From 098d3347a0df808908aab8c554cd7c4febc5e6d9 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期一, 26 八月 2024 11:43:59 +0800
Subject: [PATCH] !577 发布 5.2.2 正式版 安全性提升 Merge pull request !577 from 疯狂的狮子Li/dev
---
ruoyi-admin/src/main/java/org/dromara/web/service/impl/SocialAuthStrategy.java | 91 ++++++++++++++++++++++-----------------------
1 files changed, 44 insertions(+), 47 deletions(-)
diff --git a/ruoyi-admin/src/main/java/org/dromara/web/service/impl/SocialAuthStrategy.java b/ruoyi-admin/src/main/java/org/dromara/web/service/impl/SocialAuthStrategy.java
index f59babb..8463026 100644
--- a/ruoyi-admin/src/main/java/org/dromara/web/service/impl/SocialAuthStrategy.java
+++ b/ruoyi-admin/src/main/java/org/dromara/web/service/impl/SocialAuthStrategy.java
@@ -2,31 +2,28 @@
import cn.dev33.satoken.stp.SaLoginModel;
import cn.dev33.satoken.stp.StpUtil;
+import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.map.MapUtil;
import cn.hutool.core.util.ObjectUtil;
-import cn.hutool.core.util.StrUtil;
import cn.hutool.http.HttpUtil;
import cn.hutool.http.Method;
-import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import me.zhyd.oauth.model.AuthResponse;
import me.zhyd.oauth.model.AuthUser;
-import org.dromara.common.core.constant.Constants;
-import org.dromara.common.core.domain.model.LoginBody;
import org.dromara.common.core.domain.model.LoginUser;
+import org.dromara.common.core.domain.model.SocialLoginBody;
import org.dromara.common.core.enums.UserStatus;
import org.dromara.common.core.exception.ServiceException;
import org.dromara.common.core.exception.user.UserException;
-import org.dromara.common.core.utils.MessageUtils;
+import org.dromara.common.core.utils.StreamUtils;
import org.dromara.common.core.utils.ValidatorUtils;
-import org.dromara.common.core.validate.auth.SocialGroup;
+import org.dromara.common.json.utils.JsonUtils;
import org.dromara.common.satoken.utils.LoginHelper;
import org.dromara.common.social.config.properties.SocialProperties;
import org.dromara.common.social.utils.SocialUtils;
import org.dromara.common.tenant.helper.TenantHelper;
-import org.dromara.system.domain.SysClient;
-import org.dromara.system.domain.SysUser;
+import org.dromara.system.domain.vo.SysClientVo;
import org.dromara.system.domain.vo.SysSocialVo;
import org.dromara.system.domain.vo.SysUserVo;
import org.dromara.system.mapper.SysUserMapper;
@@ -35,6 +32,9 @@
import org.dromara.web.service.IAuthStrategy;
import org.dromara.web.service.SysLoginService;
import org.springframework.stereotype.Service;
+
+import java.util.List;
+import java.util.Optional;
/**
* 绗笁鏂规巿鏉冪瓥鐣�
@@ -51,22 +51,19 @@
private final SysUserMapper userMapper;
private final SysLoginService loginService;
-
- @Override
- public void validate(LoginBody loginBody) {
- ValidatorUtils.validate(loginBody, SocialGroup.class);
- }
-
/**
* 鐧诲綍-绗笁鏂规巿鏉冪櫥褰�
*
- * @param clientId 瀹㈡埛绔痠d
- * @param loginBody 鐧诲綍淇℃伅
- * @param client 瀹㈡埛绔俊鎭�
+ * @param body 鐧诲綍淇℃伅
+ * @param client 瀹㈡埛绔俊鎭�
*/
@Override
- public LoginVo login(String clientId, LoginBody loginBody, SysClient client) {
- AuthResponse<AuthUser> response = SocialUtils.loginAuth(loginBody, socialProperties);
+ public LoginVo login(String body, SysClientVo client) {
+ SocialLoginBody loginBody = JsonUtils.parseObject(body, SocialLoginBody.class);
+ ValidatorUtils.validate(loginBody);
+ AuthResponse<AuthUser> response = SocialUtils.loginAuth(
+ loginBody.getSource(), loginBody.getSocialCode(),
+ loginBody.getSocialState(), socialProperties);
if (!response.ok()) {
throw new ServiceException(response.getMsg());
}
@@ -74,50 +71,53 @@
if ("GITEE".equals(authUserData.getSource())) {
// 濡傜敤鎴蜂娇鐢� gitee 鐧诲綍椤烘墜 star 缁欎綔鑰呬竴鐐规敮鎸� 鎷掔粷鐧藉珫
HttpUtil.createRequest(Method.PUT, "https://gitee.com/api/v5/user/starred/dromara/RuoYi-Vue-Plus")
- .formStr(MapUtil.of("access_token", authUserData.getToken().getAccessToken()))
- .executeAsync();
+ .formStr(MapUtil.of("access_token", authUserData.getToken().getAccessToken()))
+ .executeAsync();
HttpUtil.createRequest(Method.PUT, "https://gitee.com/api/v5/user/starred/dromara/RuoYi-Cloud-Plus")
- .formStr(MapUtil.of("access_token", authUserData.getToken().getAccessToken()))
- .executeAsync();
+ .formStr(MapUtil.of("access_token", authUserData.getToken().getAccessToken()))
+ .executeAsync();
}
- SysSocialVo social = sysSocialService.selectByAuthId(authUserData.getSource() + authUserData.getUuid());
- if (!ObjectUtil.isNotNull(social)) {
+ List<SysSocialVo> list = sysSocialService.selectByAuthId(authUserData.getSource() + authUserData.getUuid());
+ if (CollUtil.isEmpty(list)) {
throw new ServiceException("浣犺繕娌℃湁缁戝畾绗笁鏂硅处鍙凤紝缁戝畾鍚庢墠鍙互鐧诲綍锛�");
}
- // 楠岃瘉鎺堟潈琛ㄩ噷闈㈢殑绉熸埛id鏄惁鍖呭惈褰撳墠绉熸埛id
- String tenantId = social.getTenantId();
- if (ObjectUtil.isNotNull(social) && StrUtil.isNotBlank(tenantId)
- && !tenantId.contains(loginBody.getTenantId())) {
- throw new ServiceException("瀵逛笉璧凤紝浣犳病鏈夋潈闄愮櫥褰曞綋鍓嶇鎴凤紒");
+ SysSocialVo social;
+ if (TenantHelper.isEnable()) {
+ Optional<SysSocialVo> opt = StreamUtils.findAny(list, x -> x.getTenantId().equals(loginBody.getTenantId()));
+ if (opt.isEmpty()) {
+ throw new ServiceException("瀵逛笉璧凤紝浣犳病鏈夋潈闄愮櫥褰曞綋鍓嶇鎴凤紒");
+ }
+ social = opt.get();
+ } else {
+ social = list.get(0);
}
-
- // 鏌ユ壘鐢ㄦ埛
- SysUserVo user = loadUser(tenantId, social.getUserId());
-
- // 姝ゅ鍙牴鎹櫥褰曠敤鎴风殑鏁版嵁涓嶅悓 鑷鍒涘缓 loginUser 灞炴�т笉澶熺敤缁ф壙鎵╁睍灏辫浜�
- LoginUser loginUser = loginService.buildLoginUser(user);
+ LoginUser loginUser = TenantHelper.dynamic(social.getTenantId(), () -> {
+ SysUserVo user = loadUser(social.getUserId());
+ // 姝ゅ鍙牴鎹櫥褰曠敤鎴风殑鏁版嵁涓嶅悓 鑷鍒涘缓 loginUser 灞炴�т笉澶熺敤缁ф壙鎵╁睍灏辫浜�
+ return loginService.buildLoginUser(user);
+ });
+ loginUser.setClientKey(client.getClientKey());
+ loginUser.setDeviceType(client.getDeviceType());
SaLoginModel model = new SaLoginModel();
model.setDevice(client.getDeviceType());
// 鑷畾涔夊垎閰� 涓嶅悓鐢ㄦ埛浣撶郴 涓嶅悓 token 鎺堟潈鏃堕棿 涓嶈缃粯璁よ蛋鍏ㄥ眬 yml 閰嶇疆
// 渚嬪: 鍚庡彴鐢ㄦ埛30鍒嗛挓杩囨湡 app鐢ㄦ埛1澶╄繃鏈�
model.setTimeout(client.getTimeout());
model.setActiveTimeout(client.getActiveTimeout());
+ model.setExtra(LoginHelper.CLIENT_KEY, client.getClientId());
// 鐢熸垚token
LoginHelper.login(loginUser, model);
- loginService.recordLogininfor(loginUser.getTenantId(), user.getUserName(), Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success"));
- loginService.recordLoginInfo(user.getUserId());
LoginVo loginVo = new LoginVo();
loginVo.setAccessToken(StpUtil.getTokenValue());
+ loginVo.setExpireIn(StpUtil.getTokenTimeout());
+ loginVo.setClientId(client.getClientId());
return loginVo;
}
- private SysUserVo loadUser(String tenantId, Long userId) {
- SysUser user = userMapper.selectOne(new LambdaQueryWrapper<SysUser>()
- .select(SysUser::getUserName, SysUser::getStatus)
- .eq(TenantHelper.isEnable(), SysUser::getTenantId, tenantId)
- .eq(SysUser::getUserId, userId));
+ private SysUserVo loadUser(Long userId) {
+ SysUserVo user = userMapper.selectVoById(userId);
if (ObjectUtil.isNull(user)) {
log.info("鐧诲綍鐢ㄦ埛锛歿} 涓嶅瓨鍦�.", "");
throw new UserException("user.not.exists", "");
@@ -125,10 +125,7 @@
log.info("鐧诲綍鐢ㄦ埛锛歿} 宸茶鍋滅敤.", "");
throw new UserException("user.blocked", "");
}
- if (TenantHelper.isEnable()) {
- return userMapper.selectTenantUserByUserName(user.getUserName(), tenantId);
- }
- return userMapper.selectUserByUserName(user.getUserName());
+ return user;
}
}
--
Gitblit v1.9.3