【8.0.1】【auth】更新临时秘钥api

kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/TempSecretApi.java

@@ -33,11 +33,14 @@ package cn.stylefeng.roses.kernel.auth.api;
 public interface TempSecretApi {
 
     /**
-     * 获取用户临时秘钥
+     * 校验用户密码是否在临时秘钥存在
      *
+     * @param userId   用户id
+     * @param password 用户输入的密码
+     * @return true-密码正确，false-密码错误
      * @author fengshuonan
-     * @since 2022/3/26 14:07
+     * @since 2023/10/21 21:24
      */
-    String getUserTempSecretKey(Long userId);
+    boolean validateUserTempSecretKey(Long userId, String password);
 
 }

kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/LoginService.java

@@ -332,13 +332,10 @@ public class LoginService {
         try {
             tempSecretApi = SpringUtil.getBean(TempSecretApi.class);
             if (tempSecretApi != null) {
-                String userTempSecretKey = tempSecretApi.getUserTempSecretKey(userValidateInfo.getUserId());
-                // 如果用户有临时秘钥，则校验秘钥是否正确
-                if (StrUtil.isNotBlank(userTempSecretKey)) {
-                    boolean checkTempKeyResult = loginRequest.getPassword().equals(userTempSecretKey);
-                    if (checkTempKeyResult) {
-                        return;
-                    }
+                // 如果用户有临时秘钥并且校验成功，则直接返回
+                boolean validateResult = tempSecretApi.validateUserTempSecretKey(userValidateInfo.getUserId(), loginRequest.getPassword());
+                if (validateResult) {
+                    return;
                 }
             }
         } catch (Exception ignored) {