From 74e563da7fa6886449fd2be5933e2d4ca5c85f48 Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期二, 12 九月 2023 11:25:52 +0800
Subject: [PATCH] [UPDATE] 解決弱點Se: Incorrect definition of Serializable class [UPDATE] 解決弱點Information exposure to log file [UPDATE] 解決弱點Use of hard-coded password
---
PAMapp/shared/services/login.service.ts | 80 +++++++++++++++++++++++++++++++++++-----
1 files changed, 70 insertions(+), 10 deletions(-)
diff --git a/PAMapp/shared/services/login.service.ts b/PAMapp/shared/services/login.service.ts
index 26bf0f2..eb61ccb 100644
--- a/PAMapp/shared/services/login.service.ts
+++ b/PAMapp/shared/services/login.service.ts
@@ -1,6 +1,9 @@
import { http } from "./httpClient";
import { AxiosResponse } from 'axios';
import _ from "lodash";
+import CryptoJS from "crypto-js";
+import forge from "node-forge";
+// import CryptoJS from "asmcrypto-js";
import { ConsultantLoginInfo } from "../models/ConsultantLoginInfo";
import { LoginRequest } from "../models/loginRequest.model";
@@ -11,19 +14,59 @@
class LoginService {
/** 憿批恥��-��TP **/
- async sendOtp(loginInfo: LoginRequest):Promise<OtpInfo> {
- return http.post('/otp/sendOtp', loginInfo).then( res => res.data );
- }
+ async sendOtp(loginInfo: LoginRequest, verifyCode: string): Promise<OtpInfo> {
+ try {
+ const response = await http.post(`/otp/sendOtp/${verifyCode}`, loginInfo);
+ // 撘望�est1: �� if (response)
+ if (response) {
+ return response.data;
+ } else {
+ throw new Error('http.post returned null-like value.');
+ }
+ } catch (error) {
+ console.error('An error occurred while sending OTP:', error);
+ // �隞亙甇方���隤斗����身��
+ throw error;
+ }
+ }
- /** 憿批恥��-撽�TP **/
- async loginVerify(loginVerify: LoginVerify):Promise<LoginSuccessToken>{
- return http.post('/otp/verify', loginVerify).then(res => res.data);
+
+ /**
+ * 憿批恥��-撽�TP
+ * @param loginVerify ��撽������隞�
+ * @returns ��撽�����oken
+ */
+ async loginVerify(loginVerify: LoginVerify): Promise<LoginSuccessToken> {
+ try {
+ const response = await http.post('/otp/verify', loginVerify);
+ if (response !== null) {
+ return response.data;
+ } else {
+ throw new Error('http.post returned null-like value.');
+ }
+ } catch (error) {
+ // �隞亙甇方���隤斗����身��
+ console.error('An error occurred while verifying OTP:', error);
+ throw error;
+ }
}
/** 憿批恥閮餃�� **/
- async register(registerInfo: RegisterInfo):Promise<LoginSuccessToken>{
- return http.post('/otp/register', registerInfo).then(res => res.data);
+ async register(registerInfo: RegisterInfo): Promise<LoginSuccessToken> {
+ try {
+ const response = await http.post('/otp/register', registerInfo);
+ if (response !== null) {
+ return response.data;
+ } else {
+ throw new Error('http.post returned null-like value.');
+ }
+ } catch (error) {
+ console.error('An error occurred while registering:', error);
+ // �隞亙甇方���隤斗����身��
+ throw error;
+ }
}
+
/** �����Ⅳ���� **/
async getImgOfVerification():Promise<string>{
@@ -44,8 +87,25 @@
}
/** 憿批�� **/
- logInToConsultant(consultantDto:ConsultantLoginInfo):Promise<AxiosResponse<LoginSuccessToken>>{
- return http.post('/eService/authenticate',consultantDto);
+ logInToConsultant(consultantDto:ConsultantLoginInfo, verificationCode: string):Promise<AxiosResponse<LoginSuccessToken>>{
+
+ const iv = "0123456789abcdef";
+ const key = "PAMKEY1234567890";
+ const cipher = forge.cipher.createCipher('AES-GCM', key);
+ cipher.start({
+ iv:iv
+ });
+ cipher.update(forge.util.createBuffer(forge.util.encodeUtf8(consultantDto.password)));
+ cipher.finish();
+ const encry = cipher.output;
+ var tag = cipher.mode.tag;
+ const encryptedPassword = window.btoa(encry.data+tag.data);
+
+ return http.post(`/eService/authenticate/${verificationCode}`, { ...consultantDto, password: encryptedPassword});
+ }
+
+ async logout(): Promise<void> {
+ return http.post('/logout');
}
}
--
Gitblit v1.8.0