Skip to content

S
solo-1
Commit 049d3075 authored by Liang Ding's avatar Liang Ding
Browse files
Options

🔒 Fix #12330

parent d1481b56
Hide whitespace changes
Inline Side-by-side
Showing with 24 additions and 13 deletions
pom.xml
View file @ 049d3075
...@@ -75,7 +75,7 @@ ...@@ -75,7 +75,7 @@
<properties> <properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<org.b3log.latke.version>2.3.13</org.b3log.latke.version> <org.b3log.latke.version>2.3.14-SNAPSHOT</org.b3log.latke.version>
<servlet.version>3.1.0</servlet.version> <servlet.version>3.1.0</servlet.version>
<slf4j.version>1.7.5</slf4j.version> <slf4j.version>1.7.5</slf4j.version>
......
src/main/java/org/b3log/solo/service/UserMgmtService.java
View file @ 049d3075
...@@ -30,6 +30,7 @@ import org.b3log.latke.repository.Transaction; ...@@ -30,6 +30,7 @@ import org.b3log.latke.repository.Transaction;
import org.b3log.latke.service.LangPropsService; import org.b3log.latke.service.LangPropsService;
import org.b3log.latke.service.ServiceException; import org.b3log.latke.service.ServiceException;
import org.b3log.latke.service.annotation.Service; import org.b3log.latke.service.annotation.Service;
import org.b3log.latke.util.Crypts;
import org.b3log.latke.util.MD5; import org.b3log.latke.util.MD5;
import org.b3log.latke.util.Sessions; import org.b3log.latke.util.Sessions;
import org.b3log.latke.util.Strings; import org.b3log.latke.util.Strings;
...@@ -47,7 +48,7 @@ import javax.servlet.http.HttpServletResponse; ...@@ -47,7 +48,7 @@ import javax.servlet.http.HttpServletResponse;
* *
* @author <a href="http://88250.b3log.org">Liang Ding</a> * @author <a href="http://88250.b3log.org">Liang Ding</a>
* @author <a href="mailto:385321165@qq.com">DASHU</a> * @author <a href="mailto:385321165@qq.com">DASHU</a>
* @version 1.1.0.8, May 25, 2017 * @version 1.1.0.9, Aug 11, 2017
* @since 0.4.0 * @since 0.4.0
*/ */
@Service @Service
...@@ -83,7 +84,6 @@ public class UserMgmtService { ...@@ -83,7 +84,6 @@ public class UserMgmtService {
*/ */
public void tryLogInWithCookie(final HttpServletRequest request, final HttpServletResponse response) { public void tryLogInWithCookie(final HttpServletRequest request, final HttpServletResponse response) {
final Cookie[] cookies = request.getCookies(); final Cookie[] cookies = request.getCookies();
if (null == cookies || 0 == cookies.length) { if (null == cookies || 0 == cookies.length) {
return; return;
} }
...@@ -91,38 +91,45 @@ public class UserMgmtService { ...@@ -91,38 +91,45 @@ public class UserMgmtService {
try { try {
for (int i = 0; i < cookies.length; i++) { for (int i = 0; i < cookies.length; i++) {
final Cookie cookie = cookies[i]; final Cookie cookie = cookies[i];
if (!"b3log-latke".equals(cookie.getName())) { if (!Sessions.COOKIE_NAME.equals(cookie.getName())) {
continue; continue;
} }
final JSONObject cookieJSONObject = new JSONObject(cookie.getValue()); final String value = Crypts.decryptByAES(cookie.getValue(), Sessions.COOKIE_SECRET);
final JSONObject cookieJSONObject = new JSONObject(value);
final String userEmail = cookieJSONObject.optString(User.USER_EMAIL); final String userId = cookieJSONObject.optString(Keys.OBJECT_ID);
if (Strings.isEmptyOrNull(userEmail)) { if (Strings.isEmptyOrNull(userId)) {
break; break;
} }
final LatkeBeanManager beanManager = Lifecycle.getBeanManager(); final LatkeBeanManager beanManager = Lifecycle.getBeanManager();
final UserQueryService userQueryService = beanManager.getReference(UserQueryService.class); final UserQueryService userQueryService = beanManager.getReference(UserQueryService.class);
final JSONObject user = userQueryService.getUserByEmail(userEmail.toLowerCase().trim()); final JSONObject userResult = userQueryService.getUser(userId);
if (null == userResult) {
break;
}
final JSONObject user = userResult.getJSONObject(User.USER);
if (null == user) { if (null == user) {
break; break;
} }
final String userPassword = user.optString(User.USER_PASSWORD); final String userPassword = user.optString(User.USER_PASSWORD);
final String hashPassword = cookieJSONObject.optString(User.USER_PASSWORD); final String token = cookieJSONObject.optString(Keys.TOKEN);
final String hashPassword = StringUtils.substringBeforeLast(token, ":");
if (userPassword.equals(hashPassword)) { if (userPassword.equals(hashPassword)) {
Sessions.login(request, response, user); Sessions.login(request, response, user);
LOGGER.log(Level.DEBUG, "Logged in with cookie[email={0}]", userEmail);
LOGGER.log(Level.DEBUG, "Logged in with cookie [email={0}]", user.optString(User.USER_EMAIL));
} }
} }
} catch (final Exception e) { } catch (final Exception e) {
LOGGER.log(Level.TRACE, "Parses cookie failed, clears the cookie [name=b3log-latke]"); LOGGER.log(Level.TRACE, "Parses cookie failed, clears the cookie [name=" + Sessions.COOKIE_NAME + "]");
final Cookie cookie = new Cookie("b3log-latke", null); final Cookie cookie = new Cookie(Sessions.COOKIE_NAME, null);
cookie.setMaxAge(0); cookie.setMaxAge(0);
cookie.setPath("/"); cookie.setPath("/");
......
src/main/resources/latke.properties
View file @ 049d3075
...@@ -16,7 +16,7 @@ ...@@ -16,7 +16,7 @@
# #
# Description: B3log Latke configurations. Configures the section "Server" carefully. # Description: B3log Latke configurations. Configures the section "Server" carefully.
# Version: 1.4.3.9, Dec 23, 2015 # Version: 1.5.3.9, Aug 11, 2017
# Author: Liang Ding # Author: Liang Ding
# #
...@@ -28,6 +28,10 @@ serverHost=localhost ...@@ -28,6 +28,10 @@ serverHost=localhost
# Browser visit port, 80 as usual, THIS IS NOT SERVER LISTEN PORT! # Browser visit port, 80 as usual, THIS IS NOT SERVER LISTEN PORT!
serverPort=8080 serverPort=8080
#### Cookie ####
cookieName=solo
cookieSecret=Beyond
#### Runtime Mode #### #### Runtime Mode ####
runtimeMode=DEVELOPMENT runtimeMode=DEVELOPMENT
#runtimeMode=PRODUCTION #runtimeMode=PRODUCTION
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment