From 74e563da7fa6886449fd2be5933e2d4ca5c85f48 Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期二, 12 九月 2023 11:25:52 +0800
Subject: [PATCH] [UPDATE] 解決弱點Se: Incorrect definition of Serializable class [UPDATE] 解決弱點Information exposure to log file [UPDATE] 解決弱點Use of hard-coded password

---
 pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java |    8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java b/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java
index 796e2dd..6bb5f5e 100644
--- a/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java
+++ b/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java
@@ -46,15 +46,19 @@
 
     @Autowired
     ConsultantService consultantService;
+    
+    @Autowired
+    AesUtil aesUtil;
 
     @AuditLoggingInject(type = CONSULTANT_LOGIN)
     @PostMapping("/authenticate/{imgCode}")
     public ResponseEntity<UserJWTController.JWTToken> authorize(
     		@RequestBody EServiceLoginVM eServiceLoginVM
     		, HttpServletResponse response, HttpServletRequest request,
-			@PathVariable String imgCode){
+			@PathVariable String imgCode) throws Exception{
     	
-    	String paswword = AesUtil.aesDecode(eServiceLoginVM.getPassword());
+    	
+    	String paswword = aesUtil.aesDecode(eServiceLoginVM.getPassword());
     	if(!StringUtils.hasText(paswword)) {
     		throw new OtpLoginFailException("撖Ⅳ閫�撖仃���");
     	}

--
Gitblit v1.8.0