From 7253237bcfb247e6ef75a8b9c82d6ead58e60a79 Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期一, 18 七月 2022 14:07:03 +0800
Subject: [PATCH] [UPDATE] 顧問登入驗證碼和驗證帳密改為同一支API [UPDATE] 客戶登入新增驗證碼驗證功能

---
 pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java      |   22 ++++++++++++++++++++--
 pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java |   33 +++++++++++++++++++++++++++++++--
 2 files changed, 51 insertions(+), 4 deletions(-)

diff --git a/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java b/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java
index 06a1eab..b12ae2d 100644
--- a/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java
+++ b/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java
@@ -6,6 +6,9 @@
 import com.pollex.pam.security.jwt.TokenProvider;
 import com.pollex.pam.business.security.token.EServiceAuthenticationToken;
 import com.pollex.pam.business.web.vm.EServiceLoginVM;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
@@ -13,6 +16,8 @@
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -20,9 +25,16 @@
 
 import static com.pollex.pam.business.aop.logging.audit.AuditLoggingType.CONSULTANT_LOGIN;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
 @RestController
 @RequestMapping("/api/eService")
 public class EServiceResource {
+	
+	private final static Logger log = LoggerFactory.getLogger(EServiceResource.class);
+
 
     @Autowired
     AuthenticationManagerBuilder authenticationManagerBuilder;
@@ -34,8 +46,25 @@
     ConsultantService consultantService;
 
     @AuditLoggingInject(type = CONSULTANT_LOGIN)
-    @PostMapping("/authenticate")
-    public ResponseEntity<UserJWTController.JWTToken> authorize(@RequestBody EServiceLoginVM eServiceLoginVM) {
+    @PostMapping("/authenticate/{imgCode}")
+    public ResponseEntity<UserJWTController.JWTToken> authorize(
+    		@RequestBody EServiceLoginVM eServiceLoginVM
+    		, HttpServletResponse response, HttpServletRequest request,
+			@PathVariable String imgCode) {
+    	log.debug("imgCode:::::::"+imgCode);
+    	HttpSession session = request.getSession();
+    	String sessionImpCode = (String) session.getAttribute("img_code");
+    	
+    	if (!StringUtils.hasText(sessionImpCode)
+				|| !StringUtils.hasText(imgCode)) {
+    		return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+		}
+    	
+    	if(!imgCode.equals(sessionImpCode)) {
+    		return ResponseEntity.status(HttpStatus.BAD_REQUEST).build();
+    	}
+    	
+    	
         EServiceAuthenticationToken authenticationToken = new EServiceAuthenticationToken(
             eServiceLoginVM.getUsername(),
             eServiceLoginVM.getPassword()
diff --git a/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java b/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
index 3cad8c3..1bc84f9 100644
--- a/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
+++ b/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
@@ -3,6 +3,9 @@
 import java.util.Arrays;
 import java.util.UUID;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
 import com.pollex.pam.business.aop.logging.audit.AuditLoggingInject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -11,6 +14,8 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -85,8 +90,21 @@
     }
 
     @AuditLoggingInject(type = CUSTOMER_LOGIN)
-    @PostMapping("/verify")
-    public ResponseEntity<UserJWTController.JWTToken> verifyOtp(@RequestBody VerifyOtpVM verifyOtpParam) {
+    @PostMapping("/verify/{imgCode}")
+    public ResponseEntity<UserJWTController.JWTToken> verifyOtp(@RequestBody VerifyOtpVM verifyOtpParam
+    		, @PathVariable String imgCode, HttpServletRequest request) {
+    	HttpSession session = request.getSession();
+    	String sessionImpCode = (String) session.getAttribute("img_code");
+    	
+    	if (!StringUtils.hasText(sessionImpCode)
+				|| !StringUtils.hasText(imgCode)) {
+    		return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+		}
+    	
+    	if(!imgCode.equals(sessionImpCode)) {
+    		return ResponseEntity.status(HttpStatus.BAD_REQUEST).build();
+    	}
+    	
     	otpUtilService.verifyOtp(verifyOtpParam);
 
     	Customer customer = customerRepository

--
Gitblit v1.8.0