From 74e563da7fa6886449fd2be5933e2d4ca5c85f48 Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期二, 12 九月 2023 11:25:52 +0800
Subject: [PATCH] [UPDATE] 解決弱點Se: Incorrect definition of Serializable class [UPDATE] 解決弱點Information exposure to log file [UPDATE] 解決弱點Use of hard-coded password
---
PAMapp/shared/services/login.service.ts | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++------
1 files changed, 51 insertions(+), 6 deletions(-)
diff --git a/PAMapp/shared/services/login.service.ts b/PAMapp/shared/services/login.service.ts
index ac9e2fd..eb61ccb 100644
--- a/PAMapp/shared/services/login.service.ts
+++ b/PAMapp/shared/services/login.service.ts
@@ -1,6 +1,9 @@
import { http } from "./httpClient";
import { AxiosResponse } from 'axios';
import _ from "lodash";
+import CryptoJS from "crypto-js";
+import forge from "node-forge";
+// import CryptoJS from "asmcrypto-js";
import { ConsultantLoginInfo } from "../models/ConsultantLoginInfo";
import { LoginRequest } from "../models/loginRequest.model";
@@ -11,9 +14,22 @@
class LoginService {
/** 憿批恥��-��TP **/
- async sendOtp(loginInfo: LoginRequest, verifyCode: string):Promise<OtpInfo> {
- return http.post(`/otp/sendOtp/${verifyCode}`, loginInfo).then( res => res.data );
- }
+ async sendOtp(loginInfo: LoginRequest, verifyCode: string): Promise<OtpInfo> {
+ try {
+ const response = await http.post(`/otp/sendOtp/${verifyCode}`, loginInfo);
+ // 撘望�est1: �� if (response)
+ if (response) {
+ return response.data;
+ } else {
+ throw new Error('http.post returned null-like value.');
+ }
+ } catch (error) {
+ console.error('An error occurred while sending OTP:', error);
+ // �隞亙甇方���隤斗����身��
+ throw error;
+ }
+ }
+
/**
* 憿批恥��-撽�TP
@@ -36,9 +52,21 @@
}
/** 憿批恥閮餃�� **/
- async register(registerInfo: RegisterInfo):Promise<LoginSuccessToken>{
- return http.post('/otp/register', registerInfo).then(res => res.data);
+ async register(registerInfo: RegisterInfo): Promise<LoginSuccessToken> {
+ try {
+ const response = await http.post('/otp/register', registerInfo);
+ if (response !== null) {
+ return response.data;
+ } else {
+ throw new Error('http.post returned null-like value.');
+ }
+ } catch (error) {
+ console.error('An error occurred while registering:', error);
+ // �隞亙甇方���隤斗����身��
+ throw error;
+ }
}
+
/** �����Ⅳ���� **/
async getImgOfVerification():Promise<string>{
@@ -60,7 +88,24 @@
/** 憿批�� **/
logInToConsultant(consultantDto:ConsultantLoginInfo, verificationCode: string):Promise<AxiosResponse<LoginSuccessToken>>{
- return http.post(`/eService/authenticate/${verificationCode}`,consultantDto);
+
+ const iv = "0123456789abcdef";
+ const key = "PAMKEY1234567890";
+ const cipher = forge.cipher.createCipher('AES-GCM', key);
+ cipher.start({
+ iv:iv
+ });
+ cipher.update(forge.util.createBuffer(forge.util.encodeUtf8(consultantDto.password)));
+ cipher.finish();
+ const encry = cipher.output;
+ var tag = cipher.mode.tag;
+ const encryptedPassword = window.btoa(encry.data+tag.data);
+
+ return http.post(`/eService/authenticate/${verificationCode}`, { ...consultantDto, password: encryptedPassword});
+ }
+
+ async logout(): Promise<void> {
+ return http.post('/logout');
}
}
--
Gitblit v1.8.0