From ae4db5435180c44b37f521c463b17f2023ac1d8c Mon Sep 17 00:00:00 2001
From: wayne <wayne8692wayne8692@gmail.com>
Date: 星期五, 18 二月 2022 09:25:50 +0800
Subject: [PATCH] [update] 若顧問停用時，將無法登入 (文案待確認)

---
 pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java |   65 ++++++++++++++++++++++----------
 1 files changed, 44 insertions(+), 21 deletions(-)

diff --git a/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java b/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
index e8f5533..883c80a 100644
--- a/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
+++ b/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
@@ -1,17 +1,9 @@
 package com.pollex.pam.web.rest;
 
-import com.pollex.pam.config.ApplicationProperties;
-import com.pollex.pam.enums.OtpLoginTypeEnum;
-import com.pollex.pam.security.jwt.JWTFilter;
-import com.pollex.pam.security.jwt.TokenProvider;
-import com.pollex.pam.security.token.OtpAuthenticationToken;
-import com.pollex.pam.service.CustomerAuthService;
-import com.pollex.pam.service.CustomerService;
-import com.pollex.pam.service.OtpTmpService;
-import com.pollex.pam.service.OtpWebService;
-import com.pollex.pam.service.dto.CustomerRegisterDTO;
-import com.pollex.pam.service.dto.OtpResponseDTO;
-import com.pollex.pam.web.rest.vm.*;
+import java.util.Arrays;
+import java.util.UUID;
+
+import com.pollex.pam.web.rest.errors.CustomerNotRegisteredException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -19,14 +11,26 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
 
-import javax.xml.rpc.ServiceException;
-import java.rmi.RemoteException;
-import java.util.Arrays;
-import java.util.UUID;
+import com.pollex.pam.config.ApplicationProperties;
+import com.pollex.pam.domain.Customer;
+import com.pollex.pam.enums.OtpLoginTypeEnum;
+import com.pollex.pam.repository.CustomerRepository;
+import com.pollex.pam.security.jwt.JWTFilter;
+import com.pollex.pam.security.jwt.TokenProvider;
+import com.pollex.pam.service.CustomerAuthService;
+import com.pollex.pam.service.CustomerService;
+import com.pollex.pam.service.OtpTmpService;
+import com.pollex.pam.service.OtpUtilService;
+import com.pollex.pam.service.OtpWebService;
+import com.pollex.pam.service.dto.CustomerRegisterDTO;
+import com.pollex.pam.service.dto.OtpResponseDTO;
+import com.pollex.pam.web.rest.vm.OtpLoginVM;
+import com.pollex.pam.web.rest.vm.VerifyOtpVM;
 
 @RestController
 @RequestMapping("/api/otp")
@@ -55,6 +59,12 @@
     @Autowired
     CustomerService customerService;
 
+    @Autowired
+    OtpUtilService otpUtilService;
+
+    @Autowired
+    CustomerRepository customerRepository;
+
     @PostMapping("/sendOtp")
     public ResponseEntity<Object> sendOtp(@RequestBody OtpLoginVM login) {
     	OtpResponseDTO otpResponse;
@@ -74,7 +84,17 @@
 
     @PostMapping("/verify")
     public ResponseEntity<UserJWTController.JWTToken> verifyOtp(@RequestBody VerifyOtpVM verifyOtpParam) {
-        String jwt = customerAuthService.authorize(verifyOtpParam.getAccount(), verifyOtpParam.getIndexKey(), verifyOtpParam.getOtpCode());
+    	otpUtilService.verifyOtp(verifyOtpParam);
+
+    	Customer customer = customerRepository
+    						.findOneByEmailEqualsOrPhoneEquals(verifyOtpParam.getAccount())
+    						.orElse(null);
+
+    	if (customer == null) {
+    		return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+    	}
+
+    	String jwt = customerAuthService.authorize(customer, verifyOtpParam.getIndexKey(), verifyOtpParam.getOtpCode());
         HttpHeaders httpHeaders = new HttpHeaders();
         httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt);
         return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK);
@@ -87,9 +107,12 @@
 
     @PostMapping("/register")
     public ResponseEntity<UserJWTController.JWTToken> registerAccount(@RequestBody CustomerRegisterDTO registDTO) {
-    	String jwt = customerService.registerCustomer(registDTO);
+    	Customer account = customerService.registerCustomer(registDTO);
+    	String jwt = customerAuthService.authorize(account, registDTO.getIndexKey(), registDTO.getOtpCode());
     	HttpHeaders httpHeaders = new HttpHeaders();
         httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt);
         return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK);
     }
+
+
 }

--
Gitblit v1.8.0