From 7a0aebcd77a398265b8453bcf415e831b27edb75 Mon Sep 17 00:00:00 2001
From: fit2cloud-chenyw <yawen.chen@fit2cloud.com>
Date: Fri, 26 Nov 2021 13:47:17 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20token=E9=AA=8C=E7=AD=BE=E9=80=BB?=
 =?UTF-8?q?=E8=BE=91=E9=94=99=E8=AF=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../src/main/java/io/dataease/auth/filter/JWTFilter.java  | 5 +++--
 backend/src/main/java/io/dataease/auth/util/JWTUtils.java | 8 ++++++++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/backend/src/main/java/io/dataease/auth/filter/JWTFilter.java b/backend/src/main/java/io/dataease/auth/filter/JWTFilter.java
index eca5609c22..a68673c3c1 100644
--- a/backend/src/main/java/io/dataease/auth/filter/JWTFilter.java
+++ b/backend/src/main/java/io/dataease/auth/filter/JWTFilter.java
@@ -1,5 +1,6 @@
 package io.dataease.auth.filter;
 
+import com.auth0.jwt.algorithms.Algorithm;
 import io.dataease.auth.entity.ASKToken;
 import io.dataease.auth.entity.JWTToken;
 import io.dataease.auth.entity.SysUserEntity;
@@ -115,9 +116,9 @@ public class JWTFilter extends BasicHttpAuthenticationFilter {
             DataEaseException.throwException(Translator.get("i18n_not_find_user"));
         }
         String password = user.getPassword();
-
+        Algorithm algorithm = Algorithm.HMAC256(password);
+        JWTUtils.verifySign(algorithm, token);
         String newToken = JWTUtils.sign(tokenInfo, password);
-
         // 设置响应的Header头新Token
         HttpServletResponse httpServletResponse = (HttpServletResponse) response;
         httpServletResponse.addHeader("Access-Control-Expose-Headers", "RefreshAuthorization");
diff --git a/backend/src/main/java/io/dataease/auth/util/JWTUtils.java b/backend/src/main/java/io/dataease/auth/util/JWTUtils.java
index ebdb72a180..dd10059a6f 100644
--- a/backend/src/main/java/io/dataease/auth/util/JWTUtils.java
+++ b/backend/src/main/java/io/dataease/auth/util/JWTUtils.java
@@ -35,15 +35,23 @@ public class JWTUtils {
      * @return 是否正确
      */
     public static boolean verify(String token, TokenInfo tokenInfo, String secret) {
+
         Algorithm algorithm = Algorithm.HMAC256(secret);
         Verification verification = JWT.require(algorithm)
                 .withClaim("username", tokenInfo.getUsername())
                 .withClaim("userId", tokenInfo.getUserId());
         JWTVerifier verifier = verification.build();
+
+        verifySign(algorithm, token);
         verifier.verify(token);
         return true;
     }
 
+    public static void verifySign(Algorithm algorithm, String token) {
+        DecodedJWT decode = JWT.decode(token);
+        algorithm.verify(decode);
+    }
+
     /**
      * 获得token中的信息无需secret解密也能获得
      *