package com.pollex.pam.web.rest; import com.pollex.pam.config.ApplicationProperties; import com.pollex.pam.security.jwt.JWTFilter; import com.pollex.pam.security.jwt.TokenProvider; import com.pollex.pam.security.token.OtpAuthenticationToken; import com.pollex.pam.service.OtpWebService; import com.pollex.pam.service.dto.OtpResponseDTO; import com.pollex.pam.web.rest.vm.OtpAccount; import com.pollex.pam.web.rest.vm.OtpEmailLoginVM; import com.pollex.pam.web.rest.vm.OtpSMSLoginVM; import com.pollex.pam.web.rest.vm.VerifyOtpVM; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.bind.annotation.*; import javax.xml.rpc.ServiceException; import java.nio.charset.Charset; import java.nio.charset.StandardCharsets; import java.rmi.RemoteException; import java.util.Arrays; import java.util.Random; import java.util.UUID; import static java.nio.charset.StandardCharsets.UTF_8; @RestController @RequestMapping("/api/otp") public class OtpResource { private final static Logger log = LoggerFactory.getLogger(OtpResource.class); @Autowired ApplicationProperties applicationProperty; @Autowired OtpWebService otpWebService; @Autowired AuthenticationManagerBuilder authenticationManagerBuilder; @Autowired TokenProvider tokenProvider; @PostMapping("/byPhone") public ResponseEntity sendOtpByPhone(@RequestBody OtpSMSLoginVM login) { try { if(applicationProperty.isMockLogin()) { return new ResponseEntity<>(getMockOtpResponse(), HttpStatus.OK); } OtpResponseDTO otpResponseDTO = otpWebService.sendByPhone(login.getPhone()); return new ResponseEntity<>(otpResponseDTO, HttpStatus.OK); } catch (ServiceException | RemoteException e) { return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("connecting otp web service error"); } } @PostMapping("/byEmail") public ResponseEntity sendOtpByEmail(@RequestBody OtpEmailLoginVM login) { try { if(applicationProperty.isMockLogin()) { return new ResponseEntity<>(getMockOtpResponse(), HttpStatus.OK); } OtpResponseDTO otpResponseDTO = otpWebService.sendByEmail(login.getEmail()); return new ResponseEntity<>(otpResponseDTO, HttpStatus.OK); } catch (ServiceException | RemoteException e) { return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("connecting otp web service error"); } } @PostMapping("/verify") public ResponseEntity verifyOtp(@RequestBody VerifyOtpVM verifyOtpParam) { OtpAccount otpAccount = new OtpAccount(verifyOtpParam.getAccount(), verifyOtpParam.getIndexKey()); OtpAuthenticationToken authenticationToken = new OtpAuthenticationToken( otpAccount, verifyOtpParam.getOtpCode() ); Authentication authentication = authenticationManagerBuilder.getObject().authenticate(authenticationToken); SecurityContextHolder.getContext().setAuthentication(authenticationToken); String jwt = tokenProvider.createToken(authentication, false); HttpHeaders httpHeaders = new HttpHeaders(); httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt); return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK); } private OtpResponseDTO getMockOtpResponse() { String indexKey = UUID.randomUUID().toString().substring(0, 8); return new OtpResponseDTO(new String[]{indexKey, "0", "", ""}); } }