From b50be4ce1a51d66a54eb3edb144f72c735171e65 Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期二, 05 九月 2023 11:58:53 +0800
Subject: [PATCH] [UPDATE] 解決弱點掃描Use of hard-coded cryptographic key問題, 須把key參數移動到設定檔

---
 pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java b/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java
index b1aeb62..6bb5f5e 100644
--- a/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java
+++ b/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java
@@ -46,16 +46,19 @@
 
     @Autowired
     ConsultantService consultantService;
+    
+    @Autowired
+    AesUtil aesUtil;
 
     @AuditLoggingInject(type = CONSULTANT_LOGIN)
     @PostMapping("/authenticate/{imgCode}")
     public ResponseEntity<UserJWTController.JWTToken> authorize(
     		@RequestBody EServiceLoginVM eServiceLoginVM
     		, HttpServletResponse response, HttpServletRequest request,
-			@PathVariable String imgCode){
+			@PathVariable String imgCode) throws Exception{
     	
     	
-    	String paswword = AesUtil.aesDecode(eServiceLoginVM.getPassword());
+    	String paswword = aesUtil.aesDecode(eServiceLoginVM.getPassword());
     	if(!StringUtils.hasText(paswword)) {
     		throw new OtpLoginFailException("撖Ⅳ閫�撖仃���");
     	}

--
Gitblit v1.8.0