From db15612798841319bafcb3ed4e77c7c013b9446f Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期三, 25 十二月 2024 15:39:30 +0800
Subject: [PATCH] [UPDATE] 新增顧問登入OTP流程和文件
---
pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java | 35 ++++++++++++++++++++---------------
1 files changed, 20 insertions(+), 15 deletions(-)
diff --git a/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java b/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java
index 8c9dd25..349af27 100644
--- a/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java
+++ b/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java
@@ -25,6 +25,7 @@
import com.pollex.pam.business.aop.logging.audit.AuditLoggingInject;
import com.pollex.pam.business.security.token.EServiceAuthenticationToken;
import com.pollex.pam.business.service.ConsultantService;
+import com.pollex.pam.business.service.util.AesUtil;
import com.pollex.pam.business.web.errors.OtpLoginFailException;
import com.pollex.pam.business.web.vm.EServiceLoginVM;
import com.pollex.pam.security.jwt.JWTFilter;
@@ -33,7 +34,7 @@
@RestController
@RequestMapping("/api/eService")
public class EServiceResource {
-
+
private final static Logger log = LoggerFactory.getLogger(EServiceResource.class);
@@ -46,37 +47,41 @@
@Autowired
ConsultantService consultantService;
+ @Autowired
+ AesUtil aesUtil;
+
@AuditLoggingInject(type = CONSULTANT_LOGIN)
@PostMapping("/authenticate/{imgCode}")
- public ResponseEntity<UserJWTController.JWTToken> authorize(
+ public void authorize(
@RequestBody EServiceLoginVM eServiceLoginVM
, HttpServletResponse response, HttpServletRequest request,
- @PathVariable String imgCode){
+ @PathVariable String imgCode) throws Exception{
+
+
+ String paswword = aesUtil.aesDecode(eServiceLoginVM.getPassword());
+ if(!StringUtils.hasText(paswword)) {
+ throw new OtpLoginFailException("撖Ⅳ閫�撖仃���");
+ }
+
HttpSession session = request.getSession();
String sessionImpCode = (String) session.getAttribute("img_code");
-
+
if (!StringUtils.hasText(sessionImpCode)
|| !StringUtils.hasText(imgCode)) {
throw new OtpLoginFailException("撽�Ⅳ頛詨�隤�");
}
-
+
if(!imgCode.equals(sessionImpCode)) {
throw new OtpLoginFailException("撽�Ⅳ頛詨�隤�");
}
+
session.setAttribute("img_code", null);
-
- EServiceAuthenticationToken authenticationToken = new EServiceAuthenticationToken(
+ EServiceAuthenticationToken authenticationToken = new EServiceAuthenticationToken(
eServiceLoginVM.getUsername(),
- eServiceLoginVM.getPassword()
+ paswword
);
Authentication authentication = authenticationManagerBuilder.getObject().authenticate(authenticationToken);
- consultantService.updateLoginTime(eServiceLoginVM.getUsername());
- SecurityContextHolder.getContext().setAuthentication(authenticationToken);
-
- String jwt = tokenProvider.createToken(authentication, false);
- HttpHeaders httpHeaders = new HttpHeaders();
- httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt);
- return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK);
+ session.setAttribute("authentication", authentication);
}
}
--
Gitblit v1.8.0