From aef49f6faffbd93350f322db5fad339e2867656b Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期一, 18 九月 2023 17:08:10 +0800
Subject: [PATCH] [UPDATE] 解決弱點Cleartext sensitive data in a database
---
pamapi/src/main/java/com/pollex/pam/web/rest/AccountResource.java | 60 +++++++++++-------------------------------------------------
1 files changed, 11 insertions(+), 49 deletions(-)
diff --git a/pamapi/src/main/java/com/pollex/pam/web/rest/AccountResource.java b/pamapi/src/main/java/com/pollex/pam/web/rest/AccountResource.java
index a808fcd..04bda6b 100644
--- a/pamapi/src/main/java/com/pollex/pam/web/rest/AccountResource.java
+++ b/pamapi/src/main/java/com/pollex/pam/web/rest/AccountResource.java
@@ -51,26 +51,6 @@
this.mailService = mailService;
}
-// /**
-// * {@code POST /register} : register the user.
-// *
-// * @param managedUserVM the managed user View Model.
-// * @throws InvalidPasswordException {@code 400 (Bad Request)} if the password is incorrect.
-// * @throws EmailAlreadyUsedException {@code 400 (Bad Request)} if the email is already used.
-// * @throws LoginAlreadyUsedException {@code 400 (Bad Request)} if the login is already used.
-// */
-// @PostMapping("/register")
-// @ResponseStatus(HttpStatus.CREATED)
-// public void registerAccount(@Valid @RequestBody ManagedUserVM managedUserVM) {
-// if (isPasswordLengthInvalid(managedUserVM.getPassword())) {
-// throw new InvalidPasswordException();
-// }
-// User user = userService.registerUser(managedUserVM, managedUserVM.getPassword());
-// mailService.sendActivationEmail(user);
-// }
-
-
-
/**
* {@code GET /activate} : activate the registered user.
*
@@ -85,17 +65,17 @@
}
}
- /**
- * {@code GET /authenticate} : check if the user is authenticated, and return its login.
- *
- * @param request the HTTP request.
- * @return the login if the user is authenticated.
- */
- @GetMapping("/authenticate")
- public String isAuthenticated(HttpServletRequest request) {
- log.debug("REST request to check if the current user is authenticated");
- return request.getRemoteUser();
- }
+// /**
+// * {@code GET /authenticate} : check if the user is authenticated, and return its login.
+// *
+// * @param request the HTTP request.
+// * @return the login if the user is authenticated.
+// */
+// @GetMapping("/authenticate")
+// public String isAuthenticated(HttpServletRequest request) {
+// log.debug("REST request to check if the current user is authenticated");
+// return request.getRemoteUser();
+// }
/**
* {@code GET /account} : get the current user.
@@ -140,12 +120,6 @@
);
}
- /**
- * {@code POST /account/change-password} : changes the current user's password.
- *
- * @param passwordChangeDto current and new password.
- * @throws InvalidPasswordException {@code 400 (Bad Request)} if the new password is incorrect.
- */
@PostMapping(path = "/account/change-password")
public void changePassword(@RequestBody PasswordChangeDTO passwordChangeDto) {
if (isPasswordLengthInvalid(passwordChangeDto.getNewPassword())) {
@@ -154,11 +128,6 @@
userService.changePassword(passwordChangeDto.getCurrentPassword(), passwordChangeDto.getNewPassword());
}
- /**
- * {@code POST /account/reset-password/init} : Send an email to reset the password of the user.
- *
- * @param mail the mail of the user.
- */
@PostMapping(path = "/account/reset-password/init")
public void requestPasswordReset(@RequestBody String mail) {
Optional<User> user = userService.requestPasswordReset(mail);
@@ -171,13 +140,6 @@
}
}
- /**
- * {@code POST /account/reset-password/finish} : Finish to reset the password of the user.
- *
- * @param keyAndPassword the generated key and the new password.
- * @throws InvalidPasswordException {@code 400 (Bad Request)} if the password is incorrect.
- * @throws RuntimeException {@code 500 (Internal Server Error)} if the password could not be reset.
- */
@PostMapping(path = "/account/reset-password/finish")
public void finishPasswordReset(@RequestBody KeyAndPasswordVM keyAndPassword) {
if (isPasswordLengthInvalid(keyAndPassword.getNewPassword())) {
--
Gitblit v1.8.0