github
/
RuoYi
mirror of https://gitee.com/y_project/RuoYi.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

验证码清除,防止多次使用。

pull/176/head
RuoYi 2020-06-28 16:34:23 +08:00
parent ed4280379d
commit e0e305c423
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/web/filter/captcha/CaptchaValidateFilter.java
View File

@ -61,13 +61,12 @@ public class CaptchaValidateFilter extends AccessControlFilter
{ {
Object obj = ShiroUtils.getSession().getAttribute(Constants.KAPTCHA_SESSION_KEY); Object obj = ShiroUtils.getSession().getAttribute(Constants.KAPTCHA_SESSION_KEY);
String code = String.valueOf(obj != null ? obj : ""); String code = String.valueOf(obj != null ? obj : "");
//无论验证码是否正确,凡验证过一次后都应将原值不可用,直到页面重新请求验证码,以防恶意用户持有该验证码进行针对后台发包的暴力破解 // 验证码清除,防止多次使用。
request.getSession().setAttribute(Constants.KAPTCHA_SESSION_KEY, ShiroConstants.CAPTCHA_ERROR); request.getSession().removeAttribute(Constants.KAPTCHA_SESSION_KEY);
if (StringUtils.isEmpty(validateCode) || !validateCode.equalsIgnoreCase(code)) if (StringUtils.isEmpty(validateCode) || !validateCode.equalsIgnoreCase(code))
{ {
return false; return false;
} }
return true; return true;
} }