jbcheong/hubez-admin
1
0
Fork 0
mirror of http://git.mhez-qa.uplus.co.kr/hubez/hubez-admin.git synced 2025-12-07 03:57:56 +09:00
Code Issues Projects Releases Wiki Activity

웹취약점, 모의해킹 조치

Browse Source
This commit is contained in:
USER
2022-08-24 14:04:30 +09:00
parent d0e0ef7020
commit a2273154d1
92 changed files with 1193 additions and 1246 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
frontend/src/modules/login/views/LoginAuth.vue
View File

@@ -45,12 +45,14 @@ import { mapGetters } from 'vuex';
import api from '../service/api';
import { utils_mixin, chkPattern2 } from '../service/mixins';
import commonModal from "../components/commonModal";
import tokenSvc from '@/common/token-service';
import axios from 'axios';
export default {
name: 'Params',
mixins: [utils_mixin, chkPattern2],
props: {
userId: {
userIds: {
type: String,
default : ''
}
@@ -72,26 +74,29 @@ export default {
timer: null,
timeCounter: 180,
timerStr: "03:00",
tempList: []
tempList: [],
accessToken: '',
};
},
components: {
commonModal
},
created() {
if(!this.getLogin){
this.$router.push({ path: '/login' });
}
// if(!this.getLogin){
// this.$router.push({ path: '/login' });
// }
},
mounted() {
if (localStorage.hubwebUserId) {
this.oprtrId = localStorage.hubwebUserId;
}
// if (localStorage.hubwebUserId) {
// this.oprtrId = localStorage.hubwebUserId;
// }
this.$store.commit("login/isLogin", false);
this.isLogin = this.getLogin;
this.pwd = this.getPwd;
this.accessToken = this.getToken;
this.oprtrId = this.userId;
this.ajaxlogin();
},
computed: {
@@ -99,7 +104,9 @@ export default {
getLogin: 'login/isLogin',
getErrorPage: 'login/isErrorPage',
getAuthChk: 'login/isAuthChk',
getPwd: 'login/getPwd'
getPwd: 'login/getPwd',
getToken: 'login/getToken',
userId: 'login/userId',
}),
},
watch: {
@@ -121,47 +128,63 @@ export default {
} else {
this.isAuth = false;
}
}
},
getToken(data){
if (data != null && data != '') {
this.accessToken = data;
} else {
this.accessToken = '';
}
},
// userId(data){
// if (data != null && data != '') {
// this.oprtrId = data;
// } else {
// this.oprtrId = '';
// }
// }
},
destroyed() {
let cont = document.querySelector(".wrap");
cont.classList.remove("bg-wrap");
},
methods: {
// 1차 인증
async ajaxlogin() {
methods: {
async ajaxlogin() {
var vm = this;
vm.errors = null;
if (!this.oprtrId){
this.$router.push({ path: '/login' });
}
if (!this.pwd){
this.$router.push({ path: '/login' });
}
var params = {
"oprtrId": this.oprtrId,
"oprtrPw": this.pwd,
"accessToken": this.accessToken
}
try {
const response = await api.login(params);
const rsp = response.data;
const response = await api.loginCheck(params);
const rsp = response.data;
if(rsp.retCode == '0000'){
vm.$store.commit("login/isLogin", true);
} else {
var accessToken = rsp.data.accessToken;
if(vm.accessToken == accessToken){
vm.$store.commit("login/isLogin", true);
vm.$store.commit("login/removeToken", true);
}else{
vm.$store.commit("login/isLogin", false);
this.$router.push({ path: '/login' });
}
} else {
vm.$store.commit("login/isLogin", false);
this.$router.push({ path: '/login' });
}
} catch(err) {
vm.$store.commit("login/isLogin", false);
this.$router.push({ path: '/login' });
}
},
// 2차 인증번호 요청
async authNum(){
var vm = this;
let userId = vm.$route.params.userId;
//let userId = vm.$route.params.userId;
let userId = this.oprtrId;
this.row = {}
if(!this.isLogin){
@@ -240,8 +263,9 @@ export default {
// 2차 인증 확인
async ajaxAuth(){
var vm = this;
let userId = vm.$route.params.userId;
var vm = this;
let userId = this.oprtrId
this.row = {}
if(!this.mdn){
this.row.title = '휴대폰번호 확인';
@@ -278,18 +302,32 @@ export default {
"isLogin": this.isLogin,
"oprtrPw": this.pwd
}
//인증번호 확인
try {
const response = await api.confirmNum(params)
//const response = await axios.post('/api/v1/bo/login/confirmNum', params);
const rsp = response.data;
if(rsp.retCode == '0000'){
vm.$store.commit("login/isLogin", true);
vm.$store.commit("login/isAuthChk", true);
vm.$store.commit("login/userId", rsp.data.userId)
vm.$store.commit("login/userNm", rsp.data.userNm)
vm.$store.commit("login/userId", rsp.data.userId);
vm.$store.commit("login/userNm", rsp.data.userNm);
var rootUrl = rsp.data.nextUrl;
vm.$store.commit("login/rootUrl", rsp.data.nextUrl);
vm.$store.commit("login/rootUrl", rsp.data.nextUrl);
var menuUrls = rsp.data.menuUrls;
menuUrls.push('/');
menuUrls.push('/login');
menuUrls.push('/view/login/auth');
menuUrls.push('/view/login/updatePassword');
menuUrls.push('/view/login/resetPassword');
menuUrls.push('/view/error/404');
menuUrls.push('/view/error/500');
vm.$store.commit("login/setMenuUrls", menuUrls);
vm.$store.commit("login/saveAuthToken", rsp.data.authToken);
//localStorage.authToken = rsp.data.authToken;
sessionStorage.setItem('authToken', rsp.data.authToken);
//api.setToken(rsp.data.authToken);
vm.$router.push({ path: rootUrl});
}else if (rsp.retCode == '4008'){
this.row.title = '휴대폰번호 확인';
@@ -316,7 +354,6 @@ export default {
vm.$router.push({ path: '/'});
}
} catch(err) {
//alert("실패 하였습니다.");
this.row.title = '인증번호';
this.row.msg1 = '실패 하였습니다.';
this.$refs.commmonModal.alertModalOpen(this.row);

40
frontend/src/modules/login/views/LoginMain.vue
View File

@@ -43,17 +43,18 @@ export default {
userPwd: ''
};
},
created() {
created() {
// 로그인 페이지 진입시
if(tokenSvc.getToken()){
this.$store.commit("login/isLogin", true);
this.$store.commit("login/isAuthChk", true);
this.$router.push({ path: '/' });
}else{
// if(!tokenSvc.getToken()){
// this.$store.commit("login/isLogin", true);
// this.$store.commit("login/isAuthChk", true);
// //this.$router.push({ path: '/' });
// }else{
this.$store.commit("login/isLogin", false);
this.$store.commit("login/isAuthChk", false);
this.$store.commit("login/isErrorPage", false);
}
//delete sessionStorage.authToken;
// }
},
mounted() {
this.$refs.chkSaveId.checked = true;
@@ -61,6 +62,7 @@ export default {
if (localStorage.hubwebUserId) {
this.userId = localStorage.hubwebUserId;
}
//localStorage.authToken = '';
},
destroyed() {
let cont = document.querySelector(".wrap");
@@ -113,12 +115,20 @@ export default {
const response = await api.login(params)
const rsp = response.data;
if(rsp.retCode == '0000'){
if(rsp.retCode == '0000'){
vm.chgChkUserId();
//vm.$store.commit("login/savePwd", oprtrPw);
if(rsp.data == null){
vm.$store.commit("login/isLogin", false);
return;
}
vm.$store.commit("login/isLogin", true);
vm.$store.commit("login/savePwd", oprtrPw);
vm.$router.push({ name: 'loginAuth',params: {userId : oprtrId}});
var rspToken = rsp.data.accessToken;
vm.$store.commit("login/saveToken", rspToken);
vm.$store.commit("login/userId", this.userId);
vm.$store.commit("login/savePwd", this.userPwd);
vm.$router.push({ path: rsp.data.nextUrl, params: {accessToken : rspToken}});
} else if(rsp.retCode == '1001'){ // 비밀번호 변경
vm.chgChkUserId();
this.$store.commit("login/isLogin", true);
@@ -127,13 +137,14 @@ export default {
this.row.title = '로그인 실패';
this.row.msg1 = '아이디, 비밀번호를 확인해 주세요.';
this.$refs.commonModal.alertModalOpen(this.row);
this.$store.commit("login/isLogin", false);
} else if(rsp.retCode == '4004') { // ID/PWD 불일치
//this.row.title = '비밀번호 오류';
//this.row.msg1 = '비밀번호를 확인해주세요.';
this.row.title = '로그인 실패';
this.row.msg1 = '아이디, 비밀번호를 확인해 주세요.';
this.$refs.commonModal.alertModalOpen(this.row);
this.$store.commit("login/isLogin", false);
} else if(rsp.retCode == '4005') { // ID/PWD 불일치 횟수초과로 계정 잠김 4005
this.$store.commit("login/isLogin", false);
this.row.title = '로그인 실패';
this.row.msg1 = '로그인 5회 실패하였습니다.';
this.row.msg2 = '비밀번호 초기화 후 비밀번호를 변경해 주세요.';
@@ -147,7 +158,9 @@ export default {
this.row.msg3 = '이용 부탁드립니다.';
this.row.callFnc = 'updatePassword'
this.$refs.commonModal.alertModalOpen(this.row);
this.$store.commit("login/isLogin", false);
} else if(rsp.retCode == '4007') {
this.$store.commit("login/isLogin", false);
this.row.title = '로그인 실패';
this.row.msg1 = '아이디 상태를 확인해 주세요.';
this.row.msg2 = '(사용중인 상태만 로그인 가능합니다.)';
@@ -160,6 +173,7 @@ export default {
this.row.title = '로그인';
this.row.msg1 = '실패 하였습니다.';
this.$refs.commmonModal.alertModalOpen(this.row);
this.$store.commit("login/isLogin", false);
}
},

3
frontend/src/modules/login/views/ResetPassword.vue
View File

@@ -64,7 +64,6 @@ export default {
try {
const response = await api.resetPassword(params)
const rsp = response.data;
console.log("RESULT_CODE : "+rsp.retCode);
if(rsp.retCode == '0000'){
this.row.title = '비밀번호 초기화';
@@ -74,7 +73,6 @@ export default {
vm.$store.commit("login/isLogin", false);
vm.$store.commit("login/isAuthChk", false);
this.$refs.commonModal.alertModalOpen(this.row);
// console.log(this.row)
} else if(rsp.retCode == '4003') {
this.row.title = '비밀번호 초기화';
@@ -83,7 +81,6 @@ export default {
this.$refs.commonModal.alertModalOpen(this.row);
}
} catch(err) {
console.log(err)
this.row.title = '비밀번호 초기화';
this.row.msg1 = '실패 하였습니다.';
this.$refs.commonModal.alertModalOpen(this.row);

10
frontend/src/modules/login/views/UpdatePassword.vue
View File

@@ -39,12 +39,9 @@ export default {
}
},
created() {
console.log('>>>>'+this.getLogin);
if(!this.getLogin){
this.$router.push({ path: '/login' });
}
// this.$store.commit("login/isLogin", true);
// this.$store.commit("login/isAuthChk", false);
},
computed: {
...mapGetters({
@@ -64,7 +61,6 @@ export default {
commonModal,
},
mounted() {
// this.$refs.chkSaveId.checked = true;
if (localStorage.hubwebUserId) {
this.userId = localStorage.hubwebUserId;
@@ -88,8 +84,6 @@ export default {
},
doPwdValidate(){
console.log(this.userId)
//debugger;
if(lodash.isNull(this.newPw)){
this.row.title = '비밀번호 변경';
this.row.msg1 = '비밀번호 확인을 입력해 주세요.';
@@ -140,7 +134,6 @@ export default {
try {
const response = await api.updatePassword(params)
const rsp = response.data;
console.log("RESULT_CODE : "+rsp.retCode);
if(rsp.retCode == '0000') {
this.row.title = '비밀번호 변경';
this.row.msg1 = '비밀번호가 정상적으로 변경되었습니다.';
@@ -164,8 +157,6 @@ export default {
}
} catch(err) {
//alert("실패 하였습니다.");
console.log(err)
this.row.title = '비밀번호 초기화';
this.row.msg1 = '실패 하였습니다.';
this.$refs.commonModal.alertModalOpen(this.row);
@@ -193,7 +184,6 @@ export default {
this.$refs.oldPw.focus(target);
},
alertCalbackFnc(callFnc){
console.log(callFnc);
if(callFnc === 'login'){
this.$router.push({ name: 'login',params: {}});
}