【8.0.1】【auth】更新临时秘钥api

2023-10-21 21:44:13 +08:00 · 2023-10-21 21:44:13 +08:00 · d907519253
parent 9f2e6e83a1
commit d907519253
2 changed files with 10 additions and 10 deletions
--- a/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/TempSecretApi.java
+++ b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/TempSecretApi.java
@ -33,11 +33,14 @@ package cn.stylefeng.roses.kernel.auth.api;
 public interface TempSecretApi {
    /**
-     * 获取用户临时秘钥
+     * 校验用户密码是否在临时秘钥存在
     *
     * @param userId   用户id
     * @param password 用户输入的密码
     * @return true-密码正确，false-密码错误
     * @author fengshuonan
-     * @since 2022/3/26 14:07
+     * @since 2023/10/21 21:24
     */
-    String getUserTempSecretKey(Long userId);
+    boolean validateUserTempSecretKey(Long userId, String password);
 }
--- a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/LoginService.java
+++ b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/LoginService.java
@ -332,13 +332,10 @@ public class LoginService {
        try {
            tempSecretApi = SpringUtil.getBean(TempSecretApi.class);
            if (tempSecretApi != null) {
-                String userTempSecretKey = tempSecretApi.getUserTempSecretKey(userValidateInfo.getUserId());
+                // 如果用户有临时秘钥并且校验成功，则直接返回
-                // 如果用户有临时秘钥，则校验秘钥是否正确
+                boolean validateResult = tempSecretApi.validateUserTempSecretKey(userValidateInfo.getUserId(), loginRequest.getPassword());
-                if (StrUtil.isNotBlank(userTempSecretKey)) {
+                if (validateResult) {
-                    boolean checkTempKeyResult = loginRequest.getPassword().equals(userTempSecretKey);
+                    return;
                    if (checkTempKeyResult) {
                        return;
                    }
                }
            }
        } catch (Exception ignored) {