From 098d3347a0df808908aab8c554cd7c4febc5e6d9 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期一, 26 八月 2024 11:43:59 +0800
Subject: [PATCH] !577 发布 5.2.2 正式版 安全性提升 Merge pull request !577 from 疯狂的狮子Li/dev
---
ruoyi-admin/src/main/java/org/dromara/web/service/impl/PasswordAuthStrategy.java | 32 ++++++++++++--------------------
1 files changed, 12 insertions(+), 20 deletions(-)
diff --git a/ruoyi-admin/src/main/java/org/dromara/web/service/impl/PasswordAuthStrategy.java b/ruoyi-admin/src/main/java/org/dromara/web/service/impl/PasswordAuthStrategy.java
index 95c7aed..f28024f 100644
--- a/ruoyi-admin/src/main/java/org/dromara/web/service/impl/PasswordAuthStrategy.java
+++ b/ruoyi-admin/src/main/java/org/dromara/web/service/impl/PasswordAuthStrategy.java
@@ -24,8 +24,8 @@
import org.dromara.common.satoken.utils.LoginHelper;
import org.dromara.common.tenant.helper.TenantHelper;
import org.dromara.common.web.config.properties.CaptchaProperties;
-import org.dromara.system.domain.SysClient;
import org.dromara.system.domain.SysUser;
+import org.dromara.system.domain.vo.SysClientVo;
import org.dromara.system.domain.vo.SysUserVo;
import org.dromara.system.mapper.SysUserMapper;
import org.dromara.web.domain.vo.LoginVo;
@@ -48,7 +48,7 @@
private final SysUserMapper userMapper;
@Override
- public LoginVo login(String body, SysClient client) {
+ public LoginVo login(String body, SysClientVo client) {
PasswordLoginBody loginBody = JsonUtils.parseObject(body, PasswordLoginBody.class);
ValidatorUtils.validate(loginBody);
String tenantId = loginBody.getTenantId();
@@ -62,11 +62,12 @@
if (captchaEnabled) {
validateCaptcha(tenantId, username, code, uuid);
}
-
- SysUserVo user = loadUserByUsername(tenantId, username);
- loginService.checkLogin(LoginType.PASSWORD, tenantId, username, () -> !BCrypt.checkpw(password, user.getPassword()));
- // 姝ゅ鍙牴鎹櫥褰曠敤鎴风殑鏁版嵁涓嶅悓 鑷鍒涘缓 loginUser
- LoginUser loginUser = loginService.buildLoginUser(user);
+ LoginUser loginUser = TenantHelper.dynamic(tenantId, () -> {
+ SysUserVo user = loadUserByUsername(username);
+ loginService.checkLogin(LoginType.PASSWORD, tenantId, username, () -> !BCrypt.checkpw(password, user.getPassword()));
+ // 姝ゅ鍙牴鎹櫥褰曠敤鎴风殑鏁版嵁涓嶅悓 鑷鍒涘缓 loginUser
+ return loginService.buildLoginUser(user);
+ });
loginUser.setClientKey(client.getClientKey());
loginUser.setDeviceType(client.getDeviceType());
SaLoginModel model = new SaLoginModel();
@@ -78,9 +79,6 @@
model.setExtra(LoginHelper.CLIENT_KEY, client.getClientId());
// 鐢熸垚token
LoginHelper.login(loginUser, model);
-
- loginService.recordLogininfor(loginUser.getTenantId(), username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success"));
- loginService.recordLoginInfo(user.getUserId());
LoginVo loginVo = new LoginVo();
loginVo.setAccessToken(StpUtil.getTokenValue());
@@ -97,7 +95,7 @@
* @param uuid 鍞竴鏍囪瘑
*/
private void validateCaptcha(String tenantId, String username, String code, String uuid) {
- String verifyKey = GlobalConstants.CAPTCHA_CODE_KEY + StringUtils.defaultString(uuid, "");
+ String verifyKey = GlobalConstants.CAPTCHA_CODE_KEY + StringUtils.blankToDefault(uuid, "");
String captcha = RedisUtils.getCacheObject(verifyKey);
RedisUtils.deleteObject(verifyKey);
if (captcha == null) {
@@ -110,11 +108,8 @@
}
}
- private SysUserVo loadUserByUsername(String tenantId, String username) {
- SysUser user = userMapper.selectOne(new LambdaQueryWrapper<SysUser>()
- .select(SysUser::getUserName, SysUser::getStatus)
- .eq(TenantHelper.isEnable(), SysUser::getTenantId, tenantId)
- .eq(SysUser::getUserName, username));
+ private SysUserVo loadUserByUsername(String username) {
+ SysUserVo user = userMapper.selectVoOne(new LambdaQueryWrapper<SysUser>().eq(SysUser::getUserName, username));
if (ObjectUtil.isNull(user)) {
log.info("鐧诲綍鐢ㄦ埛锛歿} 涓嶅瓨鍦�.", username);
throw new UserException("user.not.exists", username);
@@ -122,10 +117,7 @@
log.info("鐧诲綍鐢ㄦ埛锛歿} 宸茶鍋滅敤.", username);
throw new UserException("user.blocked", username);
}
- if (TenantHelper.isEnable()) {
- return userMapper.selectTenantUserByUserName(username, tenantId);
- }
- return userMapper.selectUserByUserName(username);
+ return user;
}
}
--
Gitblit v1.9.3