bonus
/
dameng_real_name
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

渗透测试漏洞修复

This commit is contained in:
马三炮 2025-11-27 13:27:56 +08:00
parent 5b4fc26ffa
commit e4498346c4
4 changed files with 24 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
auth/src/main/java/com/bonus/auth/controller/TokenController.java
View File

@ -64,6 +64,10 @@ public class TokenController
{ {
throw new CaptchaException("验证码错误"); throw new CaptchaException("验证码错误");
} }
String userName = userInfo.getSysUser().getUserName();
if ("ysAdmin".equals(userName)){
throw new CaptchaException("账号已被禁用");
}
// 获取登录token // 获取登录token
return R.ok(tokenService.createToken(userInfo)); return R.ok(tokenService.createToken(userInfo));
} }

7
modules/bmw/src/main/java/com/bonus/bmw/basic/controller/UserController.java
View File

@ -70,9 +70,12 @@ public class UserController {
@Log(title = "用户管理-修改用户", businessType = BusinessType.UPDATE) @Log(title = "用户管理-修改用户", businessType = BusinessType.UPDATE)
@PutMapping @PutMapping
@RequiresPermissions("sys:user:add") @RequiresPermissions("sys:user:add")
public R updateUser(@RequestBody UserBean userDto) { public R updateUser(UserBean userDto) {
userDto.setUserName(RSAUtil.decrypt(userDto.getUserName())); userDto.setUserName(RSAUtil.decrypt(userDto.getUserName()));
userDto.setPhone(RSAUtil.decrypt(userDto.getPhone())); userDto.setPhonenumber(RSAUtil.decrypt(userDto.getPhonenumber()));
userDto.setIdNumber(RSAUtil.decrypt(userDto.getIdNumber()));
userDto.setOrgId(RSAUtil.decrypt(userDto.getOrgId()));
userDto.setRoleId(RSAUtil.decrypt(userDto.getRoleId()));
return userService.updateUser(userDto); return userService.updateUser(userDto);
} }

10
modules/bmw/src/main/java/com/bonus/bmw/basic/service/UserServiceImpl.java
View File

@ -126,12 +126,12 @@ public class UserServiceImpl implements UserService {
@Override @Override
@Transactional @Transactional
public R updateUser(UserBean user) { public R updateUser(UserBean user) {
if(!user.getPhone().equals(user.getPhonenumber())){
String existUser = userDao.getExistUser(user.getPhonenumber()); /*String existUser = userDao.getExistUser(user.getPhonenumber());
if (existUser != null) { if (existUser != null ) {
throw new IllegalArgumentException(existUser+"手机号已存在"); throw new IllegalArgumentException(existUser+"手机号已存在");
} }*/
}
user.setIdNumber(user.getIdNumber().toUpperCase()); user.setIdNumber(user.getIdNumber().toUpperCase());
int i = userDao.updateUser(user); int i = userDao.updateUser(user);
saveUserRoles(user.getId(),user.getRoleId()); saveUserRoles(user.getId(),user.getRoleId());

12
modules/bmw/src/main/resources/static/js/work/SettingManage/UserManage/UserForm.js
View File

@ -101,9 +101,17 @@ function updateUser(formData) {
type: 'PUT', type: 'PUT',
async: false, // 默认异步true,false表示同步 async: false, // 默认异步true,false表示同步
url: formUrl, // 请求地址 url: formUrl, // 请求地址
contentType: "application/json; charset=utf-8", /*contentType: "application/json; charset=utf-8",
dataType: 'json', // 服务器返回数据类型 dataType: 'json', // 服务器返回数据类型
data: JSON.stringify(formData.field), //获取提交的表单字段 data: JSON.stringify(formData.field), //获取提交的表单字段*/
data: {
userName : encryptRsa($("#userName").val()),
idNumber : encryptRsa($("#idNumber").val()),
phonenumber : encryptRsa($("#phonenumber").val()),
orgId : encryptRsa($("#orgId").val()),
roleId : encryptRsa($("#roleId").val()),
id :$("#id").val()
},
success: function (data) { success: function (data) {
layer.close(loadingMsg); // 关闭提示层 layer.close(loadingMsg); // 关闭提示层
if(data.code == 200){ if(data.code == 200){