欧阳子桐 / RuoYi · 提交

转到一个项目

作者 RuoYi
提交 ec65b1f7ec0e3c973151d4f6bc351ba0ffab2f4a 1 个父辈 8a394f03

登录请求params更换为data,防止暴露url

内嵌 并排对比
正在显示 3 个修改的文件 包含 75 行增加3 行删除
@@ -11,7 +11,7 @@ export function login(username, password, code, uuid) { @@ -11,7 +11,7 @@ export function login(username, password, code, uuid) {
11 return request({ 11 return request({
12 url: '/login', 12 url: '/login',
13 method: 'post', 13 method: 'post',
14 - params: data 14 + data: data
15 }) 15 })
16 } 16 }
17 17
  1 +package com.ruoyi.framework.security;
  2 +
  3 +/**
  4 + * 用户登录对象
  5 + *
  6 + * @author ruoyi
  7 + */
  8 +public class LoginBody
  9 +{
  10 + /**
  11 + * 用户名
  12 + */
  13 + private String username;
  14 +
  15 + /**
  16 + * 用户密码
  17 + */
  18 + private String password;
  19 +
  20 + /**
  21 + * 验证码
  22 + */
  23 + private String code;
  24 +
  25 + /**
  26 + * 唯一标识
  27 + */
  28 + private String uuid = "";
  29 +
  30 + public String getUsername()
  31 + {
  32 + return username;
  33 + }
  34 +
  35 + public void setUsername(String username)
  36 + {
  37 + this.username = username;
  38 + }
  39 +
  40 + public String getPassword()
  41 + {
  42 + return password;
  43 + }
  44 +
  45 + public void setPassword(String password)
  46 + {
  47 + this.password = password;
  48 + }
  49 +
  50 + public String getCode()
  51 + {
  52 + return code;
  53 + }
  54 +
  55 + public void setCode(String code)
  56 + {
  57 + this.code = code;
  58 + }
  59 +
  60 + public String getUuid()
  61 + {
  62 + return uuid;
  63 + }
  64 +
  65 + public void setUuid(String uuid)
  66 + {
  67 + this.uuid = uuid;
  68 + }
  69 +}
@@ -5,9 +5,11 @@ import java.util.Set; @@ -5,9 +5,11 @@ import java.util.Set;
5 import org.springframework.beans.factory.annotation.Autowired; 5 import org.springframework.beans.factory.annotation.Autowired;
6 import org.springframework.web.bind.annotation.GetMapping; 6 import org.springframework.web.bind.annotation.GetMapping;
7 import org.springframework.web.bind.annotation.PostMapping; 7 import org.springframework.web.bind.annotation.PostMapping;
  8 +import org.springframework.web.bind.annotation.RequestBody;
8 import org.springframework.web.bind.annotation.RestController; 9 import org.springframework.web.bind.annotation.RestController;
9 import com.ruoyi.common.constant.Constants; 10 import com.ruoyi.common.constant.Constants;
10 import com.ruoyi.common.utils.ServletUtils; 11 import com.ruoyi.common.utils.ServletUtils;
  12 +import com.ruoyi.framework.security.LoginBody;
11 import com.ruoyi.framework.security.LoginUser; 13 import com.ruoyi.framework.security.LoginUser;
12 import com.ruoyi.framework.security.service.SysLoginService; 14 import com.ruoyi.framework.security.service.SysLoginService;
13 import com.ruoyi.framework.security.service.SysPermissionService; 15 import com.ruoyi.framework.security.service.SysPermissionService;
@@ -47,11 +49,12 @@ public class SysLoginController @@ -47,11 +49,12 @@ public class SysLoginController
47 * @return 结果 49 * @return 结果
48 */ 50 */
49 @PostMapping("/login") 51 @PostMapping("/login")
50 - public AjaxResult login(String username, String password, String code, String uuid) 52 + public AjaxResult login(@RequestBody LoginBody loginBody)
51 { 53 {
52 AjaxResult ajax = AjaxResult.success(); 54 AjaxResult ajax = AjaxResult.success();
53 // 生成令牌 55 // 生成令牌
54 - String token = loginService.login(username, password, code, uuid); 56 + String token = loginService.login(loginBody.getUsername(), loginBody.getPassword(), loginBody.getCode(),
  57 + loginBody.getUuid());
55 ajax.put(Constants.TOKEN, token); 58 ajax.put(Constants.TOKEN, token);
56 return ajax; 59 return ajax;
57 } 60 }