From 5693a5a9bd33fdc2105efbc6fbc9459bb00d55c2 Mon Sep 17 00:00:00 2001
From: Argo-Lenovo <Argo@163.com>
Date: Tue, 29 Nov 2016 15:07:52 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9BUG=EF=BC=9ALock=E5=8A=9F?=
 =?UTF-8?q?=E8=83=BD=E4=B8=8D=E6=AD=A3=E5=B8=B8=EF=BC=8C=E7=99=BB=E9=99=86?=
 =?UTF-8?q?=E5=AF=86=E7=A0=81=E8=BE=93=E5=85=A5=E9=94=99=E8=AF=AF=E5=90=8E?=
 =?UTF-8?q?=E6=98=8E=E6=96=87=E6=98=BE=E7=A4=BA=EF=BC=8C=E5=88=B0Login?=
 =?UTF-8?q?=E9=A1=B5=E9=9D=A2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Bootstrap.Admin/Controllers/HomeController.cs | 11 +++++------
 Bootstrap.Admin/Models/LockModel.cs           | 10 ++++++++++
 Bootstrap.Admin/Views/Home/Lock.cshtml        |  2 +-
 3 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/Bootstrap.Admin/Controllers/HomeController.cs b/Bootstrap.Admin/Controllers/HomeController.cs
index f985b8b3..756311d4 100644
--- a/Bootstrap.Admin/Controllers/HomeController.cs
+++ b/Bootstrap.Admin/Controllers/HomeController.cs
@@ -26,15 +26,15 @@ namespace Bootstrap.Admin.Controllers
         /// 
         /// </summary>
         /// <returns></returns>
-        public ActionResult Lock(LockModel model)
+        [AllowAnonymous]
+        public ActionResult Lock()
         {
-            if (!string.IsNullOrEmpty(model.Password))
-            {
-                return RedirectToAction("Login", new { userName = model.UserName, password = model.Password });
-            }
             var user = UserHelper.RetrieveUsersByName(User.Identity.Name);
+            var model = new LockModel();
             model.UserName = user.UserName;
             model.DisplayName = user.DisplayName;
+            model.ReturnUrl = Url.Encode(Request.UrlReferrer.AbsoluteUri);
+            FormsAuthentication.SignOut();
             return View(model);
         }
         /// <summary>
@@ -47,7 +47,6 @@ namespace Bootstrap.Admin.Controllers
         [AllowAnonymous]
         public ActionResult Login(string userName, string password, string remember)
         {
-            //UNDONE: 本方法有严重安全漏洞，发布前需要修正
             var model = new LoginModel();
             if (string.IsNullOrEmpty(userName)) return View(model);
             model.UserName = userName;
diff --git a/Bootstrap.Admin/Models/LockModel.cs b/Bootstrap.Admin/Models/LockModel.cs
index e11ad9bf..3b01d641 100644
--- a/Bootstrap.Admin/Models/LockModel.cs
+++ b/Bootstrap.Admin/Models/LockModel.cs
@@ -1,7 +1,17 @@
 namespace Bootstrap.Admin.Models
 {
+    /// <summary>
+    /// 
+    /// </summary>
     public class LockModel : LoginModel
     {
+        /// <summary>
+        /// 
+        /// </summary>
         public string DisplayName { get; set; }
+        /// <summary>
+        /// 
+        /// </summary>
+        public string ReturnUrl { get; set; }
     }
 }
\ No newline at end of file
diff --git a/Bootstrap.Admin/Views/Home/Lock.cshtml b/Bootstrap.Admin/Views/Home/Lock.cshtml
index fd4c3f45..385ba260 100644
--- a/Bootstrap.Admin/Views/Home/Lock.cshtml
+++ b/Bootstrap.Admin/Views/Home/Lock.cshtml
@@ -17,7 +17,7 @@
         <img src="../content/images/logo2.jpg" alt="lock avatar" />
         <h1>@Model.DisplayName</h1>
         <span class="locked">系统已锁定</span>
-        <form role="form" class="form-inline" method="post" autocomplete="off">
+        <form role="form" class="form-inline" method="post" autocomplete="off" action="~/Home/Login?ReturnUrl=@Model.ReturnUrl">
             <input type="text" name="username" class="hide" value="@Model.UserName" />
             <div class="form-group col-lg-12">
                 <div class="input-group">