test-version22
/
MeterSphere
mirror of https://gitee.com/fit2cloud-feizhiyun/MeterSphere.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'master' of github.com:metersphere/metersphere

This commit is contained in:
chenjianxing 2021-03-22 18:25:43 +08:00
parent 62959225a1 a1fd1af3f5
commit 30f8e26146
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
backend/src/main/java/io/metersphere/security/CsrfFilter.java
View File

@ -7,6 +7,7 @@ import io.metersphere.commons.utils.SessionUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.ExpiredCredentialsException;
import org.apache.shiro.web.filter.authc.AnonymousFilter;
import org.apache.shiro.web.util.WebUtils;
import org.springframework.core.env.Environment;
@ -84,7 +85,7 @@ public class CsrfFilter extends AnonymousFilter {
Environment env = CommonBeanFactory.getBean(Environment.class);
long timeout = env.getProperty("session.timeout", Long.class, 43200L);
if (Math.abs(System.currentTimeMillis() - signatureTime) > timeout * 1000) {
throw new RuntimeException("expired token");
throw new ExpiredCredentialsException("expired token");
}
if (!StringUtils.equals(SessionUtils.getUserId(), signatureArray[0])) {
throw new RuntimeException("Please check csrf token.");