bug fix: 修改密码/重新登录旧凭证需要失效掉

yangfu
pkg/application/auth/auth.go
pkg/application/userAuth/user_credential.go
pkg/application/userAuth/user_credential_test.go
--- a/pkg/application/auth/auth.go
查看文件 @060947e
+++ b/pkg/application/auth/auth.go
查看文件 @060947e
@@ -284,6 +284,9 @@ func UCenterRevoke(header *protocol.RequestHeader, userId int64) (rsp *protocol.
 		err = nil
 		return
 	}
+ 	//注销凭证
+ 	userAuth.NewRedisUserCredential(user.Phone).RemoveAuth()
+ 	//注销token
 	id, _ := strconv.Atoi(user.Phone)
 	auth := userAuth.NewRedisUserAuth(userAuth.WithUserId(int64(id)))
 	if !auth.Exist() {
@@ -339,6 +342,12 @@ func CenterCompanys(header *protocol.RequestHeader, request *protocolx.CenterCom
 		}
 		break
 	case protocol.LoginByCredentials:
+ 		//凭证是否存在
+ 		if credential, e := userAuth.NewRedisUserCredential(request.Phone).GetAuth(); e != nil || !strings.EqualFold(credential, request.Credentials) {
+ 			log.Debug("凭证过期或者已失效:", request.Phone)
+ 			err = protocol.NewErrWithMessage(4140, err)
+ 			return
+ 		}
 		if _, err = utils.ParseJWTToken(request.Credentials); err != nil {
 			err = protocol.NewErrWithMessage(4140, err)
 			return
@@ -375,6 +384,9 @@ func CenterCompanys(header *protocol.RequestHeader, request *protocolx.CenterCom
 	rsp.Phone = request.Phone
 	rsp.Credentials, _ = utils.GenerateToken(int64(phoneId), request.Phone, protocol.RefreshTokenExipre*time.Second)
 
+ 	//添加手机对应的凭证
+ 	userAuth.NewRedisUserCredential(request.Phone).AddAuth(rsp.Credentials)
+ 
 	err = transactionContext.CommitTransaction()
 	v = map[string]interface{}{"center": rsp}
 	return
@@ -398,6 +410,12 @@ func Companys(header *protocol.RequestHeader, request *protocolx.CompanysRequest
 		err = protocol.NewErrWithMessage(4140, err)
 		return
 	}
+ 	//凭证是否存在
+ 	if credential, e := userAuth.NewRedisUserCredential(claim.Phone).GetAuth(); e != nil || !strings.EqualFold(credential, request.Credentials) {
+ 		log.Debug("凭证过期或者已失效:", claim.Phone)
+ 		err = protocol.NewErrWithMessage(4140, err)
+ 		return
+ 	}
 	loginSvr.Init(claim.Phone)
 	rsp.Partner, _ = loginSvr.PartnerStaticInfo()
 	rsp.Manager, _ = loginSvr.ManagerStaticInfo()
@@ -406,6 +424,7 @@ func Companys(header *protocol.RequestHeader, request *protocolx.CompanysRequest
 		err = protocol.NewErrWithMessage(4140, err) //账号禁用
 		return
 	}
+ 
 	err = transactionContext.CommitTransaction()
 	return
 }
@@ -431,6 +450,12 @@ func LoginV2(header *protocol.RequestHeader, request *protocol.LoginRequestV2) (
 		err = protocol.NewErrWithMessage(4140, err)
 		return
 	}
+ 	//凭证是否存在
+ 	if credential, e := userAuth.NewRedisUserCredential(claim.Phone).GetAuth(); e != nil || !strings.EqualFold(credential, request.Credentials) {
+ 		log.Debug("凭证过期或者已失效:", claim.Phone)
+ 		err = protocol.NewErrWithMessage(4140, err)
+ 		return
+ 	}
 	if company, e := CompanyRepository.FindOne(map[string]interface{}{"id": request.Cid, "enable": 1}); e != nil || company == nil {
 		err = protocol.NewErrWithMessage(10007, err)
 		return
@@ -444,7 +469,7 @@ func LoginV2(header *protocol.RequestHeader, request *protocol.LoginRequestV2) (
 				return
 			}
 		}
- 		//TODO:验证公司模块权限
+ 		//验证公司模块权限
 		if _, adminUsers, e := UsersRepository.Find(map[string]interface{}{"inCompanyIds": []int64{int64(request.Cid)}, "adminType": 2}); e == nil {
 			if len(adminUsers) > 0 {
 				au := adminUsers[0]
--- a/pkg/application/userAuth/user_credential.go 0 → 100644
查看文件 @060947e
+++ b/pkg/application/userAuth/user_credential.go 0 → 100644
查看文件 @060947e
+ package userAuth
+ 
+ import (
+ 	"github.com/tiptok/gocomm/pkg/redis"
+ 	"gitlab.fjmaimaimai.com/mmm-go/partner/pkg/infrastructure/utils"
+ )
+ 
+ //Redis用户权限
+ type RedisUserCredential struct {
+ 	phone   string
+ 	Options *Options
+ }
+ 
+ func NewRedisUserCredential(phone string, options ...Option) *RedisUserCredential {
+ 	rua := &RedisUserCredential{
+ 		Options: NewOptions(options...),
+ 		phone:   phone,
+ 	}
+ 	return rua
+ }
+ func (auth RedisUserCredential) AddAuth(credential string) error {
+ 	err := redis.Hset(
+ 		auth.redisKey(),
+ 		auth.field(),
+ 		credential, 0,
+ 	)
+ 	return err
+ }
+ func (auth RedisUserCredential) RemoveAuth() error {
+ 	if !auth.Exist() {
+ 		return nil
+ 	}
+ 	return redis.Hdel(auth.redisKey(), auth.field())
+ }
+ func (auth RedisUserCredential) GetAuth() (string, error) {
+ 	if !auth.Exist() {
+ 		return "", errNotFound(auth.field())
+ 	}
+ 	data, err := redis.Hget(auth.redisKey(), auth.field())
+ 	if err != nil {
+ 		return "", err
+ 	}
+ 	return string(data), nil
+ }
+ func (auth RedisUserCredential) Exist() bool {
+ 	return redis.Hexists(auth.redisKey(), auth.field())
+ }
+ func (auth RedisUserCredential) redisKey() string {
+ 	if len(auth.phone) == 0 {
+ 		return ""
+ 	}
+ 	return utils.RedisKey("user_credential")
+ }
+ func (auth RedisUserCredential) field() string {
+ 	return auth.phone
+ }
--- a/pkg/application/userAuth/user_credential_test.go 0 → 100644
查看文件 @060947e
+++ b/pkg/application/userAuth/user_credential_test.go 0 → 100644
查看文件 @060947e
+ package userAuth
+ 
+ import (
+ 	"strings"
+ 	"testing"
+ )
+ 
+ func TestRedisUserCredential(t *testing.T) {
+ 	initRedis()
+ 	key := "18860183050"
+ 	userAuth := NewRedisUserCredential(key)
+ 	saveCredential := "123456789"
+ 	var credential string
+ 	err := userAuth.AddAuth(saveCredential)
+ 	if err != nil {
+ 		t.Fatal(err)
+ 	}
+ 	credential, err = userAuth.GetAuth()
+ 	if err != nil {
+ 		t.Fatal("get auth", err)
+ 	}
+ 	if !userAuth.Exist() {
+ 		t.Fatal("except:true")
+ 	}
+ 	if !strings.EqualFold(credential, saveCredential) {
+ 		t.Fatal("check credential:", err)
+ 	}
+ 	if err = userAuth.RemoveAuth(); err != nil {
+ 		t.Fatal("remove:", err)
+ 	}
+ 	if v := userAuth.field(); v != "18860183050" {
+ 		t.Fatal("except:18860183050 get:", v)
+ 	}
+ 	if userAuth.Exist() {
+ 		t.Fatal(key)
+ 	}
+ }