From aa109c6e83f23a3c81ccc4645ce233492364307d Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期一, 18 七月 2022 23:06:16 +0800
Subject: [PATCH] [UPDATE] 驗證碼驗證失敗改為回傳401 [BUG] 調整spring security設定
---
pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java | 91 ++++++++++++++++++++++++++++++++++-----------
1 files changed, 68 insertions(+), 23 deletions(-)
diff --git a/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java b/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
index e8f5533..98625a2 100644
--- a/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
+++ b/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
@@ -1,17 +1,12 @@
package com.pollex.pam.web.rest;
-import com.pollex.pam.config.ApplicationProperties;
-import com.pollex.pam.enums.OtpLoginTypeEnum;
-import com.pollex.pam.security.jwt.JWTFilter;
-import com.pollex.pam.security.jwt.TokenProvider;
-import com.pollex.pam.security.token.OtpAuthenticationToken;
-import com.pollex.pam.service.CustomerAuthService;
-import com.pollex.pam.service.CustomerService;
-import com.pollex.pam.service.OtpTmpService;
-import com.pollex.pam.service.OtpWebService;
-import com.pollex.pam.service.dto.CustomerRegisterDTO;
-import com.pollex.pam.service.dto.OtpResponseDTO;
-import com.pollex.pam.web.rest.vm.*;
+import java.util.Arrays;
+import java.util.UUID;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import com.pollex.pam.business.aop.logging.audit.AuditLoggingInject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -19,14 +14,31 @@
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
-import javax.xml.rpc.ServiceException;
-import java.rmi.RemoteException;
-import java.util.Arrays;
-import java.util.UUID;
+import com.pollex.pam.config.ApplicationProperties;
+import com.pollex.pam.business.domain.Customer;
+import com.pollex.pam.business.enums.OtpLoginTypeEnum;
+import com.pollex.pam.business.repository.CustomerRepository;
+import com.pollex.pam.security.jwt.JWTFilter;
+import com.pollex.pam.security.jwt.TokenProvider;
+import com.pollex.pam.service.CustomerAuthService;
+import com.pollex.pam.service.CustomerService;
+import com.pollex.pam.business.service.OtpTmpService;
+import com.pollex.pam.service.OtpUtilService;
+import com.pollex.pam.service.OtpWebService;
+import com.pollex.pam.business.service.dto.CustomerRegisterDTO;
+import com.pollex.pam.business.service.dto.OtpResponseDTO;
+import com.pollex.pam.business.web.errors.OtpLoginFailException;
+import com.pollex.pam.business.web.vm.OtpLoginVM;
+import com.pollex.pam.business.web.vm.VerifyOtpVM;
+
+import static com.pollex.pam.business.aop.logging.audit.AuditLoggingType.CUSTOMER_LOGIN;
@RestController
@RequestMapping("/api/otp")
@@ -55,6 +67,12 @@
@Autowired
CustomerService customerService;
+ @Autowired
+ OtpUtilService otpUtilService;
+
+ @Autowired
+ CustomerRepository customerRepository;
+
@PostMapping("/sendOtp")
public ResponseEntity<Object> sendOtp(@RequestBody OtpLoginVM login) {
OtpResponseDTO otpResponse;
@@ -72,9 +90,33 @@
return new ResponseEntity<>(otpResponse, HttpStatus.OK);
}
- @PostMapping("/verify")
- public ResponseEntity<UserJWTController.JWTToken> verifyOtp(@RequestBody VerifyOtpVM verifyOtpParam) {
- String jwt = customerAuthService.authorize(verifyOtpParam.getAccount(), verifyOtpParam.getIndexKey(), verifyOtpParam.getOtpCode());
+ @AuditLoggingInject(type = CUSTOMER_LOGIN)
+ @PostMapping("/verify/{imgCode}")
+ public ResponseEntity<UserJWTController.JWTToken> verifyOtp(@RequestBody VerifyOtpVM verifyOtpParam
+ , @PathVariable String imgCode, HttpServletRequest request) {
+ HttpSession session = request.getSession();
+ String sessionImpCode = (String) session.getAttribute("img_code");
+
+ if (!StringUtils.hasText(sessionImpCode)
+ || !StringUtils.hasText(imgCode)) {
+ throw new OtpLoginFailException("撽�Ⅳ頛詨�隤�");
+ }
+
+ if(!imgCode.equals(sessionImpCode)) {
+ throw new OtpLoginFailException("撽�Ⅳ頛詨�隤�");
+ }
+
+ otpUtilService.verifyOtp(verifyOtpParam);
+
+ Customer customer = customerRepository
+ .findOneByEmailEqualsOrPhoneEquals(verifyOtpParam.getAccount())
+ .orElse(null);
+
+ if (customer == null) {
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ }
+
+ String jwt = customerAuthService.authorize(customer, verifyOtpParam.getIndexKey(), verifyOtpParam.getOtpCode());
HttpHeaders httpHeaders = new HttpHeaders();
httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt);
return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK);
@@ -87,9 +129,12 @@
@PostMapping("/register")
public ResponseEntity<UserJWTController.JWTToken> registerAccount(@RequestBody CustomerRegisterDTO registDTO) {
- String jwt = customerService.registerCustomer(registDTO);
+ Customer account = customerService.registerCustomer(registDTO);
+ String jwt = customerAuthService.authorize(account, registDTO.getIndexKey(), registDTO.getOtpCode());
HttpHeaders httpHeaders = new HttpHeaders();
httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt);
return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK);
}
+
+
}
--
Gitblit v1.8.0