From 6bcbe72b43d6fa041d06878d1dae09a6d8903895 Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期五, 11 八月 2023 16:19:02 +0800
Subject: [PATCH] [ADD] 為了解決滲透測試JWT token 登出未失效問題, 在登出後會需要建立黑名單並在filter中確定token是否非黑名單

---
 pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java b/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
index c1ce7be..609f1f1 100644
--- a/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
+++ b/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
@@ -75,7 +75,6 @@
 
     @PostMapping("/sendOtp/{imgCode}")
     public ResponseEntity<Object> sendOtp(@RequestBody OtpLoginVM login
-    		, @RequestBody VerifyOtpVM verifyOtpParam
     		, @PathVariable String imgCode, HttpServletRequest request) {
     	
     	HttpSession session = request.getSession();
@@ -90,6 +89,8 @@
     		throw new OtpLoginFailException("撽�Ⅳ頛詨�隤�");
     	}
     	
+    	session.setAttribute("img_code", null);
+    	
     	OtpResponseDTO otpResponse;
         if(applicationProperty.isMockLogin()) {
             otpResponse = getMockSendOtpResponse();
@@ -102,6 +103,7 @@
             return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("can not support this login type, loginType = " + login.getLoginType().name());
         }
         otpTmpService.createOtpTmp(login.getAccount(), otpResponse.getIndexKey());
+        
         return new ResponseEntity<>(otpResponse, HttpStatus.OK);
     }
 
@@ -109,7 +111,6 @@
     @PostMapping("/verify")
     public ResponseEntity<UserJWTController.JWTToken> verifyOtp(@RequestBody VerifyOtpVM verifyOtpParam
     		) {
-    	
     	
     	otpUtilService.verifyOtp(verifyOtpParam);
 

--
Gitblit v1.8.0