From 6d4496897d711e063ee78abc1f43e9a99b1effc3 Mon Sep 17 00:00:00 2001
From: click33 <2393584716@qq.com>
Date: Fri, 10 May 2024 10:55:47 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=EF=BC=9A=E4=BA=8C=E7=BA=A7?=
 =?UTF-8?q?=E8=AE=A4=E8=AF=81=E6=A0=A1=E9=AA=8C=E4=B9=8B=E5=89=8D=E5=BF=85?=
 =?UTF-8?q?=E9=A1=BB=E5=85=88=E9=80=9A=E8=BF=87=E7=99=BB=E5=BD=95=E8=AE=A4?=
 =?UTF-8?q?=E8=AF=81=E6=A0=A1=E9=AA=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../main/java/cn/dev33/satoken/stp/StpLogic.java | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/sa-token-core/src/main/java/cn/dev33/satoken/stp/StpLogic.java b/sa-token-core/src/main/java/cn/dev33/satoken/stp/StpLogic.java
index 8925c56d..1389bd23 100644
--- a/sa-token-core/src/main/java/cn/dev33/satoken/stp/StpLogic.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/stp/StpLogic.java
@@ -2672,7 +2672,13 @@ public class StpLogic {
 			return false;
 		}
 		
-		// 2、如果缓存中可以查询出指定的键值，则代表已认证，否则视为未认证
+		// 2、如果此 token 不处于登录状态，也将其视为未认证
+		Object loginId = getLoginIdNotHandle(tokenValue);
+		if( ! isValidLoginId(loginId) ) {
+			return false;
+		}
+
+		// 3、如果缓存中可以查询出指定的键值，则代表已认证，否则视为未认证
 		String value = getSaTokenDao().get(splicingKeySafe(tokenValue, service));
 		return !(SaFoxUtil.isEmpty(value));
 	}
@@ -2690,8 +2696,14 @@ public class StpLogic {
 	 * @param service 业务标识  
 	 */
 	public void checkSafe(String service) {
+		// 1、必须先通过登录校验
+		checkLogin();
+
+		// 2、再进行二级认证校验
+		// 		如果缓存中可以查询出指定的键值，则代表已认证，否则视为未认证
 		String tokenValue = getTokenValue();
-		if ( ! isSafe(tokenValue, service)) {
+		String value = getSaTokenDao().get(splicingKeySafe(tokenValue, service));
+		if(SaFoxUtil.isEmpty(value)) {
 			throw new NotSafeException(loginType, tokenValue, service).setCode(SaErrorCode.CODE_11071);
 		}
 	}