test-version22
/
MeterSphere
mirror of https://gitee.com/fit2cloud-feizhiyun/MeterSphere.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'master' of github.com:metersphere/metersphere

This commit is contained in:
chenjianxing 2021-03-23 16:47:45 +08:00
parent e2285238d3 8c965b2486
commit 0073ed1307
2 changed files with 2 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
backend/src/main/java/io/metersphere/security/CsrfFilter.java
View File

@ -7,7 +7,6 @@ import io.metersphere.commons.utils.SessionUtils;
import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils; import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.ExpiredCredentialsException;
import org.apache.shiro.web.filter.authc.AnonymousFilter; import org.apache.shiro.web.filter.authc.AnonymousFilter;
import org.apache.shiro.web.util.WebUtils; import org.apache.shiro.web.util.WebUtils;
import org.springframework.core.env.Environment; import org.springframework.core.env.Environment;
@ -42,12 +41,7 @@ public class CsrfFilter extends AnonymousFilter {
// 请求头取出的token value // 请求头取出的token value
String csrfToken = httpServletRequest.getHeader(TOKEN_NAME); String csrfToken = httpServletRequest.getHeader(TOKEN_NAME);
// 校验 token // 校验 token
try { validateToken(csrfToken);
validateToken(csrfToken);
} catch (ExpiredCredentialsException e) {
((HttpServletResponse) response).setHeader("Authentication-Status", "invalid");
return true;
}
// 校验 referer // 校验 referer
validateReferer(httpServletRequest); validateReferer(httpServletRequest);
return true; return true;
@ -80,18 +74,6 @@ public class CsrfFilter extends AnonymousFilter {
if (signatureArray.length != 3) { if (signatureArray.length != 3) {
throw new RuntimeException("invalid token"); throw new RuntimeException("invalid token");
} }
long signatureTime;
try {
signatureTime = Long.parseLong(signatureArray[2]);
} catch (Exception e) {
throw new RuntimeException(e);
}
Environment env = CommonBeanFactory.getBean(Environment.class);
long timeout = env.getProperty("session.timeout", Long.class, 43200L);
if (Math.abs(System.currentTimeMillis() - signatureTime) > timeout * 1000) {
throw new ExpiredCredentialsException("expired token");
}
if (!StringUtils.equals(SessionUtils.getUserId(), signatureArray[0])) { if (!StringUtils.equals(SessionUtils.getUserId(), signatureArray[0])) {
throw new RuntimeException("Please check csrf token."); throw new RuntimeException("Please check csrf token.");
} }

2
backend/src/main/java/io/metersphere/track/service/TestPlanService.java
View File

@ -206,7 +206,7 @@ public class TestPlanService {
} }
else { // 有修改字段的调用为保证将某些时间置null的情况使用updateByPrimaryKey else { // 有修改字段的调用为保证将某些时间置null的情况使用updateByPrimaryKey
extScheduleMapper.updateNameByResourceID(testPlan.getId(), testPlan.getName());// 同步更新该测试的定时任务的name extScheduleMapper.updateNameByResourceID(testPlan.getId(), testPlan.getName());// 同步更新该测试的定时任务的name
i = testPlanMapper.updateByPrimaryKey(testPlan); // 更新 i = testPlanMapper.updateByPrimaryKeyWithBLOBs(testPlan); // 更新
} }
if (!StringUtils.isBlank(testPlan.getStatus())) { if (!StringUtils.isBlank(testPlan.getStatus())) {
BeanUtils.copyBean(testPlans, getTestPlan(testPlan.getId())); BeanUtils.copyBean(testPlans, getTestPlan(testPlan.getId()));