From 97777e5c968c9430f95080ecc830f78debb8cc4c Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期一, 31 七月 2023 17:26:09 +0800
Subject: [PATCH] [ADD] 新增OTP檢核, 驗證之前需要先檢查帳號跟index key有沒有符合, todo : 171002

---
 pamapi/src/main/java/com/pollex/pam/service/OtpUtilService.java |   31 +++++++++++++++++--------------
 1 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/pamapi/src/main/java/com/pollex/pam/service/OtpUtilService.java b/pamapi/src/main/java/com/pollex/pam/service/OtpUtilService.java
index 69673b4..a17426e 100644
--- a/pamapi/src/main/java/com/pollex/pam/service/OtpUtilService.java
+++ b/pamapi/src/main/java/com/pollex/pam/service/OtpUtilService.java
@@ -1,17 +1,17 @@
 package com.pollex.pam.service;
 
-import com.pollex.pam.domain.OtpTmp;
-import com.pollex.pam.enums.OtpTmpStatusEnum;
-import com.pollex.pam.web.rest.errors.OtpLoginFailException;
-import com.pollex.pam.web.rest.vm.VerifyOtpVM;
+import com.pollex.pam.business.domain.OtpTmp;
+import com.pollex.pam.business.enums.OtpTmpStatusEnum;
+import com.pollex.pam.business.service.OtpTmpService;
+import com.pollex.pam.business.web.errors.OtpLoginFailException;
+import com.pollex.pam.business.web.vm.VerifyOtpVM;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.stereotype.Service;
 
 import com.pollex.pam.config.ApplicationProperties;
-import com.pollex.pam.service.dto.OtpResponseDTO;
+import com.pollex.pam.business.service.dto.OtpResponseDTO;
 import org.springframework.transaction.annotation.Transactional;
 
 @Service
@@ -28,9 +28,6 @@
     @Autowired
     OtpTmpService otpTmpService;
 
-    @Autowired
-    LoginRecordService loginRecordService;
-
     @Transactional
     public void verifyOtp(VerifyOtpVM verifyOtpParam) {
         verifyOtp(verifyOtpParam.getAccount(), verifyOtpParam.getIndexKey(), verifyOtpParam.getOtpCode());
@@ -38,20 +35,26 @@
 
     @Transactional
     public void verifyOtp(String account, String indexKey, String otpCode) {
-        if (applicationProperty.isMockLogin()) {
+        
+    	OtpTmp otpTmp = otpTmpService.findByAccountAndIndexKey(account, indexKey);
+    	if(otpTmp==null) {
+    		log.info("otp login fail... , account = {}, indexKey = {}, failReason = {}", account, indexKey, "Index key and account field mismatch");
+            throw new OtpLoginFailException("otp error");
+    	}
+    	
+    	if (applicationProperty.isMockLogin()) {
             log.debug("Do MockLogin");
         } else {  // otp logon
-            OtpResponseDTO otpResponseDTO = otpWebService.verifyOTP(indexKey, otpCode);
+        	
+        	OtpResponseDTO otpResponseDTO = otpWebService.verifyOTP(indexKey, otpCode);
             if (otpResponseDTO.isSuccess()) {
                 log.info("otp login success!, account = {}", account);
             }
             else {
                 log.info("otp login fail... , account = {}, error code = {}, failReason = {}", account, otpResponseDTO.getFailCode(), otpResponseDTO.getFailReason());
-                loginRecordService.saveOTPLoginFailRecord(account, otpResponseDTO.getFailReason());
-                throw new OtpLoginFailException(otpResponseDTO.getFailReason());
+                throw new OtpLoginFailException(otpResponseDTO.getFailCode());
             }
         }
-        loginRecordService.saveOTPLoginSuccessRecord(account);
         setVerrifiedOtpTmp(account, indexKey);
     }
 

--
Gitblit v1.8.0