From d90751925331a4e9b2f47d6a690084fdfdc0da3f Mon Sep 17 00:00:00 2001
From: fengshuonan <sn93@qq.com>
Date: Sat, 21 Oct 2023 21:44:13 +0800
Subject: [PATCH] =?UTF-8?q?=E3=80=908.0.1=E3=80=91=E3=80=90auth=E3=80=91?=
 =?UTF-8?q?=E6=9B=B4=E6=96=B0=E4=B8=B4=E6=97=B6=E7=A7=98=E9=92=A5api?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../roses/kernel/auth/api/TempSecretApi.java          |  9 ++++++---
 .../roses/kernel/auth/auth/LoginService.java          | 11 ++++-------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/TempSecretApi.java b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/TempSecretApi.java
index 5dcb37fc3..ea1a9ea75 100644
--- a/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/TempSecretApi.java
+++ b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/TempSecretApi.java
@@ -33,11 +33,14 @@ package cn.stylefeng.roses.kernel.auth.api;
 public interface TempSecretApi {
 
     /**
-     * 获取用户临时秘钥
+     * 校验用户密码是否在临时秘钥存在
      *
+     * @param userId   用户id
+     * @param password 用户输入的密码
+     * @return true-密码正确，false-密码错误
      * @author fengshuonan
-     * @since 2022/3/26 14:07
+     * @since 2023/10/21 21:24
      */
-    String getUserTempSecretKey(Long userId);
+    boolean validateUserTempSecretKey(Long userId, String password);
 
 }
diff --git a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/LoginService.java b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/LoginService.java
index 461b550f8..46f565043 100644
--- a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/LoginService.java
+++ b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/LoginService.java
@@ -332,13 +332,10 @@ public class LoginService {
         try {
             tempSecretApi = SpringUtil.getBean(TempSecretApi.class);
             if (tempSecretApi != null) {
-                String userTempSecretKey = tempSecretApi.getUserTempSecretKey(userValidateInfo.getUserId());
-                // 如果用户有临时秘钥，则校验秘钥是否正确
-                if (StrUtil.isNotBlank(userTempSecretKey)) {
-                    boolean checkTempKeyResult = loginRequest.getPassword().equals(userTempSecretKey);
-                    if (checkTempKeyResult) {
-                        return;
-                    }
+                // 如果用户有临时秘钥并且校验成功，则直接返回
+                boolean validateResult = tempSecretApi.validateUserTempSecretKey(userValidateInfo.getUserId(), loginRequest.getPassword());
+                if (validateResult) {
+                    return;
                 }
             }
         } catch (Exception ignored) {