From 63a3c3c6b95630cce868fd193eaff1487de4ead7 Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期三, 20 七月 2022 13:53:17 +0800
Subject: [PATCH] [UPDATE] 客戶登入發送手機/email驗證碼的時候須加上img code驗證碼避免重複發送簡訊的問題
---
pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java | 136 ++++++++++++++++++++++++++++++---------------
1 files changed, 91 insertions(+), 45 deletions(-)
diff --git a/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java b/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
index d2ba706..c1ce7be 100644
--- a/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
+++ b/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
@@ -1,17 +1,12 @@
package com.pollex.pam.web.rest;
-import com.pollex.pam.config.ApplicationProperties;
-import com.pollex.pam.enums.OtpLoginTypeEnum;
-import com.pollex.pam.security.jwt.JWTFilter;
-import com.pollex.pam.security.jwt.TokenProvider;
-import com.pollex.pam.security.token.OtpAuthenticationToken;
-import com.pollex.pam.service.CustomerAuthService;
-import com.pollex.pam.service.CustomerService;
-import com.pollex.pam.service.OtpTmpService;
-import com.pollex.pam.service.OtpWebService;
-import com.pollex.pam.service.dto.CustomerRegisterDTO;
-import com.pollex.pam.service.dto.OtpResponseDTO;
-import com.pollex.pam.web.rest.vm.*;
+import java.util.Arrays;
+import java.util.UUID;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import com.pollex.pam.business.aop.logging.audit.AuditLoggingInject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -19,13 +14,31 @@
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
-import javax.xml.rpc.ServiceException;
-import java.rmi.RemoteException;
-import java.util.UUID;
+import com.pollex.pam.config.ApplicationProperties;
+import com.pollex.pam.business.domain.Customer;
+import com.pollex.pam.business.enums.OtpLoginTypeEnum;
+import com.pollex.pam.business.repository.CustomerRepository;
+import com.pollex.pam.security.jwt.JWTFilter;
+import com.pollex.pam.security.jwt.TokenProvider;
+import com.pollex.pam.service.CustomerAuthService;
+import com.pollex.pam.service.CustomerService;
+import com.pollex.pam.business.service.OtpTmpService;
+import com.pollex.pam.service.OtpUtilService;
+import com.pollex.pam.service.OtpWebService;
+import com.pollex.pam.business.service.dto.CustomerRegisterDTO;
+import com.pollex.pam.business.service.dto.OtpResponseDTO;
+import com.pollex.pam.business.web.errors.OtpLoginFailException;
+import com.pollex.pam.business.web.vm.OtpLoginVM;
+import com.pollex.pam.business.web.vm.VerifyOtpVM;
+
+import static com.pollex.pam.business.aop.logging.audit.AuditLoggingType.CUSTOMER_LOGIN;
@RestController
@RequestMapping("/api/otp")
@@ -44,56 +57,89 @@
@Autowired
TokenProvider tokenProvider;
-
+
@Autowired
CustomerAuthService customerAuthService;
-
+
@Autowired
OtpTmpService otpTmpService;
-
+
@Autowired
CustomerService customerService;
- @PostMapping("/sendOtp")
- public ResponseEntity<Object> sendOtp(@RequestBody OtpLoginVM login) {
+ @Autowired
+ OtpUtilService otpUtilService;
+
+ @Autowired
+ CustomerRepository customerRepository;
+
+ @PostMapping("/sendOtp/{imgCode}")
+ public ResponseEntity<Object> sendOtp(@RequestBody OtpLoginVM login
+ , @RequestBody VerifyOtpVM verifyOtpParam
+ , @PathVariable String imgCode, HttpServletRequest request) {
+
+ HttpSession session = request.getSession();
+ String sessionImpCode = (String) session.getAttribute("img_code");
+
+ if (!StringUtils.hasText(sessionImpCode)
+ || !StringUtils.hasText(imgCode)) {
+ throw new OtpLoginFailException("撽�Ⅳ頛詨�隤�");
+ }
+
+ if(!imgCode.equals(sessionImpCode)) {
+ throw new OtpLoginFailException("撽�Ⅳ頛詨�隤�");
+ }
+
OtpResponseDTO otpResponse;
- try {
- if(applicationProperty.isMockLogin()) {
- otpResponse = getMockSendOtpResponse();
- }else if(login.getLoginType() == OtpLoginTypeEnum.SMS) {
- otpResponse = otpWebService.sendByPhone(login.getAccount());
- }
- else if(login.getLoginType() == OtpLoginTypeEnum.EMAIL) {
- otpResponse = otpWebService.sendByEmail(login.getAccount());
- }else {
- return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("can not support this login type, loginType = " + login.getLoginType().name());
- }
- otpTmpService.createOtpTmp(login.getAccount(), otpResponse.getIndexKey());
- return new ResponseEntity<>(otpResponse, HttpStatus.OK);
-
- } catch (ServiceException | RemoteException e) {
- return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("connecting otp web service error");
+ if(applicationProperty.isMockLogin()) {
+ otpResponse = getMockSendOtpResponse();
+ }else if(login.getLoginType() == OtpLoginTypeEnum.SMS) {
+ otpResponse = otpWebService.sendByPhone(login.getAccount());
}
+ else if(login.getLoginType() == OtpLoginTypeEnum.EMAIL) {
+ otpResponse = otpWebService.sendByEmail(login.getAccount());
+ }else {
+ return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("can not support this login type, loginType = " + login.getLoginType().name());
+ }
+ otpTmpService.createOtpTmp(login.getAccount(), otpResponse.getIndexKey());
+ return new ResponseEntity<>(otpResponse, HttpStatus.OK);
}
+ @AuditLoggingInject(type = CUSTOMER_LOGIN)
@PostMapping("/verify")
- public ResponseEntity<UserJWTController.JWTToken> verifyOtp(@RequestBody VerifyOtpVM verifyOtpParam) {
- String jwt = customerAuthService.authorize(verifyOtpParam.getAccount(), verifyOtpParam.getIndexKey(), verifyOtpParam.getOtpCode());
+ public ResponseEntity<UserJWTController.JWTToken> verifyOtp(@RequestBody VerifyOtpVM verifyOtpParam
+ ) {
+
+
+ otpUtilService.verifyOtp(verifyOtpParam);
+
+ Customer customer = customerRepository
+ .findOneByEmailEqualsOrPhoneEquals(verifyOtpParam.getAccount())
+ .orElse(null);
+
+ if (customer == null) {
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ }
+
+ String jwt = customerAuthService.authorize(customer, verifyOtpParam.getIndexKey(), verifyOtpParam.getOtpCode());
HttpHeaders httpHeaders = new HttpHeaders();
httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt);
return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK);
}
-
+
private OtpResponseDTO getMockSendOtpResponse() {
String indexKey = UUID.randomUUID().toString().substring(0, 8);
- return new OtpResponseDTO(new String[]{indexKey, "0", "", ""});
+ return new OtpResponseDTO(Arrays.asList(indexKey, "0", "", ""));
}
-
+
@PostMapping("/register")
public ResponseEntity<UserJWTController.JWTToken> registerAccount(@RequestBody CustomerRegisterDTO registDTO) {
- String jwt = customerService.registerCustomer(registDTO);
+ Customer account = customerService.registerCustomer(registDTO);
+ String jwt = customerAuthService.authorize(account, registDTO.getIndexKey(), registDTO.getOtpCode());
HttpHeaders httpHeaders = new HttpHeaders();
httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt);
return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK);
}
+
+
}
--
Gitblit v1.8.0