From 146c268dff91432c368d610e7fdea9a3a75fdba8 Mon Sep 17 00:00:00 2001
From: 丶Stone <244251889@qq.com>
Date: 星期三, 30 八月 2023 21:35:57 +0800
Subject: [PATCH] !416 fix 修复可能会存在的越权行为 * fix 修复可能会存在的越权行为

---
 ruoyi-common/ruoyi-common-satoken/src/main/java/org/dromara/common/satoken/utils/LoginHelper.java |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/ruoyi-common/ruoyi-common-satoken/src/main/java/org/dromara/common/satoken/utils/LoginHelper.java b/ruoyi-common/ruoyi-common-satoken/src/main/java/org/dromara/common/satoken/utils/LoginHelper.java
index 22c160a..2bbcd0d 100644
--- a/ruoyi-common/ruoyi-common-satoken/src/main/java/org/dromara/common/satoken/utils/LoginHelper.java
+++ b/ruoyi-common/ruoyi-common-satoken/src/main/java/org/dromara/common/satoken/utils/LoginHelper.java
@@ -52,7 +52,7 @@
         StpUtil.login(loginUser.getLoginId(),
             model.setExtra(TENANT_KEY, loginUser.getTenantId())
                 .setExtra(USER_KEY, loginUser.getUserId()));
-        StpUtil.getTokenSession().set(LOGIN_USER_KEY, loginUser);
+        StpUtil.getSession().set(LOGIN_USER_KEY, loginUser);
     }
 
     /**
@@ -63,7 +63,7 @@
         if (loginUser != null) {
             return loginUser;
         }
-        SaSession session = StpUtil.getTokenSession();
+        SaSession session = StpUtil.getSession();
         if (ObjectUtil.isNull(session)) {
             return null;
         }
@@ -76,7 +76,8 @@
      * 鑾峰彇鐢ㄦ埛鍩轰簬token
      */
     public static LoginUser getLoginUser(String token) {
-        SaSession session = StpUtil.getTokenSessionByToken(token);
+        Object loginId = StpUtil.getLoginIdByToken(token);
+        SaSession session = StpUtil.getSessionByLoginId(loginId);
         if (ObjectUtil.isNull(session)) {
             return null;
         }

--
Gitblit v1.9.3