From 098d3347a0df808908aab8c554cd7c4febc5e6d9 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期一, 26 八月 2024 11:43:59 +0800
Subject: [PATCH] !577 发布 5.2.2 正式版 安全性提升 Merge pull request !577 from 疯狂的狮子Li/dev
---
ruoyi-admin/src/main/java/org/dromara/web/service/impl/SmsAuthStrategy.java | 36 ++++++++++++++++--------------------
1 files changed, 16 insertions(+), 20 deletions(-)
diff --git a/ruoyi-admin/src/main/java/org/dromara/web/service/impl/SmsAuthStrategy.java b/ruoyi-admin/src/main/java/org/dromara/web/service/impl/SmsAuthStrategy.java
index f883632..89f8462 100644
--- a/ruoyi-admin/src/main/java/org/dromara/web/service/impl/SmsAuthStrategy.java
+++ b/ruoyi-admin/src/main/java/org/dromara/web/service/impl/SmsAuthStrategy.java
@@ -21,7 +21,6 @@
import org.dromara.common.redis.utils.RedisUtils;
import org.dromara.common.satoken.utils.LoginHelper;
import org.dromara.common.tenant.helper.TenantHelper;
-import org.dromara.system.domain.SysClient;
import org.dromara.system.domain.SysUser;
import org.dromara.system.domain.vo.SysClientVo;
import org.dromara.system.domain.vo.SysUserVo;
@@ -51,13 +50,12 @@
String tenantId = loginBody.getTenantId();
String phonenumber = loginBody.getPhonenumber();
String smsCode = loginBody.getSmsCode();
-
- // 閫氳繃鎵嬫満鍙锋煡鎵剧敤鎴�
- SysUserVo user = loadUserByPhonenumber(tenantId, phonenumber);
-
- loginService.checkLogin(LoginType.SMS, tenantId, user.getUserName(), () -> !validateSmsCode(tenantId, phonenumber, smsCode));
- // 姝ゅ鍙牴鎹櫥褰曠敤鎴风殑鏁版嵁涓嶅悓 鑷鍒涘缓 loginUser 灞炴�т笉澶熺敤缁ф壙鎵╁睍灏辫浜�
- LoginUser loginUser = loginService.buildLoginUser(user);
+ LoginUser loginUser = TenantHelper.dynamic(tenantId, () -> {
+ SysUserVo user = loadUserByPhonenumber(phonenumber);
+ loginService.checkLogin(LoginType.SMS, tenantId, user.getUserName(), () -> !validateSmsCode(tenantId, phonenumber, smsCode));
+ // 姝ゅ鍙牴鎹櫥褰曠敤鎴风殑鏁版嵁涓嶅悓 鑷鍒涘缓 loginUser 灞炴�т笉澶熺敤缁ф壙鎵╁睍灏辫浜�
+ return loginService.buildLoginUser(user);
+ });
loginUser.setClientKey(client.getClientKey());
loginUser.setDeviceType(client.getDeviceType());
SaLoginModel model = new SaLoginModel();
@@ -89,18 +87,16 @@
return code.equals(smsCode);
}
- private SysUserVo loadUserByPhonenumber(String tenantId, String phonenumber) {
- return TenantHelper.dynamic(tenantId, () -> {
- SysUserVo user = userMapper.selectVoOne(new LambdaQueryWrapper<SysUser>().eq(SysUser::getPhonenumber, phonenumber));
- if (ObjectUtil.isNull(user)) {
- log.info("鐧诲綍鐢ㄦ埛锛歿} 涓嶅瓨鍦�.", phonenumber);
- throw new UserException("user.not.exists", phonenumber);
- } else if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {
- log.info("鐧诲綍鐢ㄦ埛锛歿} 宸茶鍋滅敤.", phonenumber);
- throw new UserException("user.blocked", phonenumber);
- }
- return user;
- });
+ private SysUserVo loadUserByPhonenumber(String phonenumber) {
+ SysUserVo user = userMapper.selectVoOne(new LambdaQueryWrapper<SysUser>().eq(SysUser::getPhonenumber, phonenumber));
+ if (ObjectUtil.isNull(user)) {
+ log.info("鐧诲綍鐢ㄦ埛锛歿} 涓嶅瓨鍦�.", phonenumber);
+ throw new UserException("user.not.exists", phonenumber);
+ } else if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {
+ log.info("鐧诲綍鐢ㄦ埛锛歿} 宸茶鍋滅敤.", phonenumber);
+ throw new UserException("user.blocked", phonenumber);
+ }
+ return user;
}
}
--
Gitblit v1.9.3