修改BUG：Lock功能不正常，登陆密码输入错误后明文显示，到Login页面

2016-11-29 15:07:52 +08:00 · 2016-11-29 15:07:52 +08:00 · 5693a5a9bd
parent 8d1aa99d8a
commit 5693a5a9bd
3 changed files with 16 additions and 7 deletions
--- a/Bootstrap.Admin/Controllers/HomeController.cs
+++ b/Bootstrap.Admin/Controllers/HomeController.cs
@ -26,15 +26,15 @@ namespace Bootstrap.Admin.Controllers
        /// 
        /// </summary>
        /// <returns></returns>
-        public ActionResult Lock(LockModel model)
+        [AllowAnonymous]
+        public ActionResult Lock()
        {
-            if (!string.IsNullOrEmpty(model.Password))
-            {
-                return RedirectToAction("Login", new { userName = model.UserName, password = model.Password });
-            }
            var user = UserHelper.RetrieveUsersByName(User.Identity.Name);
+            var model = new LockModel();
            model.UserName = user.UserName;
            model.DisplayName = user.DisplayName;
+            model.ReturnUrl = Url.Encode(Request.UrlReferrer.AbsoluteUri);
+            FormsAuthentication.SignOut();
            return View(model);
        }
        /// <summary>
@ -47,7 +47,6 @@ namespace Bootstrap.Admin.Controllers
        [AllowAnonymous]
        public ActionResult Login(string userName, string password, string remember)
        {
-            //UNDONE: 本方法有严重安全漏洞，发布前需要修正
            var model = new LoginModel();
            if (string.IsNullOrEmpty(userName)) return View(model);
            model.UserName = userName;
--- a/Bootstrap.Admin/Models/LockModel.cs
+++ b/Bootstrap.Admin/Models/LockModel.cs
@ -1,7 +1,17 @@
 namespace Bootstrap.Admin.Models
 {
+    /// <summary>
+    /// 
+    /// </summary>
    public class LockModel : LoginModel
    {
+        /// <summary>
+        /// 
+        /// </summary>
        public string DisplayName { get; set; }
+        /// <summary>
+        /// 
+        /// </summary>
+        public string ReturnUrl { get; set; }
    }
 }
--- a/Bootstrap.Admin/Views/Home/Lock.cshtml
+++ b/Bootstrap.Admin/Views/Home/Lock.cshtml
@ -17,7 +17,7 @@
        <img src="../content/images/logo2.jpg" alt="lock avatar" />
        <h1>@Model.DisplayName</h1>
        <span class="locked">系统已锁定</span>
-        <form role="form" class="form-inline" method="post" autocomplete="off">
+        <form role="form" class="form-inline" method="post" autocomplete="off" action="~/Home/Login?ReturnUrl=@Model.ReturnUrl">
            <input type="text" name="username" class="hide" value="@Model.UserName" />
            <div class="form-group col-lg-12">
                <div class="input-group">