admin/MaxKey
1
0
Fork 0
mirror of https://gitee.com/dromara/MaxKey.git synced 2025-12-08 01:48:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

添加state校验

Browse Source
This commit is contained in:
orangebabu 2024-08-19 15:18:20 +08:00
parent bab15aee23
commit da9a0387c1
3 changed files with 27 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
maxkey-authentications/maxkey-authentication-core/src/main/java/org/dromara/maxkey/authn/ScanCode.java
View File

@ -15,6 +15,9 @@ public class ScanCode {
@NotEmpty(message = "登录方式不能为空") @NotEmpty(message = "登录方式不能为空")
String authType; String authType;
@NotEmpty(message = "state不能为空")
String state;
public @NotEmpty(message = "二维码内容不能为空") String getCode() { public @NotEmpty(message = "二维码内容不能为空") String getCode() {
return code; return code;
} }
@ -30,4 +33,12 @@ public class ScanCode {
public void setAuthType(@NotEmpty(message = "登录方式不能为空") String authType) { public void setAuthType(@NotEmpty(message = "登录方式不能为空") String authType) {
this.authType = authType; this.authType = authType;
} }
public @NotEmpty(message = "state不能为空") String getState() {
return state;
}
public void setState(@NotEmpty(message = "state不能为空") String state) {
this.state = state;
}
} }

1
maxkey-web-frontend/maxkey-web-app/src/app/routes/passport/login/login.component.ts
View File

@ -332,6 +332,7 @@ export class UserLoginComponent implements OnInit, OnDestroy {
this.qrCodeService.loginByQrCode({ this.qrCodeService.loginByQrCode({
authType: 'scancode', authType: 'scancode',
code: this.ticket, code: this.ticket,
state: this.state,
}).subscribe(res => { }).subscribe(res => {
if (res.code === 0) { if (res.code === 0) {
this.qrexpire = true; this.qrexpire = true;

28
maxkey-webs/maxkey-web-maxkey/src/main/java/org/dromara/maxkey/web/contorller/LoginEntryPoint.java
View File

@ -296,25 +296,27 @@ public class LoginEntryPoint {
@Operation(summary = "web二维码登录", description = "web二维码登录", method = "POST") @Operation(summary = "web二维码登录", description = "web二维码登录", method = "POST")
@PostMapping("/sign/qrcode") @PostMapping("/sign/qrcode")
public Message<AuthJwt> signByQrcode( HttpServletRequest request, public Message<AuthJwt> signByQrcode(@Validated @RequestBody ScanCode scanCode) {
HttpServletResponse response,
@Validated @RequestBody ScanCode scanCode) {
LoginCredential loginCredential = new LoginCredential(); LoginCredential loginCredential = new LoginCredential();
loginCredential.setAuthType(scanCode.getAuthType()); loginCredential.setAuthType(scanCode.getAuthType());
loginCredential.setUsername(scanCode.getCode()); loginCredential.setUsername(scanCode.getCode());
try { if(authTokenService.validateJwtToken(scanCode.getState())){
Authentication authentication = authenticationProvider.authenticate(loginCredential); try {
if (Objects.nonNull(authentication)) { Authentication authentication = authenticationProvider.authenticate(loginCredential);
//success if (Objects.nonNull(authentication)) {
AuthJwt authJwt = authTokenService.genAuthJwt(authentication); //success
return new Message<>(authJwt); AuthJwt authJwt = authTokenService.genAuthJwt(authentication);
} else { return new Message<>(authJwt);
return new Message<>(Message.FAIL, "尚未扫码"); } else {
return new Message<>(Message.FAIL, "尚未扫码");
}
} catch (BusinessException businessException) {
return new Message<>(businessException.getCode(), businessException.getMessage());
} }
} catch (BusinessException businessException) {
return new Message<>(businessException.getCode(), businessException.getMessage());
} }
return new Message<>(Message.FAIL);
} }
@Operation(summary = "app扫描二维码", description = "扫描二维码登录", method = "POST") @Operation(summary = "app扫描二维码", description = "扫描二维码登录", method = "POST")