fix(系统设置): 用户修改密码之后登出该用户的所有会话

2024-04-15 17:20:57 +08:00 · 2024-04-15 17:20:57 +08:00 · 9a1fc5a1f5
parent a1b67bff16
commit 9a1fc5a1f5
3 changed files with 31 additions and 5 deletions
--- a/backend/services/system-setting/src/main/java/io/metersphere/system/controller/PersonalCenterController.java
+++ b/backend/services/system-setting/src/main/java/io/metersphere/system/controller/PersonalCenterController.java
@ -43,9 +43,12 @@ PersonalCenterController {
    @PostMapping("/update-password")
    @Operation(summary = "个人中心-修改密码")
    @Log(type = OperationLogType.UPDATE, expression = "#msClass.updatePasswordLog(#request)", msClass = UserLogService.class)
-    public boolean updateUser(@Validated @RequestBody PersonalUpdatePasswordRequest request) {
+    public String updateUser(@Validated @RequestBody PersonalUpdatePasswordRequest request) {
        this.checkPermission(request.getId());
-        return userService.updatePassword(request);
+        if (userService.updatePassword(request)) {
+            SessionUtils.kickOutUser(SessionUtils.getUser().getId());
+        }
+        return "OK";
    }

    private void checkPermission(String id) {
--- a/backend/services/system-setting/src/test/java/io/metersphere/system/base/BaseTest.java
+++ b/backend/services/system-setting/src/test/java/io/metersphere/system/base/BaseTest.java
@ -126,6 +126,12 @@ public abstract class BaseTest {
        }
    }

+    public void login(String user, String password) throws Exception {
+        this.adminAuthInfo = initAuthInfo(user, password);
+        this.sessionId = this.adminAuthInfo.getSessionId();
+        this.csrfToken = this.adminAuthInfo.getCsrfToken();
+    }
+
    private AuthInfo initAuthInfo(String username, String password) throws Exception {
        MvcResult mvcResult = mockMvc.perform(MockMvcRequestBuilders.post("/login")
                        .content(String.format("{\"username\":\"%s\",\"password\":\"%s\"}", username, password))
--- a/backend/services/system-setting/src/test/java/io/metersphere/system/controller/user/PersonalControllerTests.java
+++ b/backend/services/system-setting/src/test/java/io/metersphere/system/controller/user/PersonalControllerTests.java
@ -19,6 +19,7 @@ import io.metersphere.system.service.UserService;
 import io.metersphere.system.uid.IDGenerator;
 import io.metersphere.system.utils.user.PersonalRequestUtils;
 import jakarta.annotation.Resource;
+import org.apache.commons.lang3.StringUtils;
 import org.junit.jupiter.api.*;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
@ -51,7 +52,7 @@ public class PersonalControllerTests extends BaseTest {
    }

    private UserDTO selectUserDTO(String id) throws Exception {
-        MvcResult result = this.requestGetAndReturn(String.format(PersonalRequestUtils.URL_PERSONAL_GET, loginUser));
+        MvcResult result = this.requestGetAndReturn(String.format(PersonalRequestUtils.URL_PERSONAL_GET, id));
        ResultHolder resultHolder = JSON.parseObject(result.getResponse().getContentAsString(StandardCharsets.UTF_8), ResultHolder.class);
        return JSON.parseObject(JSON.toJSONString(resultHolder.getData()), UserDTO.class);
    }
@ -174,7 +175,15 @@ public class PersonalControllerTests extends BaseTest {
        request.setId(loginUser);
        request.setOldPassword(RsaUtils.publicEncrypt("metersphere", rsaKey.getPublicKey()));
        request.setNewPassword(RsaUtils.publicEncrypt("metersphere222", rsaKey.getPublicKey()));
-        this.requestPostWithOk(PersonalRequestUtils.URL_PERSONAL_UPDATE_PASSWORD, request);
+        try {
+            this.requestPost(PersonalRequestUtils.URL_PERSONAL_UPDATE_PASSWORD, request);
+        } catch (IllegalStateException e) {
+            if (!StringUtils.equals(e.getMessage(), "creationTime key must not be null")) {
+                throw e;
+            }
+        }
+        //成功之后重新登陆
+        super.login("admin", "metersphere222");

        UserExample example = new UserExample();
        example.createCriteria().andIdEqualTo(loginUser).andPasswordEqualTo(CodingUtils.md5("metersphere222"));
@ -185,7 +194,15 @@ public class PersonalControllerTests extends BaseTest {
        request.setId(loginUser);
        request.setOldPassword(RsaUtils.publicEncrypt("metersphere222", rsaKey.getPublicKey()));
        request.setNewPassword(RsaUtils.publicEncrypt("metersphere", rsaKey.getPublicKey()));
-        this.requestPostWithOk(PersonalRequestUtils.URL_PERSONAL_UPDATE_PASSWORD, request);
+        try {
+            this.requestPost(PersonalRequestUtils.URL_PERSONAL_UPDATE_PASSWORD, request);
+        } catch (IllegalStateException e) {
+            if (!StringUtils.equals(e.getMessage(), "creationTime key must not be null")) {
+                throw e;
+            }
+        }
+        //成功之后重新登陆
+        super.login("admin", "metersphere");
        example.clear();
        example.createCriteria().andIdEqualTo(loginUser).andPasswordEqualTo(CodingUtils.md5("metersphere"));
        Assertions.assertEquals(userMapper.countByExample(example), 1L);