From 463c7f43eb7e530967683cdcacffcef786a4e817 Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期四, 31 八月 2023 08:57:55 +0800
Subject: [PATCH] [UPDATE] 解決弱點Insecure block cipher mode, AES CBC安全性上不足所以需要改為GCM模式來做加密

---
 pamapi/src/main/java/com/pollex/pam/service/OtpUtilService.java |   12 ++++++++++--
 1 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/pamapi/src/main/java/com/pollex/pam/service/OtpUtilService.java b/pamapi/src/main/java/com/pollex/pam/service/OtpUtilService.java
index ff21125..a17426e 100644
--- a/pamapi/src/main/java/com/pollex/pam/service/OtpUtilService.java
+++ b/pamapi/src/main/java/com/pollex/pam/service/OtpUtilService.java
@@ -35,10 +35,18 @@
 
     @Transactional
     public void verifyOtp(String account, String indexKey, String otpCode) {
-        if (applicationProperty.isMockLogin()) {
+        
+    	OtpTmp otpTmp = otpTmpService.findByAccountAndIndexKey(account, indexKey);
+    	if(otpTmp==null) {
+    		log.info("otp login fail... , account = {}, indexKey = {}, failReason = {}", account, indexKey, "Index key and account field mismatch");
+            throw new OtpLoginFailException("otp error");
+    	}
+    	
+    	if (applicationProperty.isMockLogin()) {
             log.debug("Do MockLogin");
         } else {  // otp logon
-            OtpResponseDTO otpResponseDTO = otpWebService.verifyOTP(indexKey, otpCode);
+        	
+        	OtpResponseDTO otpResponseDTO = otpWebService.verifyOTP(indexKey, otpCode);
             if (otpResponseDTO.isSuccess()) {
                 log.info("otp login success!, account = {}", account);
             }

--
Gitblit v1.8.0