From aa109c6e83f23a3c81ccc4645ce233492364307d Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期一, 18 七月 2022 23:06:16 +0800
Subject: [PATCH] [UPDATE] 驗證碼驗證失敗改為回傳401 [BUG] 調整spring security設定
---
pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java | 2 +-
pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java | 5 +++--
pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java | 11 +++++++----
3 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java b/pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java
index a8ee0cf..c7f6824 100644
--- a/pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java
+++ b/pamapi/src/main/java/com/pollex/pam/config/SecurityConfiguration.java
@@ -85,7 +85,7 @@
.antMatchers("/api/test/sendMsg/**").permitAll()
.antMatchers("/api/otp/**").permitAll()
.antMatchers("/api/login/validate/**").permitAll()
- .antMatchers("/api/eService/authenticate").permitAll()
+ .antMatchers("/api/eService/authenticate/**").permitAll()
.antMatchers("/api/account/reset-password/init").permitAll()
.antMatchers("/api/account/reset-password/finish").permitAll()
.antMatchers("/api/consultant/recommend").permitAll()
diff --git a/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java b/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java
index b12ae2d..5fe8dc6 100644
--- a/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java
+++ b/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java
@@ -4,7 +4,11 @@
import com.pollex.pam.business.service.ConsultantService;
import com.pollex.pam.security.jwt.JWTFilter;
import com.pollex.pam.security.jwt.TokenProvider;
+
+import io.undertow.util.BadRequestException;
+
import com.pollex.pam.business.security.token.EServiceAuthenticationToken;
+import com.pollex.pam.business.web.errors.OtpLoginFailException;
import com.pollex.pam.business.web.vm.EServiceLoginVM;
import org.slf4j.Logger;
@@ -50,18 +54,17 @@
public ResponseEntity<UserJWTController.JWTToken> authorize(
@RequestBody EServiceLoginVM eServiceLoginVM
, HttpServletResponse response, HttpServletRequest request,
- @PathVariable String imgCode) {
- log.debug("imgCode:::::::"+imgCode);
+ @PathVariable String imgCode) throws BadRequestException {
HttpSession session = request.getSession();
String sessionImpCode = (String) session.getAttribute("img_code");
if (!StringUtils.hasText(sessionImpCode)
|| !StringUtils.hasText(imgCode)) {
- return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+ throw new OtpLoginFailException("撽�Ⅳ頛詨�隤�");
}
if(!imgCode.equals(sessionImpCode)) {
- return ResponseEntity.status(HttpStatus.BAD_REQUEST).build();
+ throw new OtpLoginFailException("撽�Ⅳ頛詨�隤�");
}
diff --git a/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java b/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
index 1bc84f9..98625a2 100644
--- a/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
+++ b/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
@@ -34,6 +34,7 @@
import com.pollex.pam.service.OtpWebService;
import com.pollex.pam.business.service.dto.CustomerRegisterDTO;
import com.pollex.pam.business.service.dto.OtpResponseDTO;
+import com.pollex.pam.business.web.errors.OtpLoginFailException;
import com.pollex.pam.business.web.vm.OtpLoginVM;
import com.pollex.pam.business.web.vm.VerifyOtpVM;
@@ -98,11 +99,11 @@
if (!StringUtils.hasText(sessionImpCode)
|| !StringUtils.hasText(imgCode)) {
- return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+ throw new OtpLoginFailException("撽�Ⅳ頛詨�隤�");
}
if(!imgCode.equals(sessionImpCode)) {
- return ResponseEntity.status(HttpStatus.BAD_REQUEST).build();
+ throw new OtpLoginFailException("撽�Ⅳ頛詨�隤�");
}
otpUtilService.verifyOtp(verifyOtpParam);
--
Gitblit v1.8.0