From 72770c7e0fbb3f11d43660dda22fff0b5752e515 Mon Sep 17 00:00:00 2001
From: CaptainB <bin@fit2cloud.com>
Date: Sun, 30 Jan 2022 12:28:45 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E6=94=AF=E6=8C=81=E5=85=B1=E4=BA=AB=20?=
 =?UTF-8?q?session?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../commons/utils/SessionUtils.java           | 48 +++++++++++++++++++
 .../controller/UserController.java            |  5 +-
 .../io/metersphere/service/UserService.java   |  4 +-
 3 files changed, 54 insertions(+), 3 deletions(-)

diff --git a/backend/src/main/java/io/metersphere/commons/utils/SessionUtils.java b/backend/src/main/java/io/metersphere/commons/utils/SessionUtils.java
index 29dea80c4e..ed621104ee 100644
--- a/backend/src/main/java/io/metersphere/commons/utils/SessionUtils.java
+++ b/backend/src/main/java/io/metersphere/commons/utils/SessionUtils.java
@@ -1,13 +1,22 @@
 package io.metersphere.commons.utils;
 
 import io.metersphere.commons.user.SessionUser;
+import org.apache.commons.collections4.MapUtils;
+import org.apache.commons.lang.StringUtils;
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.session.Session;
+import org.apache.shiro.session.mgt.DefaultSessionManager;
 import org.apache.shiro.subject.Subject;
+import org.apache.shiro.subject.support.DefaultSubjectContext;
+import org.springframework.core.env.Environment;
+import org.springframework.session.FindByIndexNameSessionRepository;
+import org.springframework.session.data.redis.RedisIndexedSessionRepository;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 
 import javax.servlet.http.HttpServletRequest;
+import java.util.Collection;
+import java.util.Map;
 
 import static io.metersphere.commons.constants.SessionConstants.ATTR_USER;
 
@@ -35,9 +44,48 @@ public class SessionUtils {
         return (String) SecurityUtils.getSubject().getSession().getId();
     }
 
+    private static Session getSessionByUsername(String username) {
+        DefaultSessionManager sessionManager = CommonBeanFactory.getBean(DefaultSessionManager.class);
+        Collection<Session> sessions = sessionManager.getSessionDAO().getActiveSessions();
+        for (Session session : sessions) {
+            if (null != session && org.apache.commons.lang3.StringUtils.equals(String.valueOf(session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY)), username)) {
+                return session;
+            }
+        }
+        return null;
+    }
+
+    /**
+     * 踢除用户
+     *
+     * @param username
+     */
+    public static void kickOutUser(String username) {
+        // local session
+        String storeType = CommonBeanFactory.getBean(Environment.class).getProperty("spring.session.store-type");
+        if (StringUtils.equalsIgnoreCase(storeType, "none")) {
+            Session session = getSessionByUsername(username);
+            if (session != null) {
+                DefaultSessionManager sessionManager = CommonBeanFactory.getBean(DefaultSessionManager.class);
+                sessionManager.getSessionDAO().delete(session);
+            }
+            return;
+        }
+        // redis session
+        RedisIndexedSessionRepository sessionRepository = CommonBeanFactory.getBean(RedisIndexedSessionRepository.class);
+        if (sessionRepository == null) {
+            return;
+        }
+        Map<String, ?> users = sessionRepository.findByPrincipalName(username);
+        if (MapUtils.isNotEmpty(users)) {
+            users.keySet().forEach(sessionRepository::deleteById);
+        }
+    }
+
     //
     public static void putUser(SessionUser sessionUser) {
         SecurityUtils.getSubject().getSession().setAttribute(ATTR_USER, sessionUser);
+        SecurityUtils.getSubject().getSession().setAttribute(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, sessionUser.getId());
     }
 
     public static String getCurrentWorkspaceId() {
diff --git a/backend/src/main/java/io/metersphere/controller/UserController.java b/backend/src/main/java/io/metersphere/controller/UserController.java
index e610c47c66..5619127fe6 100644
--- a/backend/src/main/java/io/metersphere/controller/UserController.java
+++ b/backend/src/main/java/io/metersphere/controller/UserController.java
@@ -57,7 +57,8 @@ public class UserController {
     @MsAuditLog(module = "system_user", type = OperLogConstants.DELETE, beforeEvent = "#msClass.getLogDetails(#userId)", msClass = UserService.class)
     public void deleteUser(@PathVariable(value = "userId") String userId) {
         userService.deleteUser(userId);
-        // todo 剔除在线用户
+        // 剔除在线用户
+        SessionUtils.kickOutUser(userId);
     }
 
     @PostMapping("/special/update")
@@ -256,7 +257,7 @@ public class UserController {
      * 根据userId 获取 user 所属工作空间和所属工作项目
      */
     @GetMapping("/get/ws_pj/{userId}")
-    public Map<Object,Object> getWSAndProjectByUserId(@PathVariable String userId) {
+    public Map<Object, Object> getWSAndProjectByUserId(@PathVariable String userId) {
         return userService.getWSAndProjectByUserId(userId);
     }
 }
diff --git a/backend/src/main/java/io/metersphere/service/UserService.java b/backend/src/main/java/io/metersphere/service/UserService.java
index f64598f007..66d4eb41e1 100644
--- a/backend/src/main/java/io/metersphere/service/UserService.java
+++ b/backend/src/main/java/io/metersphere/service/UserService.java
@@ -378,7 +378,9 @@ public class UserService {
         user.setPassword(null);
         user.setUpdateTime(System.currentTimeMillis());
         userMapper.updateByPrimaryKeySelective(user);
-        // todo  禁用用户之后，剔除在线用户
+        if (StringUtils.equals(user.getStatus(), UserStatus.DISABLED)) {
+            SessionUtils.kickOutUser(user.getId());
+        }
     }
 
     public void switchUserResource(String sign, String sourceId) {