admin/MaxKey
1
0
Fork 0
mirror of https://gitee.com/dromara/MaxKey.git synced 2025-12-08 09:58:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

添加state校验

Browse Source
This commit is contained in:
orangebabu 2024-08-19 15:18:20 +08:00
parent bab15aee23
commit da9a0387c1
3 changed files with 27 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
maxkey-authentications/maxkey-authentication-core/src/main/java/org/dromara/maxkey/authn/ScanCode.java
View File

@ -15,6 +15,9 @@ public class ScanCode {
@NotEmpty(message = "登录方式不能为空") @NotEmpty(message = "登录方式不能为空")
String authType; String authType;
@NotEmpty(message = "state不能为空")
String state;
public @NotEmpty(message = "二维码内容不能为空") String getCode() { public @NotEmpty(message = "二维码内容不能为空") String getCode() {
return code; return code;
} }
@ -30,4 +33,12 @@ public class ScanCode {
public void setAuthType(@NotEmpty(message = "登录方式不能为空") String authType) { public void setAuthType(@NotEmpty(message = "登录方式不能为空") String authType) {
this.authType = authType; this.authType = authType;
} }
public @NotEmpty(message = "state不能为空") String getState() {
return state;
}
public void setState(@NotEmpty(message = "state不能为空") String state) {
this.state = state;
}
} }

1
maxkey-web-frontend/maxkey-web-app/src/app/routes/passport/login/login.component.ts
View File

@ -332,6 +332,7 @@ export class UserLoginComponent implements OnInit, OnDestroy {
this.qrCodeService.loginByQrCode({ this.qrCodeService.loginByQrCode({
authType: 'scancode', authType: 'scancode',
code: this.ticket, code: this.ticket,
state: this.state,
}).subscribe(res => { }).subscribe(res => {
if (res.code === 0) { if (res.code === 0) {
this.qrexpire = true; this.qrexpire = true;

8
maxkey-webs/maxkey-web-maxkey/src/main/java/org/dromara/maxkey/web/contorller/LoginEntryPoint.java
View File

@ -296,13 +296,12 @@ public class LoginEntryPoint {
@Operation(summary = "web二维码登录", description = "web二维码登录", method = "POST") @Operation(summary = "web二维码登录", description = "web二维码登录", method = "POST")
@PostMapping("/sign/qrcode") @PostMapping("/sign/qrcode")
public Message<AuthJwt> signByQrcode( HttpServletRequest request, public Message<AuthJwt> signByQrcode(@Validated @RequestBody ScanCode scanCode) {
HttpServletResponse response,
@Validated @RequestBody ScanCode scanCode) {
LoginCredential loginCredential = new LoginCredential(); LoginCredential loginCredential = new LoginCredential();
loginCredential.setAuthType(scanCode.getAuthType()); loginCredential.setAuthType(scanCode.getAuthType());
loginCredential.setUsername(scanCode.getCode()); loginCredential.setUsername(scanCode.getCode());
if(authTokenService.validateJwtToken(scanCode.getState())){
try { try {
Authentication authentication = authenticationProvider.authenticate(loginCredential); Authentication authentication = authenticationProvider.authenticate(loginCredential);
if (Objects.nonNull(authentication)) { if (Objects.nonNull(authentication)) {
@ -317,6 +316,9 @@ public class LoginEntryPoint {
} }
} }
return new Message<>(Message.FAIL);
}
@Operation(summary = "app扫描二维码", description = "扫描二维码登录", method = "POST") @Operation(summary = "app扫描二维码", description = "扫描二维码登录", method = "POST")
@PostMapping("/scanCode") @PostMapping("/scanCode")
public Message<String> scanCode(@Validated @RequestBody QrCodeCredentialDto credentialDto) throws ParseException { public Message<String> scanCode(@Validated @RequestBody QrCodeCredentialDto credentialDto) throws ParseException {