From db15612798841319bafcb3ed4e77c7c013b9446f Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期三, 25 十二月 2024 15:39:30 +0800
Subject: [PATCH] [UPDATE] 新增顧問登入OTP流程和文件
---
pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java | 72 ++++++++++++++++++++++++++++++++---
1 files changed, 65 insertions(+), 7 deletions(-)
diff --git a/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java b/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
index 609f1f1..1176bc0 100644
--- a/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
+++ b/pamapi/src/main/java/com/pollex/pam/web/rest/OtpResource.java
@@ -4,9 +4,14 @@
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.pollex.pam.business.aop.logging.audit.AuditLoggingInject;
+import com.pollex.pam.business.domain.Consultant;
+import com.pollex.pam.business.security.token.EServiceAuthenticationToken;
+import com.pollex.pam.business.service.ConsultantService;
+import com.pollex.pam.business.web.vm.EServiceLoginVM;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -14,6 +19,8 @@
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
@@ -38,6 +45,7 @@
import com.pollex.pam.business.web.vm.OtpLoginVM;
import com.pollex.pam.business.web.vm.VerifyOtpVM;
+import static com.pollex.pam.business.aop.logging.audit.AuditLoggingType.CONSULTANT_LOGIN;
import static com.pollex.pam.business.aop.logging.audit.AuditLoggingType.CUSTOMER_LOGIN;
@RestController
@@ -73,24 +81,27 @@
@Autowired
CustomerRepository customerRepository;
+ @Autowired
+ ConsultantService consultantService;
+
@PostMapping("/sendOtp/{imgCode}")
public ResponseEntity<Object> sendOtp(@RequestBody OtpLoginVM login
, @PathVariable String imgCode, HttpServletRequest request) {
-
+
HttpSession session = request.getSession();
String sessionImpCode = (String) session.getAttribute("img_code");
-
+
if (!StringUtils.hasText(sessionImpCode)
|| !StringUtils.hasText(imgCode)) {
throw new OtpLoginFailException("撽�Ⅳ頛詨�隤�");
}
-
+
if(!imgCode.equals(sessionImpCode)) {
throw new OtpLoginFailException("撽�Ⅳ頛詨�隤�");
}
-
+
session.setAttribute("img_code", null);
-
+
OtpResponseDTO otpResponse;
if(applicationProperty.isMockLogin()) {
otpResponse = getMockSendOtpResponse();
@@ -103,7 +114,7 @@
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("can not support this login type, loginType = " + login.getLoginType().name());
}
otpTmpService.createOtpTmp(login.getAccount(), otpResponse.getIndexKey());
-
+
return new ResponseEntity<>(otpResponse, HttpStatus.OK);
}
@@ -111,7 +122,7 @@
@PostMapping("/verify")
public ResponseEntity<UserJWTController.JWTToken> verifyOtp(@RequestBody VerifyOtpVM verifyOtpParam
) {
-
+
otpUtilService.verifyOtp(verifyOtpParam);
Customer customer = customerRepository
@@ -142,5 +153,52 @@
return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK);
}
+ @PostMapping("/consultant/sendOtp/{login}")
+ public ResponseEntity<Object> consultantSendOtp(@PathVariable String login) {
+ Consultant consultant = consultantService.findByAgentNo(login);
+ OtpResponseDTO otpResponse;
+ if(applicationProperty.isMockLogin()) {
+ otpResponse = getMockSendOtpResponse();
+ }else if(StringUtils.hasText(consultant.getPhoneNumber())) {
+ otpResponse = otpWebService.sendByPhone(consultant.getPhoneNumber());
+ }else if(StringUtils.hasText(consultant.getEmail())) {
+ otpResponse = otpWebService.sendByEmail(consultant.getEmail());
+ }else {
+ return ResponseEntity.status(HttpStatus.BAD_REQUEST).body("can not find phone and email to send otp, loginType = " + login);
+ }
+ otpTmpService.createOtpTmp(login, otpResponse.getIndexKey());
+
+ return new ResponseEntity<>(otpResponse, HttpStatus.OK);
+ }
+
+ @PostMapping("/consultant/verifyOtp")
+ public ResponseEntity<UserJWTController.JWTToken> consultantVerifyOtp(@RequestBody VerifyOtpVM verifyOtpParam
+ , HttpServletRequest request) {
+
+ HttpSession session = request.getSession();
+ Authentication authentication = (Authentication) session.getAttribute("authentication");
+ String authAccount = authentication.getPrincipal().toString();
+
+ if(!authAccount.equals(verifyOtpParam.getAccount())){
+ return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+ }
+
+ otpUtilService.verifyOtp(verifyOtpParam);
+ Consultant consultant = consultantService.findByAgentNo(verifyOtpParam.getAccount());
+
+ if (consultant == null) {
+ return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
+ }
+
+ consultantService.updateLoginTime(verifyOtpParam.getAccount());
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+
+ String jwt = tokenProvider.createToken(authentication, false);
+ HttpHeaders httpHeaders = new HttpHeaders();
+ httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt);
+ session.setAttribute("authentication", null);
+ return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK);
+
+ }
}
--
Gitblit v1.8.0