From 16d1b061d8462aa5da6792cd65e36819b21f9d3f Mon Sep 17 00:00:00 2001
From: wuxw <928255095@qq.com>
Date: 星期一, 23 十月 2023 01:09:56 +0800
Subject: [PATCH] 优化西宁浦发银行 渗透测试漏洞解决
---
service-user/src/main/java/com/java110/user/cmd/user/OwnerUserLoginCmd.java | 44 +++++++++++++++++++++++++++++---------------
1 files changed, 29 insertions(+), 15 deletions(-)
diff --git a/service-user/src/main/java/com/java110/user/cmd/user/OwnerUserLoginCmd.java b/service-user/src/main/java/com/java110/user/cmd/user/OwnerUserLoginCmd.java
index 74ddfd7..ffaa491 100644
--- a/service-user/src/main/java/com/java110/user/cmd/user/OwnerUserLoginCmd.java
+++ b/service-user/src/main/java/com/java110/user/cmd/user/OwnerUserLoginCmd.java
@@ -79,7 +79,7 @@
//todo 楠岃瘉鐮佺櫥褰�
if (reqJson.containsKey("loginByPhone") && reqJson.getBoolean("loginByPhone")) {
SmsDto smsDto = new SmsDto();
- smsDto.setTel(reqJson.getString("userName"));
+ smsDto.setTel(reqJson.getString("username"));
smsDto.setCode(reqJson.getString("password"));
smsDto = smsInnerServiceSMOImpl.validateCode(smsDto);
if (!smsDto.isSuccess()) {
@@ -94,10 +94,10 @@
UserDto userDto = new UserDto();
userDto.setLevelCd(UserDto.LEVEL_CD_USER);
- if (ValidatorUtil.isMobile(reqJson.getString("userName"))) {//鐢ㄦ埛涓存椂绉橀挜鐧诲綍
- userDto.setTel(reqJson.getString("userName"));
+ if (ValidatorUtil.isMobile(reqJson.getString("username"))) {//鐢ㄦ埛涓存椂绉橀挜鐧诲綍
+ userDto.setTel(reqJson.getString("username"));
} else {
- userDto.setUserName(reqJson.getString("userName"));
+ userDto.setUserName(reqJson.getString("username"));
}
// todo 涓嶆槸楠岃瘉鐮佺櫥褰�
@@ -113,7 +113,7 @@
userDtos = ifOwnerLoginByPhone(reqJson, context);
}
if (userDtos == null || userDtos.size() < 1) {
- throw new CmdException("涓氫富涓嶅瓨鍦紝璇峰厛娉ㄥ唽");
+ throw new CmdException("鐢ㄦ埛涓嶅瓨鍦紝璇峰厛娉ㄥ唽");
}
// todo 2.0 鏍¢獙 涓氫富鐢ㄦ埛缁戝畾琛ㄦ槸鍚﹀瓨鍦ㄨ褰�
@@ -127,12 +127,24 @@
}
// todo 3.0 鏌ヨ涓氫富鏄惁瀛樺湪
- OwnerDto ownerDto = new OwnerDto();
- ownerDto.setMemberId(ownerAppUserDtos.get(0).getMemberId());
- ownerDto.setCommunityId(ownerAppUserDtos.get(0).getCommunityId());
- List<OwnerDto> ownerDtos = ownerV1InnerServiceSMOImpl.queryOwners(ownerDto);
+ OwnerDto ownerDto = null;
+ if (ownerAppUserDtos.get(0).getMemberId().startsWith("-1")){
+ //todo 杩欓噷鑰冭檻娓稿鐨勬儏鍐�
+ ownerDto = new OwnerDto();
+ ownerDto.setOwnerId(ownerAppUserDtos.get(0).getMemberId());
+ ownerDto.setMemberId(ownerAppUserDtos.get(0).getMemberId());
+ ownerDto.setName(ownerAppUserDtos.get(0).getAppUserName());
+ ownerDto.setLink(ownerAppUserDtos.get(0).getLink());
+ ownerDto.setCommunityId(ownerAppUserDtos.get(0).getCommunityId());
+ }else {
+ ownerDto = new OwnerDto();
+ ownerDto.setMemberId(ownerAppUserDtos.get(0).getMemberId());
+ ownerDto.setCommunityId(ownerAppUserDtos.get(0).getCommunityId());
+ List<OwnerDto> ownerDtos = ownerV1InnerServiceSMOImpl.queryOwners(ownerDto);
+ Assert.listOnlyOne(ownerDtos, "涓氫富涓嶅瓨鍦�");
+ ownerDto = ownerDtos.get(0);
+ }
- Assert.listOnlyOne(ownerDtos, "涓氫富涓嶅瓨鍦�");
// todo 4.0 鏌ヨ灏忓尯鏄惁瀛樺湪
CommunityDto communityDto = new CommunityDto();
@@ -149,16 +161,18 @@
String token = generatorLoginToken(tmpUserDto);
LoginOwnerResDto loginOwnerResDto = new LoginOwnerResDto();
- loginOwnerResDto.setOwnerId(ownerDtos.get(0).getOwnerId());
- loginOwnerResDto.setMemberId(ownerDtos.get(0).getMemberId());
- loginOwnerResDto.setOwnerName(ownerDtos.get(0).getName());
+ loginOwnerResDto.setOwnerId(ownerDto.getOwnerId());
+ loginOwnerResDto.setMemberId(ownerDto.getMemberId());
+ loginOwnerResDto.setOwnerName(ownerDto.getName());
loginOwnerResDto.setUserId(tmpUserDto.getUserId());
loginOwnerResDto.setUserName(tmpUserDto.getName());
- loginOwnerResDto.setOwnerTel(ownerDtos.get(0).getLink());
- loginOwnerResDto.setCommunityId(ownerDtos.get(0).getCommunityId());
+ loginOwnerResDto.setOwnerTel(ownerDto.getLink());
+ loginOwnerResDto.setCommunityId(ownerDto.getCommunityId());
loginOwnerResDto.setCommunityName(communityDtos.get(0).getName());
loginOwnerResDto.setToken(token);
loginOwnerResDto.setKey(newKey);
+ loginOwnerResDto.setOwnerTypeCd(ownerDto.getOwnerTypeCd());
+ loginOwnerResDto.setAppUserId(ownerAppUserDtos.get(0).getAppUserId());
context.setResponseEntity(ResultVo.createResponseEntity(loginOwnerResDto));
}
--
Gitblit v1.8.0