test-version22
/
MeterSphere
mirror of https://gitee.com/fit2cloud-feizhiyun/MeterSphere.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'master' of github.com:metersphere/metersphere

This commit is contained in:
chenjianxing 2021-03-23 16:47:45 +08:00
parent e2285238d3 8c965b2486
commit 0073ed1307
2 changed files with 2 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
backend/src/main/java/io/metersphere/security/CsrfFilter.java
View File

@ -7,7 +7,6 @@ import io.metersphere.commons.utils.SessionUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.ExpiredCredentialsException;
import org.apache.shiro.web.filter.authc.AnonymousFilter;
import org.apache.shiro.web.util.WebUtils;
import org.springframework.core.env.Environment;
@ -42,12 +41,7 @@ public class CsrfFilter extends AnonymousFilter {
// 请求头取出的token value
String csrfToken = httpServletRequest.getHeader(TOKEN_NAME);
// 校验 token
try {
validateToken(csrfToken);
} catch (ExpiredCredentialsException e) {
((HttpServletResponse) response).setHeader("Authentication-Status", "invalid");
return true;
}
validateToken(csrfToken);
// 校验 referer
validateReferer(httpServletRequest);
return true;
@ -80,18 +74,6 @@ public class CsrfFilter extends AnonymousFilter {
if (signatureArray.length != 3) {
throw new RuntimeException("invalid token");
}
long signatureTime;
try {
signatureTime = Long.parseLong(signatureArray[2]);
} catch (Exception e) {
throw new RuntimeException(e);
}
Environment env = CommonBeanFactory.getBean(Environment.class);
long timeout = env.getProperty("session.timeout", Long.class, 43200L);
if (Math.abs(System.currentTimeMillis() - signatureTime) > timeout * 1000) {
throw new ExpiredCredentialsException("expired token");
}
if (!StringUtils.equals(SessionUtils.getUserId(), signatureArray[0])) {
throw new RuntimeException("Please check csrf token.");
}

2
backend/src/main/java/io/metersphere/track/service/TestPlanService.java
View File

@ -206,7 +206,7 @@ public class TestPlanService {
}
else { // 有修改字段的调用为保证将某些时间置null的情况使用updateByPrimaryKey
extScheduleMapper.updateNameByResourceID(testPlan.getId(), testPlan.getName());// 同步更新该测试的定时任务的name
i = testPlanMapper.updateByPrimaryKey(testPlan); // 更新
i = testPlanMapper.updateByPrimaryKeyWithBLOBs(testPlan); // 更新
}
if (!StringUtils.isBlank(testPlan.getStatus())) {
BeanUtils.copyBean(testPlans, getTestPlan(testPlan.getId()));