From 2c92d5654742f277ccd0ee22a7327077f3e1abb5 Mon Sep 17 00:00:00 2001
From: Argo Window10 <argo@163.com>
Date: Sun, 8 Dec 2019 09:40:03 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20Login=20=E7=99=BB=E5=BD=95=E6=8E=A5?=
 =?UTF-8?q?=E5=8F=A3=E5=A2=9E=E5=8A=A0=E4=BF=9D=E6=8A=A4=E6=9C=BA=E5=88=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

#Comment
用户名密码为空时直接返回到登录页面，防止 PostMan 类似软件攻击
---
 src/admin/Bootstrap.Admin/Controllers/AccountController.cs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/admin/Bootstrap.Admin/Controllers/AccountController.cs b/src/admin/Bootstrap.Admin/Controllers/AccountController.cs
index 730ac1f0..ca37bef0 100644
--- a/src/admin/Bootstrap.Admin/Controllers/AccountController.cs
+++ b/src/admin/Bootstrap.Admin/Controllers/AccountController.cs
@@ -146,6 +146,8 @@ namespace Bootstrap.Admin.Controllers
         [HttpPost]
         public async Task<IActionResult> Login(string userName, string password, string remember)
         {
+            if (string.IsNullOrEmpty(userName) || string.IsNullOrEmpty(password)) return RedirectLogin();
+
             var auth = UserHelper.Authenticate(userName, password);
             HttpContext.Log(userName, auth);
             return auth ? await SignInAsync(userName, remember == "true") : View("Login", new LoginModel() { AuthFailed = true });