From 098d3347a0df808908aab8c554cd7c4febc5e6d9 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期一, 26 八月 2024 11:43:59 +0800
Subject: [PATCH] !577 发布 5.2.2 正式版 安全性提升 Merge pull request !577 from 疯狂的狮子Li/dev
---
ruoyi-admin/src/main/java/org/dromara/web/service/impl/PasswordAuthStrategy.java | 49 ++++++++++++++++++++-----------------------------
1 files changed, 20 insertions(+), 29 deletions(-)
diff --git a/ruoyi-admin/src/main/java/org/dromara/web/service/impl/PasswordAuthStrategy.java b/ruoyi-admin/src/main/java/org/dromara/web/service/impl/PasswordAuthStrategy.java
index 401dfb2..f28024f 100644
--- a/ruoyi-admin/src/main/java/org/dromara/web/service/impl/PasswordAuthStrategy.java
+++ b/ruoyi-admin/src/main/java/org/dromara/web/service/impl/PasswordAuthStrategy.java
@@ -9,8 +9,8 @@
import lombok.extern.slf4j.Slf4j;
import org.dromara.common.core.constant.Constants;
import org.dromara.common.core.constant.GlobalConstants;
-import org.dromara.common.core.domain.model.LoginBody;
import org.dromara.common.core.domain.model.LoginUser;
+import org.dromara.common.core.domain.model.PasswordLoginBody;
import org.dromara.common.core.enums.LoginType;
import org.dromara.common.core.enums.UserStatus;
import org.dromara.common.core.exception.user.CaptchaException;
@@ -19,13 +19,13 @@
import org.dromara.common.core.utils.MessageUtils;
import org.dromara.common.core.utils.StringUtils;
import org.dromara.common.core.utils.ValidatorUtils;
-import org.dromara.common.core.validate.auth.PasswordGroup;
+import org.dromara.common.json.utils.JsonUtils;
import org.dromara.common.redis.utils.RedisUtils;
import org.dromara.common.satoken.utils.LoginHelper;
import org.dromara.common.tenant.helper.TenantHelper;
import org.dromara.common.web.config.properties.CaptchaProperties;
-import org.dromara.system.domain.SysClient;
import org.dromara.system.domain.SysUser;
+import org.dromara.system.domain.vo.SysClientVo;
import org.dromara.system.domain.vo.SysUserVo;
import org.dromara.system.mapper.SysUserMapper;
import org.dromara.web.domain.vo.LoginVo;
@@ -48,12 +48,9 @@
private final SysUserMapper userMapper;
@Override
- public void validate(LoginBody loginBody) {
- ValidatorUtils.validate(loginBody, PasswordGroup.class);
- }
-
- @Override
- public LoginVo login(String clientId, LoginBody loginBody, SysClient client) {
+ public LoginVo login(String body, SysClientVo client) {
+ PasswordLoginBody loginBody = JsonUtils.parseObject(body, PasswordLoginBody.class);
+ ValidatorUtils.validate(loginBody);
String tenantId = loginBody.getTenantId();
String username = loginBody.getUsername();
String password = loginBody.getPassword();
@@ -65,28 +62,28 @@
if (captchaEnabled) {
validateCaptcha(tenantId, username, code, uuid);
}
-
- SysUserVo user = loadUserByUsername(tenantId, username);
- loginService.checkLogin(LoginType.PASSWORD, tenantId, username, () -> !BCrypt.checkpw(password, user.getPassword()));
- // 姝ゅ鍙牴鎹櫥褰曠敤鎴风殑鏁版嵁涓嶅悓 鑷鍒涘缓 loginUser
- LoginUser loginUser = loginService.buildLoginUser(user);
+ LoginUser loginUser = TenantHelper.dynamic(tenantId, () -> {
+ SysUserVo user = loadUserByUsername(username);
+ loginService.checkLogin(LoginType.PASSWORD, tenantId, username, () -> !BCrypt.checkpw(password, user.getPassword()));
+ // 姝ゅ鍙牴鎹櫥褰曠敤鎴风殑鏁版嵁涓嶅悓 鑷鍒涘缓 loginUser
+ return loginService.buildLoginUser(user);
+ });
+ loginUser.setClientKey(client.getClientKey());
+ loginUser.setDeviceType(client.getDeviceType());
SaLoginModel model = new SaLoginModel();
model.setDevice(client.getDeviceType());
// 鑷畾涔夊垎閰� 涓嶅悓鐢ㄦ埛浣撶郴 涓嶅悓 token 鎺堟潈鏃堕棿 涓嶈缃粯璁よ蛋鍏ㄥ眬 yml 閰嶇疆
// 渚嬪: 鍚庡彴鐢ㄦ埛30鍒嗛挓杩囨湡 app鐢ㄦ埛1澶╄繃鏈�
model.setTimeout(client.getTimeout());
model.setActiveTimeout(client.getActiveTimeout());
- model.setExtra(LoginHelper.CLIENT_KEY, clientId);
+ model.setExtra(LoginHelper.CLIENT_KEY, client.getClientId());
// 鐢熸垚token
LoginHelper.login(loginUser, model);
-
- loginService.recordLogininfor(loginUser.getTenantId(), username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success"));
- loginService.recordLoginInfo(user.getUserId());
LoginVo loginVo = new LoginVo();
loginVo.setAccessToken(StpUtil.getTokenValue());
loginVo.setExpireIn(StpUtil.getTokenTimeout());
- loginVo.setClientId(clientId);
+ loginVo.setClientId(client.getClientId());
return loginVo;
}
@@ -98,7 +95,7 @@
* @param uuid 鍞竴鏍囪瘑
*/
private void validateCaptcha(String tenantId, String username, String code, String uuid) {
- String verifyKey = GlobalConstants.CAPTCHA_CODE_KEY + StringUtils.defaultString(uuid, "");
+ String verifyKey = GlobalConstants.CAPTCHA_CODE_KEY + StringUtils.blankToDefault(uuid, "");
String captcha = RedisUtils.getCacheObject(verifyKey);
RedisUtils.deleteObject(verifyKey);
if (captcha == null) {
@@ -111,11 +108,8 @@
}
}
- private SysUserVo loadUserByUsername(String tenantId, String username) {
- SysUser user = userMapper.selectOne(new LambdaQueryWrapper<SysUser>()
- .select(SysUser::getUserName, SysUser::getStatus)
- .eq(TenantHelper.isEnable(), SysUser::getTenantId, tenantId)
- .eq(SysUser::getUserName, username));
+ private SysUserVo loadUserByUsername(String username) {
+ SysUserVo user = userMapper.selectVoOne(new LambdaQueryWrapper<SysUser>().eq(SysUser::getUserName, username));
if (ObjectUtil.isNull(user)) {
log.info("鐧诲綍鐢ㄦ埛锛歿} 涓嶅瓨鍦�.", username);
throw new UserException("user.not.exists", username);
@@ -123,10 +117,7 @@
log.info("鐧诲綍鐢ㄦ埛锛歿} 宸茶鍋滅敤.", username);
throw new UserException("user.blocked", username);
}
- if (TenantHelper.isEnable()) {
- return userMapper.selectTenantUserByUserName(username, tenantId);
- }
- return userMapper.selectUserByUserName(username);
+ return user;
}
}
--
Gitblit v1.9.3