From 3b0671286dd280c0172352e6f3d116ecd7051efe Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期二, 08 八月 2023 15:27:31 +0800
Subject: [PATCH] [UPDATE] 顧問登入如果密碼解密失敗直接拋錯給前端

---
 pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java |   13 ++++++++++---
 1 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java b/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java
index 8c9dd25..796e2dd 100644
--- a/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java
+++ b/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java
@@ -25,6 +25,7 @@
 import com.pollex.pam.business.aop.logging.audit.AuditLoggingInject;
 import com.pollex.pam.business.security.token.EServiceAuthenticationToken;
 import com.pollex.pam.business.service.ConsultantService;
+import com.pollex.pam.business.service.util.AesUtil;
 import com.pollex.pam.business.web.errors.OtpLoginFailException;
 import com.pollex.pam.business.web.vm.EServiceLoginVM;
 import com.pollex.pam.security.jwt.JWTFilter;
@@ -52,6 +53,12 @@
     		@RequestBody EServiceLoginVM eServiceLoginVM
     		, HttpServletResponse response, HttpServletRequest request,
 			@PathVariable String imgCode){
+    	
+    	String paswword = AesUtil.aesDecode(eServiceLoginVM.getPassword());
+    	if(!StringUtils.hasText(paswword)) {
+    		throw new OtpLoginFailException("撖Ⅳ閫�撖仃���");
+    	}
+    	
     	HttpSession session = request.getSession();
     	String sessionImpCode = (String) session.getAttribute("img_code");
     	
@@ -63,11 +70,11 @@
     	if(!imgCode.equals(sessionImpCode)) {
     		throw new OtpLoginFailException("撽�Ⅳ頛詨�隤�");
     	}
-    	session.setAttribute("img_code", null);
     	
-        EServiceAuthenticationToken authenticationToken = new EServiceAuthenticationToken(
+    	session.setAttribute("img_code", null);
+    	EServiceAuthenticationToken authenticationToken = new EServiceAuthenticationToken(
             eServiceLoginVM.getUsername(),
-            eServiceLoginVM.getPassword()
+            paswword
         );
 
         Authentication authentication = authenticationManagerBuilder.getObject().authenticate(authenticationToken);

--
Gitblit v1.8.0