diff --git a/ruoyi-admin/src/main/java/org/dromara/web/controller/AuthController.java b/ruoyi-admin/src/main/java/org/dromara/web/controller/AuthController.java index cc0420a..d423f11 100644 --- a/ruoyi-admin/src/main/java/org/dromara/web/controller/AuthController.java +++ b/ruoyi-admin/src/main/java/org/dromara/web/controller/AuthController.java @@ -15,6 +15,7 @@ import me.zhyd.oauth.utils.AuthStateUtils; import org.dromara.common.core.constant.UserConstants; import org.dromara.common.core.domain.R; import org.dromara.common.core.domain.model.LoginBody; +import org.dromara.common.core.domain.model.PasswordLoginBody; import org.dromara.common.core.domain.model.RegisterBody; import org.dromara.common.core.domain.model.SocialLoginBody; import org.dromara.common.core.utils.*; @@ -27,6 +28,7 @@ import org.dromara.common.social.utils.SocialUtils; import org.dromara.common.tenant.helper.TenantHelper; import org.dromara.common.websocket.dto.WebSocketMessageDto; import org.dromara.common.websocket.utils.WebSocketUtils; +import org.dromara.system.domain.SysClient; import org.dromara.system.domain.bo.SysTenantBo; import org.dromara.system.domain.vo.SysClientVo; import org.dromara.system.domain.vo.SysTenantVo; @@ -110,6 +112,25 @@ public class AuthController { return R.ok(loginVo); } + @SaIgnore + @PostMapping("/passwordLogin") + public R loginClient(@RequestBody PasswordLoginBody loginBody) { + // 授权类型和客户端id + String clientId = loginBody.getClientId(); + String grantType = loginBody.getGrantType(); + SysClientVo client = clientService.queryByClientId(clientId); + // 查询不到 client 或 client 内不包含 grantType + if (ObjectUtil.isNull(client) || !StringUtils.contains(client.getGrantType(), grantType)) { + log.info("客户端id: {} 认证类型:{} 异常!.", clientId, grantType); + return R.fail(MessageUtils.message("auth.grant.type.error")); + } else if (!UserConstants.NORMAL.equals(client.getStatus())) { + return R.fail(MessageUtils.message("auth.grant.type.blocked")); + } + // 登录 + LoginVo loginVo = IAuthStrategy.login(JsonUtils.toJsonString(loginBody), client, grantType); + return R.ok(loginVo); + } + /** * 第三方登录请求 * diff --git a/ruoyi-admin/src/main/java/org/dromara/web/service/impl/PasswordAuthStrategy.java b/ruoyi-admin/src/main/java/org/dromara/web/service/impl/PasswordAuthStrategy.java index 5d3ebd7..ffbc277 100644 --- a/ruoyi-admin/src/main/java/org/dromara/web/service/impl/PasswordAuthStrategy.java +++ b/ruoyi-admin/src/main/java/org/dromara/web/service/impl/PasswordAuthStrategy.java @@ -4,6 +4,7 @@ import cn.dev33.satoken.secure.BCrypt; import cn.dev33.satoken.stp.SaLoginModel; import cn.dev33.satoken.stp.StpUtil; import cn.hutool.core.util.ObjectUtil; +import cn.hutool.core.util.StrUtil; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; @@ -59,7 +60,7 @@ public class PasswordAuthStrategy implements IAuthStrategy { boolean captchaEnabled = captchaProperties.getEnable(); // 验证码开关 - if (captchaEnabled) { + if (captchaEnabled && StrUtil.isNotBlank(code)) { validateCaptcha(tenantId, username, code, uuid); }