lsm/sa-token
1
0
Fork 0
mirror of https://gitee.com/dromara/sa-token.git synced 2025-04-05 17:37:53 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

优化:二级认证校验之前必须先通过登录认证校验

Browse Source
This commit is contained in:
click33 2024-05-10 10:55:47 +08:00
parent ea546c7adb
commit 6d4496897d
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
sa-token-core/src/main/java/cn/dev33/satoken/stp/StpLogic.java
View File

@ -2672,7 +2672,13 @@ public class StpLogic {
return false;
}
// 2如果缓存中可以查询出指定的键值则代表已认证否则视为未认证
// 2如果此 token 不处于登录状态也将其视为未认证
Object loginId = getLoginIdNotHandle(tokenValue);
if( ! isValidLoginId(loginId) ) {
return false;
}
// 3如果缓存中可以查询出指定的键值则代表已认证否则视为未认证
String value = getSaTokenDao().get(splicingKeySafe(tokenValue, service));
return !(SaFoxUtil.isEmpty(value));
}
@ -2690,8 +2696,14 @@ public class StpLogic {
* @param service 业务标识
*/
public void checkSafe(String service) {
// 1必须先通过登录校验
checkLogin();
// 2再进行二级认证校验
// 如果缓存中可以查询出指定的键值则代表已认证否则视为未认证
String tokenValue = getTokenValue();
if ( ! isSafe(tokenValue, service)) {
String value = getSaTokenDao().get(splicingKeySafe(tokenValue, service));
if(SaFoxUtil.isEmpty(value)) {
throw new NotSafeException(loginType, tokenValue, service).setCode(SaErrorCode.CODE_11071);
}
}