fix: 用户停用还可以登录

2021-04-28 12:16:07 +08:00 · 2021-04-28 12:16:07 +08:00 · 65d1808488
commit 65d1808488
parent 787123ae4a
3 changed files with 14 additions and 3 deletions
--- a/backend/src/main/java/io/dataease/auth/config/F2CRealm.java
+++ b/backend/src/main/java/io/dataease/auth/config/F2CRealm.java
@ -68,6 +68,9 @@ public class F2CRealm extends AuthorizingRealm {
        if (user == null) {
            throw new AuthenticationException("User didn't existed!");
        }
        if (user.getEnabled()==0) {
            throw new AuthenticationException("User is valid!");
        }
        String pass = null;
        try {
            pass = user.getPassword();
--- a/backend/src/main/java/io/dataease/auth/server/AuthServer.java
+++ b/backend/src/main/java/io/dataease/auth/server/AuthServer.java
@ -35,10 +35,14 @@ public class AuthServer implements AuthApi {
        String username = loginDto.getUsername();
        String password = loginDto.getPassword();
        SysUserEntity user = authUserService.getUserByName(username);
-        String realPwd = user.getPassword();
+
        if (ObjectUtils.isEmpty(user)){
            throw new RuntimeException("没有该用户！");
        }
        if (user.getEnabled()==0){
            throw new RuntimeException("用户已经失效！");
        }
        String realPwd = user.getPassword();
        //私钥解密
        String pwd = RsaUtil.decryptByPrivateKey(RsaProperties.privateKey, password);
        //md5加密
--- a/backend/src/main/java/io/dataease/service/sys/SysUserService.java
+++ b/backend/src/main/java/io/dataease/service/sys/SysUserService.java
@ -15,12 +15,12 @@ import io.dataease.controller.sys.base.BaseGridRequest;
 import io.dataease.controller.sys.request.SysUserCreateRequest;
 import io.dataease.controller.sys.request.SysUserPwdRequest;
 import io.dataease.controller.sys.request.SysUserStateRequest;
 import io.dataease.controller.sys.request.UserGridRequest;
 import io.dataease.controller.sys.response.SysUserGridResponse;
 import io.dataease.controller.sys.response.SysUserRole;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.cache.annotation.CacheEvict;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
@ -31,7 +31,10 @@ import java.util.stream.Collectors;
@Service
 public class SysUserService {
-    private final static String DEFAULT_PWD = "DataEase123..";
+    //private final static String DEFAULT_PWD = "DataEase123..";
    @Value("${dataease.init_password:DataEase123..}")
    private String DEFAULT_PWD;
    @Resource
    private SysUserMapper sysUserMapper;
@ -89,6 +92,7 @@ public class SysUserService {
    }
    @CacheEvict(value = AuthConstants.USER_CACHE_NAME, key = "'user' + #request.userId")
    public int updateStatus(SysUserStateRequest request){
        SysUser sysUser = new SysUser();
        sysUser.setUserId(request.getUserId());