From 9ed5b521d613edb51b160cca931ee680019e2896 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期二, 07 三月 2023 22:26:13 +0800
Subject: [PATCH] fix 修复 用户密码暴露问题
---
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysRoleController.java | 46 ++++++++++++++++++++++++++++++----------------
1 files changed, 30 insertions(+), 16 deletions(-)
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysRoleController.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysRoleController.java
index 02dc7ab..96400f6 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysRoleController.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysRoleController.java
@@ -1,8 +1,10 @@
package com.ruoyi.system.controller.system;
import cn.dev33.satoken.annotation.SaCheckPermission;
-import cn.hutool.core.util.ObjectUtil;
-import com.ruoyi.common.core.constant.UserConstants;
+import cn.dev33.satoken.exception.NotLoginException;
+import cn.dev33.satoken.stp.StpUtil;
+import cn.hutool.core.collection.CollUtil;
+import com.ruoyi.common.core.constant.GlobalConstants;
import com.ruoyi.common.core.domain.R;
import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.common.excel.utils.ExcelUtil;
@@ -12,17 +14,17 @@
import com.ruoyi.common.mybatis.core.page.TableDataInfo;
import com.ruoyi.common.satoken.utils.LoginHelper;
import com.ruoyi.common.web.core.BaseController;
-import com.ruoyi.system.domain.SysDept;
import com.ruoyi.system.domain.SysUserRole;
+import com.ruoyi.system.domain.bo.SysDeptBo;
import com.ruoyi.system.domain.bo.SysRoleBo;
import com.ruoyi.system.domain.bo.SysUserBo;
import com.ruoyi.system.domain.vo.DeptTreeSelectVo;
import com.ruoyi.system.domain.vo.SysRoleVo;
import com.ruoyi.system.domain.vo.SysUserVo;
import com.ruoyi.system.service.ISysDeptService;
+import com.ruoyi.system.service.ISysPermissionService;
import com.ruoyi.system.service.ISysRoleService;
import com.ruoyi.system.service.ISysUserService;
-import com.ruoyi.system.service.SysPermissionService;
import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;
import org.springframework.validation.annotation.Validated;
@@ -44,7 +46,7 @@
private final ISysRoleService roleService;
private final ISysUserService userService;
private final ISysDeptService deptService;
- private final SysPermissionService permissionService;
+ private final ISysPermissionService permissionService;
/**
* 鑾峰彇瑙掕壊淇℃伅鍒楄〃
@@ -85,9 +87,9 @@
@Log(title = "瑙掕壊绠$悊", businessType = BusinessType.INSERT)
@PostMapping
public R<Void> add(@Validated @RequestBody SysRoleBo role) {
- if (UserConstants.NOT_UNIQUE.equals(roleService.checkRoleNameUnique(role))) {
+ if (!roleService.checkRoleNameUnique(role)) {
return R.fail("鏂板瑙掕壊'" + role.getRoleName() + "'澶辫触锛岃鑹插悕绉板凡瀛樺湪");
- } else if (UserConstants.NOT_UNIQUE.equals(roleService.checkRoleKeyUnique(role))) {
+ } else if (!roleService.checkRoleKeyUnique(role)) {
return R.fail("鏂板瑙掕壊'" + role.getRoleName() + "'澶辫触锛岃鑹叉潈闄愬凡瀛樺湪");
}
return toAjax(roleService.insertRole(role));
@@ -103,20 +105,32 @@
public R<Void> edit(@Validated @RequestBody SysRoleBo role) {
roleService.checkRoleAllowed(role);
roleService.checkRoleDataScope(role.getRoleId());
- if (UserConstants.NOT_UNIQUE.equals(roleService.checkRoleNameUnique(role))) {
+ if (!roleService.checkRoleNameUnique(role)) {
return R.fail("淇敼瑙掕壊'" + role.getRoleName() + "'澶辫触锛岃鑹插悕绉板凡瀛樺湪");
- } else if (UserConstants.NOT_UNIQUE.equals(roleService.checkRoleKeyUnique(role))) {
+ } else if (!roleService.checkRoleKeyUnique(role)) {
return R.fail("淇敼瑙掕壊'" + role.getRoleName() + "'澶辫触锛岃鑹叉潈闄愬凡瀛樺湪");
}
if (roleService.updateRole(role) > 0) {
- // 鏇存柊缂撳瓨鐢ㄦ埛鏉冮檺
- LoginUser loginUser = LoginHelper.getLoginUser();
- SysUserVo sysUser = userService.selectUserById(loginUser.getUserId());
- if (ObjectUtil.isNotNull(sysUser) && !LoginHelper.isAdmin()) {
- loginUser.setMenuPermission(permissionService.getMenuPermission(sysUser.getUserId(), sysUser.isAdmin()));
- LoginHelper.setLoginUser(loginUser);
+ List<String> keys = StpUtil.searchTokenValue("", 0, -1, false);
+ if (CollUtil.isEmpty(keys)) {
+ return R.ok();
}
+ // 瑙掕壊鍏宠仈鐨勫湪绾跨敤鎴烽噺杩囧ぇ浼氬鑷磖edis闃诲鍗¢】 璋ㄦ厧鎿嶄綔
+ keys.parallelStream().forEach(key -> {
+ String token = key.replace(GlobalConstants.LOGIN_TOKEN_KEY, "");
+ // 濡傛灉宸茬粡杩囨湡鍒欒烦杩�
+ if (StpUtil.stpLogic.getTokenActivityTimeoutByToken(token) < -1) {
+ return;
+ }
+ LoginUser loginUser = LoginHelper.getLoginUser(token);
+ if (loginUser.getRoles().stream().anyMatch(r -> r.getRoleId().equals(role.getRoleId()))) {
+ try {
+ StpUtil.logoutByTokenValue(token);
+ } catch (NotLoginException ignored) {
+ }
+ }
+ });
return R.ok();
}
return R.fail("淇敼瑙掕壊'" + role.getRoleName() + "'澶辫触锛岃鑱旂郴绠$悊鍛�");
@@ -232,7 +246,7 @@
public R<DeptTreeSelectVo> roleDeptTreeselect(@PathVariable("roleId") Long roleId) {
DeptTreeSelectVo selectVo = new DeptTreeSelectVo();
selectVo.setCheckedKeys(deptService.selectDeptListByRoleId(roleId));
- selectVo.setDepts(deptService.selectDeptTreeList(new SysDept()));
+ selectVo.setDepts(deptService.selectDeptTreeList(new SysDeptBo()));
return R.ok(selectVo);
}
}
--
Gitblit v1.9.3