feat: remove login info after user disabled (#40)

* feat: remove login info after user disabled * fix: response code error when unauthorized * feat: update frontend resources
2025-08-08 18:10:26 +08:00 · 2022-03-10 12:18:02 +08:00
parent 86d6d8d3aa
commit c69464c762
56 changed files with 82 additions and 62 deletions
--- a/core/src/main/java/com/databasir/core/domain/login/service/LoginService.java
+++ b/core/src/main/java/com/databasir/core/domain/login/service/LoginService.java
@@ -45,8 +45,8 @@ public class LoginService {
        if (login.getRefreshTokenExpireAt().isBefore(LocalDateTime.now())) {
            throw DomainErrors.REFRESH_TOKEN_EXPIRED.exception();
        }
-        // access-token 未过期就开始刷新有可能是 refresh-token  泄露了，删除 refresh-token
-        if (login.getAccessTokenExpireAt().isAfter(LocalDateTime.now())) {
+        // access-token 未过期（允许一分钟的误差）就开始刷新有可能是 refresh-token  泄露了，删除 refresh-token
+        if (login.getAccessTokenExpireAt().isAfter(LocalDateTime.now().plusMinutes(1))) {
            log.warn("invalid access token refresh operation: request = {}, login = {}", request, login);
            loginDao.deleteByUserId(login.getUserId());
            throw DomainErrors.INVALID_REFRESH_TOKEN_OPERATION.exception();
@@ -58,6 +58,10 @@ public class LoginService {
                    log.warn("user not exists but refresh token exists for " + login.getRefreshToken());
                    return DomainErrors.INVALID_REFRESH_TOKEN_OPERATION.exception();
                });
+        if (!user.getEnabled()) {
+            log.warn("user disabled but refresh token exists for " + login.getRefreshToken());
+            throw DomainErrors.INVALID_REFRESH_TOKEN_OPERATION.exception();
+        }
        String accessToken = jwtTokens.accessToken(user.getEmail());
        LocalDateTime accessTokenExpireAt = jwtTokens.expireAt(accessToken);
        loginDao.updateAccessToken(accessToken, accessTokenExpireAt, user.getId());
--- a/core/src/main/java/com/databasir/core/domain/user/service/UserService.java
+++ b/core/src/main/java/com/databasir/core/domain/user/service/UserService.java
@@ -5,10 +5,7 @@ import com.databasir.core.domain.user.converter.UserPojoConverter;
 import com.databasir.core.domain.user.converter.UserResponseConverter;
 import com.databasir.core.domain.user.data.*;
 import com.databasir.core.infrastructure.mail.MailSender;
-import com.databasir.dao.impl.GroupDao;
-import com.databasir.dao.impl.SysMailDao;
-import com.databasir.dao.impl.UserDao;
-import com.databasir.dao.impl.UserRoleDao;
+import com.databasir.dao.impl.*;
 import com.databasir.dao.tables.pojos.GroupPojo;
 import com.databasir.dao.tables.pojos.UserPojo;
 import com.databasir.dao.tables.pojos.UserRolePojo;
@@ -36,6 +33,8 @@ public class UserService {

    private final SysMailDao sysMailDao;

+    private final LoginDao loginDao;
+
    private final UserPojoConverter userPojoConverter;

    private final UserResponseConverter userResponseConverter;
@@ -123,8 +122,12 @@ public class UserService {
        return randomPassword;
    }

+    @Transactional
    public void switchEnableStatus(Integer userId, Boolean enable) {
        userDao.updateEnabledByUserId(userId, enable);
+        if (!enable) {
+            loginDao.deleteByUserId(userId);
+        }
    }

    public void removeSysOwnerFrom(Integer userId) {