llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-07-04 05:10:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

Support cred auto-login.

Browse Source
This commit is contained in:
Yang Luo
2021-05-16 18:18:55 +08:00
parent 338c589e51
commit 18806f07a8
6 changed files with 55 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
object/check.go
View File

@ -67,7 +67,7 @@ func checkPassword(user *User, password string) string {
return "password incorrect" return "password incorrect"
} }
} else if organization.PasswordType == "salt" { } else if organization.PasswordType == "salt" {
if getSaltedPassword(password, organization.PasswordSalt) == user.Password { if password == user.Password || getSaltedPassword(password, organization.PasswordSalt) == user.Password {
return "" return ""
} else { } else {
return "password incorrect" return "password incorrect"

34
routers/auto_login_filter.go
View File

@ -16,6 +16,7 @@ package routers
import ( import (
"fmt" "fmt"
"net/url"
"github.com/astaxie/beego/context" "github.com/astaxie/beego/context"
"github.com/casdoor/casdoor/controllers" "github.com/casdoor/casdoor/controllers"
@ -53,17 +54,19 @@ func returnRequest(ctx *context.Context, msg string) {
} }
func AutoLoginFilter(ctx *context.Context) { func AutoLoginFilter(ctx *context.Context) {
query := ctx.Request.URL.RawQuery
// query == "?access_token=123"
accessToken := parseQuery(query, "accessToken")
if accessToken == "" {
return
}
if getSessionUser(ctx) != "" { if getSessionUser(ctx) != "" {
return return
} }
query := ctx.Request.URL.RawQuery
queryMap, err := url.ParseQuery(query)
if err != nil {
panic(err)
}
// "/page?access_token=123"
accessToken := queryMap.Get("accessToken")
if accessToken != "" {
claims, err := object.ParseJwtToken(accessToken) claims, err := object.ParseJwtToken(accessToken)
if err != nil { if err != nil {
returnRequest(ctx, "Invalid JWT token") returnRequest(ctx, "Invalid JWT token")
@ -72,4 +75,21 @@ func AutoLoginFilter(ctx *context.Context) {
userId := fmt.Sprintf("%s/%s", claims.Organization, claims.Username) userId := fmt.Sprintf("%s/%s", claims.Organization, claims.Username)
setSessionUser(ctx, userId) setSessionUser(ctx, userId)
return
}
// "/page?username=abc&password=123"
userId := queryMap.Get("username")
password := queryMap.Get("password")
if userId != "" && password != "" {
owner, name := util.GetOwnerAndNameFromId(userId)
_, msg := object.CheckUserLogin(owner, name, password)
if msg != "" {
returnRequest(ctx, msg)
return
}
setSessionUser(ctx, userId)
return
}
} }

4
routers/util.go
View File

@ -20,12 +20,12 @@ import (
) )
func parseQuery(query string, key string) string { func parseQuery(query string, key string) string {
valueMap, err := url.ParseQuery(query) queryMap, err := url.ParseQuery(query)
if err != nil { if err != nil {
panic(err) panic(err)
} }
return valueMap.Get(key) return queryMap.Get(key)
} }
func parseSlash(s string) (string, string) { func parseSlash(s string) (string, string) {

23
web/src/App.js
View File

@ -109,7 +109,17 @@ class App extends Component {
getAccessTokenParam() { getAccessTokenParam() {
// "/page?access_token=123" // "/page?access_token=123"
const params = new URLSearchParams(this.props.location.search); const params = new URLSearchParams(this.props.location.search);
return params.get("access_token"); const accessToken = params.get("access_token");
return accessToken === null ? "" : `?accessToken=${accessToken}`;
}
getCredentialParams() {
// "/page?username=abc&password=123"
const params = new URLSearchParams(this.props.location.search);
if (params.get("username") === null || params.get("password") === null) {
return "";
}
return `?username=${params.get("username")}&password=${params.get("password")}`;
} }
getUrlWithoutQuery() { getUrlWithoutQuery() {
@ -118,18 +128,21 @@ class App extends Component {
} }
getAccount() { getAccount() {
const accessToken = this.getAccessTokenParam(); let query = this.getAccessTokenParam();
if (accessToken !== null) { if (query === "") {
query = this.getCredentialParams();
}
if (query !== "") {
window.history.replaceState({}, document.title, this.getUrlWithoutQuery()); window.history.replaceState({}, document.title, this.getUrlWithoutQuery());
} }
AuthBackend.getAccount(accessToken) AuthBackend.getAccount(query)
.then((res) => { .then((res) => {
let account = null; let account = null;
if (res.status === "ok") { if (res.status === "ok") {
account = res.data; account = res.data;
account.organization = res.data2; account.organization = res.data2;
} else { } else {
if (res.msg === "Invalid JWT token") { if (res.msg !== "Please sign in first") {
Setting.showMessage("error", `Failed to sign in: ${res.msg}`); Setting.showMessage("error", `Failed to sign in: ${res.msg}`);
} }
} }

5
web/src/auth/AuthBackend.js
View File

@ -14,9 +14,8 @@
import {authConfig} from "./Auth"; import {authConfig} from "./Auth";
export function getAccount(accessToken) { export function getAccount(query) {
let param = (accessToken === null) ? "" : `?accessToken=${accessToken}`; return fetch(`${authConfig.serverUrl}/api/get-account${query}`, {
return fetch(`${authConfig.serverUrl}/api/get-account${param}`, {
method: 'GET', method: 'GET',
credentials: 'include' credentials: 'include'
}).then(res => res.json()); }).then(res => res.json());

2
web/src/backend/UserBackend.js
View File

@ -65,7 +65,7 @@ export function deleteUser(user) {
export function uploadAvatar(avatar) { export function uploadAvatar(avatar) {
let account; let account;
AuthBackend.getAccount(null).then((res) => { AuthBackend.getAccount("").then((res) => {
account = res.data; account = res.data;
let formData = new FormData(); let formData = new FormData();
formData.append("avatarfile", avatar); formData.append("avatarfile", avatar);