From da11f99b3b122ff01eff9bb408c59434240751ba Mon Sep 17 00:00:00 2001
From: CaptainB <bin@fit2cloud.com>
Date: Mon, 24 Oct 2022 12:21:00 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20SSO=E7=99=BB=E5=BD=95=E9=80=80=E5=87=BA?=
 =?UTF-8?q?=E7=9B=B8=E5=85=B3=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../io/metersphere/gateway/controller/LdapController.java  | 4 +++-
 .../io/metersphere/gateway/controller/LoginController.java | 1 -
 .../java/io/metersphere/gateway/service/LdapService.java   | 1 -
 .../java/io/metersphere/gateway/service/SSOService.java    | 5 +++--
 .../io/metersphere/gateway/service/UserLoginService.java   | 7 +++++--
 5 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/framework/gateway/src/main/java/io/metersphere/gateway/controller/LdapController.java b/framework/gateway/src/main/java/io/metersphere/gateway/controller/LdapController.java
index 58fa460f81..b6f739af7c 100644
--- a/framework/gateway/src/main/java/io/metersphere/gateway/controller/LdapController.java
+++ b/framework/gateway/src/main/java/io/metersphere/gateway/controller/LdapController.java
@@ -9,6 +9,7 @@ import io.metersphere.request.LoginRequest;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.server.WebSession;
 import reactor.core.publisher.Mono;
+import reactor.core.scheduler.Schedulers;
 
 import javax.annotation.Resource;
 import java.util.Locale;
@@ -23,7 +24,8 @@ public class LdapController {
     @PostMapping(value = "/signin")
     @MsAuditLog(module = OperLogModule.SYSTEM_PARAMETER_SETTING, type = OperLogConstants.LOGIN, title = "LDAP")
     public Mono<ResultHolder> login(@RequestBody LoginRequest request, WebSession session, Locale locale) {
-        return Mono.just(ldapService.login(request, session, locale))
+        return Mono.defer(() -> ldapService.login(request, session, locale).map(Mono::just).orElseGet(Mono::empty))
+                .subscribeOn(Schedulers.boundedElastic())
                 .map(ResultHolder::success);
     }
 
diff --git a/framework/gateway/src/main/java/io/metersphere/gateway/controller/LoginController.java b/framework/gateway/src/main/java/io/metersphere/gateway/controller/LoginController.java
index 268df8f136..32b782934d 100644
--- a/framework/gateway/src/main/java/io/metersphere/gateway/controller/LoginController.java
+++ b/framework/gateway/src/main/java/io/metersphere/gateway/controller/LoginController.java
@@ -71,7 +71,6 @@ public class LoginController {
         return Mono.defer(() -> userLoginService.login(request, session, locale).map(Mono::just).orElseGet(Mono::empty))
                 .subscribeOn(Schedulers.boundedElastic())
                 .switchIfEmpty(Mono.error(new ResponseStatusException(HttpStatus.BAD_REQUEST, "Not found user info or invalid password")))
-                .doOnNext(user -> session.getAttributes().put("user", user))
                 .map(ResultHolder::success);
     }
 
diff --git a/framework/gateway/src/main/java/io/metersphere/gateway/service/LdapService.java b/framework/gateway/src/main/java/io/metersphere/gateway/service/LdapService.java
index 69efa897e2..ef79baa773 100644
--- a/framework/gateway/src/main/java/io/metersphere/gateway/service/LdapService.java
+++ b/framework/gateway/src/main/java/io/metersphere/gateway/service/LdapService.java
@@ -109,7 +109,6 @@ public class LdapService {
 
         session.getAttributes().put("authenticate", UserSource.LDAP.name());
         session.getAttributes().put("email", email);
-        session.getAttributes().put("user", u);
 
         // 执行 LocalRealm 中 LDAP 登录逻辑
         LoginRequest loginRequest = new LoginRequest();
diff --git a/framework/gateway/src/main/java/io/metersphere/gateway/service/SSOService.java b/framework/gateway/src/main/java/io/metersphere/gateway/service/SSOService.java
index e1243f18ed..a4496d51fe 100644
--- a/framework/gateway/src/main/java/io/metersphere/gateway/service/SSOService.java
+++ b/framework/gateway/src/main/java/io/metersphere/gateway/service/SSOService.java
@@ -2,6 +2,7 @@ package io.metersphere.gateway.service;
 
 import io.metersphere.base.domain.AuthSource;
 import io.metersphere.base.domain.User;
+import io.metersphere.commons.constants.SessionConstants;
 import io.metersphere.commons.exception.MSException;
 import io.metersphere.commons.user.SessionUser;
 import io.metersphere.commons.utils.CodingUtil;
@@ -155,7 +156,7 @@ public class SSOService {
         Optional<SessionUser> userOptional = userLoginService.login(loginRequest, session, locale);
         session.getAttributes().put("authenticate", authSource.getType());
         session.getAttributes().put("authId", authSource.getId());
-        session.getAttributes().put("user", userOptional.get());
+        session.getAttributes().put(SessionConstants.ATTR_USER, userOptional.get());
         return userOptional;
     }
 
@@ -195,7 +196,7 @@ public class SSOService {
         Optional<SessionUser> userOptional = userLoginService.login(loginRequest, session, locale);
         session.getAttributes().put("authenticate", authSource.getType());
         session.getAttributes().put("authId", authSource.getId());
-        session.getAttributes().put("user", userOptional.get());
+        session.getAttributes().put(SessionConstants.ATTR_USER, userOptional.get());
         session.getAttributes().put("casTicket", ticket);
         // 记录cas对应关系
         Long timeout = env.getProperty("spring.session.timeout", Long.class);
diff --git a/framework/gateway/src/main/java/io/metersphere/gateway/service/UserLoginService.java b/framework/gateway/src/main/java/io/metersphere/gateway/service/UserLoginService.java
index 3285d4217c..9c986cefeb 100644
--- a/framework/gateway/src/main/java/io/metersphere/gateway/service/UserLoginService.java
+++ b/framework/gateway/src/main/java/io/metersphere/gateway/service/UserLoginService.java
@@ -2,6 +2,7 @@ package io.metersphere.gateway.service;
 
 import io.metersphere.base.domain.*;
 import io.metersphere.base.mapper.*;
+import io.metersphere.commons.constants.SessionConstants;
 import io.metersphere.commons.constants.UserGroupType;
 import io.metersphere.commons.constants.UserSource;
 import io.metersphere.commons.constants.UserStatus;
@@ -56,7 +57,9 @@ public class UserLoginService {
                 break;
         }
         autoSwitch(session, userDTO);
-        return Optional.of(SessionUser.fromUser(userDTO, session.getId()));
+        SessionUser sessionUser = SessionUser.fromUser(userDTO, session.getId());
+        session.getAttributes().put(SessionConstants.ATTR_USER, sessionUser);
+        return Optional.of(sessionUser);
     }
 
     private UserDTO loginLdapMode(String userId, String authenticate) {
@@ -217,7 +220,7 @@ public class UserLoginService {
         }
         BeanUtils.copyProperties(user, newUser);
         // 切换工作空间或组织之后更新 session 里的 user
-        session.getAttributes().put("user", SessionUser.fromUser(user, session.getId()));
+        session.getAttributes().put(SessionConstants.ATTR_USER, SessionUser.fromUser(user, session.getId()));
         session.getAttributes().put(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, sessionUser.getId());
         userMapper.updateByPrimaryKeySelective(newUser);
     }