xinyin025/smart-admin
1
0
Fork 0
mirror of https://gitee.com/lab1024/smart-admin.git synced 2025-09-17 19:06:39 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

修复:用户名枚举漏洞

Browse Source
This commit is contained in:
SillyBoy 2025-02-22 19:15:05 +08:00
parent c4b95654fe
commit 57747d9082
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
smart-admin-api-java17-springboot3/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/login/service/LoginService.java
View File

@ -162,7 +162,7 @@ public class LoginService implements StpInterface {
// 验证登录名 // 验证登录名
EmployeeEntity employeeEntity = employeeService.getByLoginName(loginForm.getLoginName()); EmployeeEntity employeeEntity = employeeService.getByLoginName(loginForm.getLoginName());
if (null == employeeEntity) { if (null == employeeEntity) {
return ResponseDTO.userErrorParam("登录名不存在"); return ResponseDTO.userErrorParam("登录名或密码错误");
} }
// 验证账号状态 // 验证账号状态
@ -509,7 +509,7 @@ public class LoginService implements StpInterface {
// 验证登录名 // 验证登录名
EmployeeEntity employeeEntity = employeeService.getByLoginName(loginName); EmployeeEntity employeeEntity = employeeService.getByLoginName(loginName);
if (null == employeeEntity) { if (null == employeeEntity) {
return ResponseDTO.userErrorParam("登录名不存在!"); return ResponseDTO.ok();
} }
// 验证账号状态 // 验证账号状态

4
smart-admin-api-java8-springboot2/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/login/service/LoginService.java
View File

@ -164,7 +164,7 @@ public class LoginService implements StpInterface {
// 验证登录名 // 验证登录名
EmployeeEntity employeeEntity = employeeService.getByLoginName(loginForm.getLoginName()); EmployeeEntity employeeEntity = employeeService.getByLoginName(loginForm.getLoginName());
if (null == employeeEntity) { if (null == employeeEntity) {
return ResponseDTO.userErrorParam("登录名不存在"); return ResponseDTO.userErrorParam("登录名或密码错误");
} }
// 验证账号状态 // 验证账号状态
@ -511,7 +511,7 @@ public class LoginService implements StpInterface {
// 验证登录名 // 验证登录名
EmployeeEntity employeeEntity = employeeService.getByLoginName(loginName); EmployeeEntity employeeEntity = employeeService.getByLoginName(loginName);
if (null == employeeEntity) { if (null == employeeEntity) {
return ResponseDTO.userErrorParam("登录名不存在!"); return ResponseDTO.ok();
} }
// 验证账号状态 // 验证账号状态