/service/CustomerService.java
+++ b/pamapi/src/main/java/com/pollex/pam/service/CustomerService.java
@@ -7,6 +7,9 @@
 import com.pollex.pam.business.service.UsernameAlreadyUsedException;
 import com.pollex.pam.business.service.dto.CustomerDTO;
 import com.pollex.pam.business.service.mapper.CustomerMapper;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Service;
@@ -14,6 +17,7 @@
 
 import com.pollex.pam.business.domain.Customer;
 import com.pollex.pam.business.domain.OtpTmp;
+import com.pollex.pam.business.enums.DataFromEnum;
 import com.pollex.pam.business.enums.OtpLoginTypeEnum;
 import com.pollex.pam.business.enums.OtpTmpStatusEnum;
 import com.pollex.pam.business.repository.CustomerRepository;
@@ -23,6 +27,9 @@
 @Service
 @Transactional
 public class CustomerService {
+	
+	private static final Logger log = LoggerFactory.getLogger(CustomerService.class);
+
 
 	@Autowired
 	CustomerRepository customerRepository;
@@ -44,6 +51,7 @@
 	}
 
 	public Customer registerCustomer(CustomerRegisterDTO registDTO) {
+		
 		boolean isCustomerExist = checkCustomerExist(registDTO);
 		if(isCustomerExist) {
 			throw new UsernameAlreadyUsedException();
@@ -54,6 +62,7 @@
 			OtpTmp otpTmp = otpTmpService.findByAccountAndIndexKey(account, registDTO.getIndexKey());
 	    	if(otpTmp.getStatus() == OtpTmpStatusEnum.VERRIFIED) {
 	    		Customer customer = customerDTOMapper.toCustomer(registDTO);
+	    		customer.setDataFrom(DataFromEnum.PAM);
 	        	save(customer);
 	        	return customer;
 	    	}else {
@@ -90,7 +99,7 @@
 
 	private boolean checkCustomerExist(CustomerRegisterDTO registDTO) {
 		String account = getCustomerAccount(registDTO);
-		Optional<Customer> customer = customerRepository.findOneByEmailEqualsOrPhoneEquals(account, account);
+		Optional<Customer> customer = customerRepository.findOneByEmailEqualsOrPhoneEquals(account);
 		return customer.isPresent();
 	}
 }

--
Gitblit v1.8.0