feat: Login 登录接口增加保护机制

#Comment 用户名密码为空时直接返回到登录页面，防止 PostMan 类似软件攻击
2019-12-08 09:40:03 +08:00 · 2019-12-08 09:40:03 +08:00 · 2c92d56547
parent 60d7f5d5ac
commit 2c92d56547
1 changed files with 2 additions and 0 deletions
--- a/src/admin/Bootstrap.Admin/Controllers/AccountController.cs
+++ b/src/admin/Bootstrap.Admin/Controllers/AccountController.cs
@ -146,6 +146,8 @@ namespace Bootstrap.Admin.Controllers
        [HttpPost]
        public async Task<IActionResult> Login(string userName, string password, string remember)
        {
+            if (string.IsNullOrEmpty(userName) || string.IsNullOrEmpty(password)) return RedirectLogin();
+
            var auth = UserHelper.Authenticate(userName, password);
            HttpContext.Log(userName, auth);
            return auth ? await SignInAsync(userName, remember == "true") : View("Login", new LoginModel() { AuthFailed = true });