From 7253237bcfb247e6ef75a8b9c82d6ead58e60a79 Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期一, 18 七月 2022 14:07:03 +0800
Subject: [PATCH] [UPDATE] 顧問登入驗證碼和驗證帳密改為同一支API [UPDATE] 客戶登入新增驗證碼驗證功能

---
 pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java |   58 ++++++++++++++++++++++++++++++++++++++++------------------
 1 files changed, 40 insertions(+), 18 deletions(-)

diff --git a/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java b/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
index ec15bcb..1bc84f9 100644
--- a/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
+++ b/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
@@ -3,6 +3,10 @@
 import java.util.Arrays;
 import java.util.UUID;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import com.pollex.pam.business.aop.logging.audit.AuditLoggingInject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -10,26 +14,30 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
 import com.pollex.pam.config.ApplicationProperties;
-import com.pollex.pam.domain.Customer;
-import com.pollex.pam.enums.OtpLoginTypeEnum;
-import com.pollex.pam.repository.CustomerRepository;
+import com.pollex.pam.business.domain.Customer;
+import com.pollex.pam.business.enums.OtpLoginTypeEnum;
+import com.pollex.pam.business.repository.CustomerRepository;
 import com.pollex.pam.security.jwt.JWTFilter;
 import com.pollex.pam.security.jwt.TokenProvider;
 import com.pollex.pam.service.CustomerAuthService;
 import com.pollex.pam.service.CustomerService;
-import com.pollex.pam.service.OtpTmpService;
+import com.pollex.pam.business.service.OtpTmpService;
 import com.pollex.pam.service.OtpUtilService;
 import com.pollex.pam.service.OtpWebService;
-import com.pollex.pam.service.dto.CustomerRegisterDTO;
-import com.pollex.pam.service.dto.OtpResponseDTO;
-import com.pollex.pam.web.rest.vm.OtpLoginVM;
-import com.pollex.pam.web.rest.vm.VerifyOtpVM;
+import com.pollex.pam.business.service.dto.CustomerRegisterDTO;
+import com.pollex.pam.business.service.dto.OtpResponseDTO;
+import com.pollex.pam.business.web.vm.OtpLoginVM;
+import com.pollex.pam.business.web.vm.VerifyOtpVM;
+
+import static com.pollex.pam.business.aop.logging.audit.AuditLoggingType.CUSTOMER_LOGIN;
 
 @RestController
 @RequestMapping("/api/otp")
@@ -57,10 +65,10 @@
 
     @Autowired
     CustomerService customerService;
-    
+
     @Autowired
     OtpUtilService otpUtilService;
-    
+
     @Autowired
     CustomerRepository customerRepository;
 
@@ -81,18 +89,32 @@
         return new ResponseEntity<>(otpResponse, HttpStatus.OK);
     }
 
-    @PostMapping("/verify")
-    public ResponseEntity<UserJWTController.JWTToken> verifyOtp(@RequestBody VerifyOtpVM verifyOtpParam) {
-    	otpUtilService.verifyOtp(verifyOtpParam.getIndexKey(), verifyOtpParam.getOtpCode());
+    @AuditLoggingInject(type = CUSTOMER_LOGIN)
+    @PostMapping("/verify/{imgCode}")
+    public ResponseEntity<UserJWTController.JWTToken> verifyOtp(@RequestBody VerifyOtpVM verifyOtpParam
+    		, @PathVariable String imgCode, HttpServletRequest request) {
+    	HttpSession session = request.getSession();
+    	String sessionImpCode = (String) session.getAttribute("img_code");
     	
+    	if (!StringUtils.hasText(sessionImpCode)
+				|| !StringUtils.hasText(imgCode)) {
+    		return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+		}
+    	
+    	if(!imgCode.equals(sessionImpCode)) {
+    		return ResponseEntity.status(HttpStatus.BAD_REQUEST).build();
+    	}
+    	
+    	otpUtilService.verifyOtp(verifyOtpParam);
+
     	Customer customer = customerRepository
     						.findOneByEmailEqualsOrPhoneEquals(verifyOtpParam.getAccount())
     						.orElse(null);
-    	
+
     	if (customer == null) {
-    		return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+    		return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
     	}
-    	
+
     	String jwt = customerAuthService.authorize(customer, verifyOtpParam.getIndexKey(), verifyOtpParam.getOtpCode());
         HttpHeaders httpHeaders = new HttpHeaders();
         httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt);
@@ -112,6 +134,6 @@
         httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt);
         return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK);
     }
-    
-    
+
+
 }

--
Gitblit v1.8.0