From d39218d56f5d1c96667035e969d414aa8a2fb81e Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期二, 08 八月 2023 17:20:37 +0800
Subject: [PATCH] [UPDATE] 更新前端aes加密密碼的實作

---
 pamapi/src/main/java/com/pollex/pam/service/OtpUtilService.java |   43 +++++++++++++++++++++++++------------------
 1 files changed, 25 insertions(+), 18 deletions(-)

diff --git a/pamapi/src/main/java/com/pollex/pam/service/OtpUtilService.java b/pamapi/src/main/java/com/pollex/pam/service/OtpUtilService.java
index c9a949f..a17426e 100644
--- a/pamapi/src/main/java/com/pollex/pam/service/OtpUtilService.java
+++ b/pamapi/src/main/java/com/pollex/pam/service/OtpUtilService.java
@@ -1,17 +1,17 @@
 package com.pollex.pam.service;
 
-import com.pollex.pam.domain.OtpTmp;
-import com.pollex.pam.enums.OtpTmpStatusEnum;
-import com.pollex.pam.web.rest.vm.VerifyOtpVM;
+import com.pollex.pam.business.domain.OtpTmp;
+import com.pollex.pam.business.enums.OtpTmpStatusEnum;
+import com.pollex.pam.business.service.OtpTmpService;
+import com.pollex.pam.business.web.errors.OtpLoginFailException;
+import com.pollex.pam.business.web.vm.VerifyOtpVM;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.stereotype.Service;
 
 import com.pollex.pam.config.ApplicationProperties;
-import com.pollex.pam.security.provider.OtpAuthenticationProvider;
-import com.pollex.pam.service.dto.OtpResponseDTO;
+import com.pollex.pam.business.service.dto.OtpResponseDTO;
 import org.springframework.transaction.annotation.Transactional;
 
 @Service
@@ -35,20 +35,27 @@
 
     @Transactional
     public void verifyOtp(String account, String indexKey, String otpCode) {
-    	try {
-            if(applicationProperty.isMockLogin()){
-                log.debug("Do MockLogin");
-            } else {  // otp logon
-                OtpResponseDTO otpResponseDTO = otpWebService.verifyOTP(indexKey, otpCode);
-                if (!otpResponseDTO.isSuccess()) {
-                    throw new AuthenticationCredentialsNotFoundException("");
-                }
+        
+    	OtpTmp otpTmp = otpTmpService.findByAccountAndIndexKey(account, indexKey);
+    	if(otpTmp==null) {
+    		log.info("otp login fail... , account = {}, indexKey = {}, failReason = {}", account, indexKey, "Index key and account field mismatch");
+            throw new OtpLoginFailException("otp error");
+    	}
+    	
+    	if (applicationProperty.isMockLogin()) {
+            log.debug("Do MockLogin");
+        } else {  // otp logon
+        	
+        	OtpResponseDTO otpResponseDTO = otpWebService.verifyOTP(indexKey, otpCode);
+            if (otpResponseDTO.isSuccess()) {
+                log.info("otp login success!, account = {}", account);
             }
-            setVerrifiedOtpTmp(account, indexKey);
-    	} catch (Exception e) {
-            log.error("Exception: ", e);
-            throw new AuthenticationCredentialsNotFoundException("");
+            else {
+                log.info("otp login fail... , account = {}, error code = {}, failReason = {}", account, otpResponseDTO.getFailCode(), otpResponseDTO.getFailReason());
+                throw new OtpLoginFailException(otpResponseDTO.getFailCode());
+            }
         }
+        setVerrifiedOtpTmp(account, indexKey);
     }
 
     private void setVerrifiedOtpTmp(String account, String indexKey) {

--
Gitblit v1.8.0