From db15612798841319bafcb3ed4e77c7c013b9446f Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期三, 25 十二月 2024 15:39:30 +0800
Subject: [PATCH] [UPDATE] 新增顧問登入OTP流程和文件

---
 pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java |   71 +++++++++++++++++++++++++++--------
 1 files changed, 55 insertions(+), 16 deletions(-)

diff --git a/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java b/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java
index e8ac6f1..349af27 100644
--- a/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java
+++ b/pamapi/src/main/java/com/pollex/pam/web/rest/EServiceResource.java
@@ -1,11 +1,13 @@
 package com.pollex.pam.web.rest;
 
-import com.pollex.pam.aop.logging.audit.AuditLoggingInject;
-import com.pollex.pam.aop.logging.audit.AuditLoggingType;
-import com.pollex.pam.security.jwt.JWTFilter;
-import com.pollex.pam.security.jwt.TokenProvider;
-import com.pollex.pam.security.token.EServiceAuthenticationToken;
-import com.pollex.pam.web.rest.vm.EServiceLoginVM;
+import static com.pollex.pam.business.aop.logging.audit.AuditLoggingType.CONSULTANT_LOGIN;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
@@ -13,16 +15,28 @@
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import static com.pollex.pam.aop.logging.audit.AuditLoggingType.CONSULTANT_LOGIN;
+import com.pollex.pam.business.aop.logging.audit.AuditLoggingInject;
+import com.pollex.pam.business.security.token.EServiceAuthenticationToken;
+import com.pollex.pam.business.service.ConsultantService;
+import com.pollex.pam.business.service.util.AesUtil;
+import com.pollex.pam.business.web.errors.OtpLoginFailException;
+import com.pollex.pam.business.web.vm.EServiceLoginVM;
+import com.pollex.pam.security.jwt.JWTFilter;
+import com.pollex.pam.security.jwt.TokenProvider;
 
 @RestController
 @RequestMapping("/api/eService")
 public class EServiceResource {
+
+	private final static Logger log = LoggerFactory.getLogger(EServiceResource.class);
+
 
     @Autowired
     AuthenticationManagerBuilder authenticationManagerBuilder;
@@ -30,19 +44,44 @@
     @Autowired
     TokenProvider tokenProvider;
 
+    @Autowired
+    ConsultantService consultantService;
+
+    @Autowired
+    AesUtil aesUtil;
+
     @AuditLoggingInject(type = CONSULTANT_LOGIN)
-    @PostMapping("/authenticate")
-    public ResponseEntity<UserJWTController.JWTToken> authorize(@RequestBody EServiceLoginVM eServiceLoginVM) {
-        EServiceAuthenticationToken authenticationToken = new EServiceAuthenticationToken(
+    @PostMapping("/authenticate/{imgCode}")
+    public void authorize(
+    		@RequestBody EServiceLoginVM eServiceLoginVM
+    		, HttpServletResponse response, HttpServletRequest request,
+			@PathVariable String imgCode) throws Exception{
+
+
+    	String paswword = aesUtil.aesDecode(eServiceLoginVM.getPassword());
+    	if(!StringUtils.hasText(paswword)) {
+    		throw new OtpLoginFailException("撖Ⅳ閫�撖仃���");
+    	}
+
+    	HttpSession session = request.getSession();
+    	String sessionImpCode = (String) session.getAttribute("img_code");
+
+    	if (!StringUtils.hasText(sessionImpCode)
+				|| !StringUtils.hasText(imgCode)) {
+    		throw new OtpLoginFailException("撽�Ⅳ頛詨�隤�");
+		}
+
+    	if(!imgCode.equals(sessionImpCode)) {
+    		throw new OtpLoginFailException("撽�Ⅳ頛詨�隤�");
+    	}
+
+    	session.setAttribute("img_code", null);
+    	EServiceAuthenticationToken authenticationToken = new EServiceAuthenticationToken(
             eServiceLoginVM.getUsername(),
-            eServiceLoginVM.getPassword()
+            paswword
         );
 
         Authentication authentication = authenticationManagerBuilder.getObject().authenticate(authenticationToken);
-        SecurityContextHolder.getContext().setAuthentication(authenticationToken);
-        String jwt = tokenProvider.createToken(authentication, false);
-        HttpHeaders httpHeaders = new HttpHeaders();
-        httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt);
-        return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK);
+        session.setAttribute("authentication", authentication);
     }
 }

--
Gitblit v1.8.0