From 23f937de7378d94c74e81e6f0ef1d6a1e0f1fa0e Mon Sep 17 00:00:00 2001
From: Tomas <tomasysh@gmail.com>
Date: 星期五, 01 九月 2023 13:37:45 +0800
Subject: [PATCH] Merge branch '滲透' of https://dev.pollex.com.tw:8443/r/pcalife/PAM into 滲透

---
 pamapi/src/main/java/com/pollex/pam/service/OtpUtilService.java |   31 +++++++++++++++++++++----------
 1 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/pamapi/src/main/java/com/pollex/pam/service/OtpUtilService.java b/pamapi/src/main/java/com/pollex/pam/service/OtpUtilService.java
index 9736d8e..c8dc2af 100644
--- a/pamapi/src/main/java/com/pollex/pam/service/OtpUtilService.java
+++ b/pamapi/src/main/java/com/pollex/pam/service/OtpUtilService.java
@@ -1,17 +1,17 @@
 package com.pollex.pam.service;
 
-import com.pollex.pam.domain.OtpTmp;
-import com.pollex.pam.enums.OtpTmpStatusEnum;
-import com.pollex.pam.web.rest.errors.OtpLoginFailException;
-import com.pollex.pam.web.rest.vm.VerifyOtpVM;
+import com.pollex.pam.business.domain.OtpTmp;
+import com.pollex.pam.business.enums.OtpTmpStatusEnum;
+import com.pollex.pam.business.service.OtpTmpService;
+import com.pollex.pam.business.web.errors.OtpLoginFailException;
+import com.pollex.pam.business.web.vm.VerifyOtpVM;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.stereotype.Service;
 
 import com.pollex.pam.config.ApplicationProperties;
-import com.pollex.pam.service.dto.OtpResponseDTO;
+import com.pollex.pam.business.service.dto.OtpResponseDTO;
 import org.springframework.transaction.annotation.Transactional;
 
 @Service
@@ -35,10 +35,18 @@
 
     @Transactional
     public void verifyOtp(String account, String indexKey, String otpCode) {
-        if (applicationProperty.isMockLogin()) {
+        
+    	OtpTmp otpTmp = otpTmpService.findByAccountAndIndexKey(account, indexKey);
+    	if(otpTmp==null) {
+    		log.info("otp login fail... , account = {}, indexKey = {}, failReason = {}", account, indexKey, "Index key and account field mismatch");
+            throw new OtpLoginFailException("otp error");
+    	}
+    	
+    	if (applicationProperty.isMockLogin()) {
             log.debug("Do MockLogin");
         } else {  // otp logon
-            OtpResponseDTO otpResponseDTO = otpWebService.verifyOTP(indexKey, otpCode);
+        	
+        	OtpResponseDTO otpResponseDTO = otpWebService.verifyOTP(indexKey, otpCode);
             if (otpResponseDTO.isSuccess()) {
                 log.info("otp login success!, account = {}", account);
             }
@@ -52,8 +60,11 @@
 
     private void setVerrifiedOtpTmp(String account, String indexKey) {
         OtpTmp otpTmp = otpTmpService.findByAccountAndIndexKey(account, indexKey);
-        otpTmp.setStatus(OtpTmpStatusEnum.VERRIFIED);
-        otpTmpService.save(otpTmp);
+        if(otpTmp!=null) {
+        	otpTmp.setStatus(OtpTmpStatusEnum.VERRIFIED);
+            otpTmpService.save(otpTmp);
+        }
+        
     }
 
 

--
Gitblit v1.8.0