jbcheong/hubez-admin
1
0
Fork 0
mirror of http://git.mhez-qa.uplus.co.kr/hubez/hubez-admin.git synced 2025-12-07 03:15:09 +09:00
Code Issues Projects Releases Wiki Activity

웹취약점, 모의해킹 조치

Browse Source
This commit is contained in:
USER
2022-08-24 14:04:30 +09:00
parent d0e0ef7020
commit a2273154d1
92 changed files with 1193 additions and 1246 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
frontend/src/modules/login/views/LoginAuth.vue
View File

@@ -45,12 +45,14 @@ import { mapGetters } from 'vuex';
import api from '../service/api';
import { utils_mixin, chkPattern2 } from '../service/mixins';
import commonModal from "../components/commonModal";
import tokenSvc from '@/common/token-service';
import axios from 'axios';
export default {
name: 'Params',
mixins: [utils_mixin, chkPattern2],
props: {
userId: {
userIds: {
type: String,
default : ''
}
@@ -72,26 +74,29 @@ export default {
timer: null,
timeCounter: 180,
timerStr: "03:00",
tempList: []
tempList: [],
accessToken: '',
};
},
components: {
commonModal
},
created() {
if(!this.getLogin){
this.$router.push({ path: '/login' });
}
// if(!this.getLogin){
// this.$router.push({ path: '/login' });
// }
},
mounted() {
if (localStorage.hubwebUserId) {
this.oprtrId = localStorage.hubwebUserId;
}
// if (localStorage.hubwebUserId) {
// this.oprtrId = localStorage.hubwebUserId;
// }
this.$store.commit("login/isLogin", false);
this.isLogin = this.getLogin;
this.pwd = this.getPwd;
this.accessToken = this.getToken;
this.oprtrId = this.userId;
this.ajaxlogin();
},
computed: {
@@ -99,7 +104,9 @@ export default {
getLogin: 'login/isLogin',
getErrorPage: 'login/isErrorPage',
getAuthChk: 'login/isAuthChk',
getPwd: 'login/getPwd'
getPwd: 'login/getPwd',
getToken: 'login/getToken',
userId: 'login/userId',
}),
},
watch: {
@@ -121,47 +128,63 @@ export default {
} else {
this.isAuth = false;
}
}
},
getToken(data){
if (data != null && data != '') {
this.accessToken = data;
} else {
this.accessToken = '';
}
},
// userId(data){
// if (data != null && data != '') {
// this.oprtrId = data;
// } else {
// this.oprtrId = '';
// }
// }
},
destroyed() {
let cont = document.querySelector(".wrap");
cont.classList.remove("bg-wrap");
},
methods: {
// 1차 인증
async ajaxlogin() {
methods: {
async ajaxlogin() {
var vm = this;
vm.errors = null;
if (!this.oprtrId){
this.$router.push({ path: '/login' });
}
if (!this.pwd){
this.$router.push({ path: '/login' });
}
var params = {
"oprtrId": this.oprtrId,
"oprtrPw": this.pwd,
"accessToken": this.accessToken
}
try {
const response = await api.login(params);
const rsp = response.data;
const response = await api.loginCheck(params);
const rsp = response.data;
if(rsp.retCode == '0000'){
vm.$store.commit("login/isLogin", true);
} else {
var accessToken = rsp.data.accessToken;
if(vm.accessToken == accessToken){
vm.$store.commit("login/isLogin", true);
vm.$store.commit("login/removeToken", true);
}else{
vm.$store.commit("login/isLogin", false);
this.$router.push({ path: '/login' });
}
} else {
vm.$store.commit("login/isLogin", false);
this.$router.push({ path: '/login' });
}
} catch(err) {
vm.$store.commit("login/isLogin", false);
this.$router.push({ path: '/login' });
}
},
// 2차 인증번호 요청
async authNum(){
var vm = this;
let userId = vm.$route.params.userId;
//let userId = vm.$route.params.userId;
let userId = this.oprtrId;
this.row = {}
if(!this.isLogin){
@@ -240,8 +263,9 @@ export default {
// 2차 인증 확인
async ajaxAuth(){
var vm = this;
let userId = vm.$route.params.userId;
var vm = this;
let userId = this.oprtrId
this.row = {}
if(!this.mdn){
this.row.title = '휴대폰번호 확인';
@@ -278,18 +302,32 @@ export default {
"isLogin": this.isLogin,
"oprtrPw": this.pwd
}
//인증번호 확인
try {
const response = await api.confirmNum(params)
//const response = await axios.post('/api/v1/bo/login/confirmNum', params);
const rsp = response.data;
if(rsp.retCode == '0000'){
vm.$store.commit("login/isLogin", true);
vm.$store.commit("login/isAuthChk", true);
vm.$store.commit("login/userId", rsp.data.userId)
vm.$store.commit("login/userNm", rsp.data.userNm)
vm.$store.commit("login/userId", rsp.data.userId);
vm.$store.commit("login/userNm", rsp.data.userNm);
var rootUrl = rsp.data.nextUrl;
vm.$store.commit("login/rootUrl", rsp.data.nextUrl);
vm.$store.commit("login/rootUrl", rsp.data.nextUrl);
var menuUrls = rsp.data.menuUrls;
menuUrls.push('/');
menuUrls.push('/login');
menuUrls.push('/view/login/auth');
menuUrls.push('/view/login/updatePassword');
menuUrls.push('/view/login/resetPassword');
menuUrls.push('/view/error/404');
menuUrls.push('/view/error/500');
vm.$store.commit("login/setMenuUrls", menuUrls);
vm.$store.commit("login/saveAuthToken", rsp.data.authToken);
//localStorage.authToken = rsp.data.authToken;
sessionStorage.setItem('authToken', rsp.data.authToken);
//api.setToken(rsp.data.authToken);
vm.$router.push({ path: rootUrl});
}else if (rsp.retCode == '4008'){
this.row.title = '휴대폰번호 확인';
@@ -316,7 +354,6 @@ export default {
vm.$router.push({ path: '/'});
}
} catch(err) {
//alert("실패 하였습니다.");
this.row.title = '인증번호';
this.row.msg1 = '실패 하였습니다.';
this.$refs.commmonModal.alertModalOpen(this.row);