wgh/coreshoppro
1
0
Fork 0
mirror of http://git.coreshop.cn/jianweie/coreshoppro.git synced 2025-12-06 17:23:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

【优化】移除后台登录默认记录账号密码功能。

Browse Source 
【修复】修复前端提交数据可能存在风险的校验。
This commit is contained in:
jianweie code
2023-08-12 16:52:39 +08:00
parent 2f66261c0e
commit e3115be3f6
4 changed files with 27 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CoreCms.Net.Auth/AuthorizationSetup.cs
View File

@@ -41,7 +41,7 @@ namespace CoreCms.Net.Auth
#region
//读取配置文件
var symmetricKeyAsBase64 = AppSettingsConstVars.JwtConfigSecretKey;
var symmetricKeyAsBase64 = AppSettingsHelper.GetMachineRandomKey(AppSettingsConstVars.JwtConfigSecretKey);
var keyByteArray = Encoding.ASCII.GetBytes(symmetricKeyAsBase64);
var signingKey = new SymmetricSecurityKey(keyByteArray);
var issuer = AppSettingsConstVars.JwtConfigIssuer;

7
CoreCms.Net.Services/Bill/CoreCmsBillPaymentsServices.cs
View File

@@ -481,6 +481,13 @@ namespace CoreCms.Net.Services
}
var billPayments = result.data as CoreCmsBillPayments;
if (billPayments.money < 0)
{
jm.msg = "支付金额异常!";
return jm;
}
//根据支付方式返回支付配置
//微信支付
if (paymentCode == GlobalEnumVars.PaymentsTypes.wechatpay.ToString())

22
CoreCms.Net.Services/Cart/CoreCmsCartServices.cs
View File

@@ -108,7 +108,11 @@ namespace CoreCms.Net.Services
public async Task<WebApiCallBack> SetCartNum(int id, int nums, int userId, int numType, int type = 1)
{
var jm = new WebApiCallBack();
if (nums <= 0)
{
jm.msg = "商品数量必须为正整数";
return jm;
}
if (userId == 0)
{
jm.msg = "用户信息获取失败";
@@ -187,12 +191,12 @@ namespace CoreCms.Net.Services
var goodsServices = container.ServiceProvider.GetService<ICoreCmsGoodsServices>();
//获取数据
if (nums == 0)
if (nums <= 0)
{
jm.msg = "请选择货品数量";
return jm;
}
if (productId == 0)
if (productId <= 0)
{
jm.msg = "请选择货品";
return jm;
@@ -428,6 +432,9 @@ namespace CoreCms.Net.Services
{
var jm = new WebApiCallBack() { methodDescription = "获取购物车原始列表(未核算)" };
//强制过滤一遍,防止出现可以造假数据
await _dal.DeleteAsync(p => p.userId == userId && p.nums <= 0);
using var container = _serviceProvider.CreateScope();
var productsService = container.ServiceProvider.GetService<ICoreCmsProductsServices>();
var goodsServices = container.ServiceProvider.GetService<ICoreCmsGoodsServices>();
@@ -460,6 +467,13 @@ namespace CoreCms.Net.Services
await _dal.DeleteAsync(item);
continue;
}
//商品金额设置为0就从购物车里面删除
if (productInfo.price <= 0)
{
await _dal.DeleteAsync(item);
continue;
}
//获取重量
var goodsWeight = await goodsServices.GetWeight(item.productId);
@@ -799,7 +813,7 @@ namespace CoreCms.Net.Services
public async Task<WebApiCallBack> CartPoint(CartDto cartDto, int userId, int point)
{
var jm = new WebApiCallBack() { status = true };
if (point != 0)
if (point > 0)
{
var user = await _userServices.QueryByClauseAsync(p => p.id == userId);
if (user.point < point)

16
CoreCms.Net.Web.Admin/wwwroot/views/user/login.html
View File

@@ -43,11 +43,6 @@
<input type="password" name="password" id="LAY-user-login-password" lay-verType="tips" lay-verify="required" placeholder="密码" class="form-control">
</div>
</div>
<div class="col-sm-12 mb-2">
<div class="form-group">
<input type="checkbox" name="saveLoginInfo" lay-skin="primary" checked="checked"><small>保存登录信息</small>
</div>
</div>
<div class="col-sm-12 mb-2">
<button type="button" class="btn btn-info w-100" lay-submit lay-filter="LAY-user-login-submit" id="loginSubmit">登录</button>
</div>
@@ -118,17 +113,6 @@
var field = obj.field; //获取提交的字段
console.log("saveLoginInfo:" + field.saveLoginInfo);
if (field.saveLoginInfo == 'on') {
console.log("保存缓存");
coreHelper.setCookie("username", field.username);
coreHelper.setCookie("password", field.password);
} else {
console.log("清空缓存");
coreHelper.delCookie("username");
coreHelper.delCookie("password");
}
coreHelper.Post("api/login/getJwtToken", field, function (res) {
if (res.code === 0) {
//jwttoekn处理