ahdoawhfo/netdisk-fast-download
1
0
Fork 0
mirror of https://github.com/qaiu/netdisk-fast-download.git synced 2026-06-11 07:57:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

修复登录用户枚举和异常信息泄露:统一登录失败提示为'用户名或密码错误',隐藏数据库异常详情

Browse Source
This commit is contained in:
yukaidi
2026-05-29 02:19:22 +08:00
parent 36b38421e5
commit 4159b884de
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
web-service/src/main/java/cn/qaiu/lz/web/service/impl/UserServiceImpl.java
View File

@@ -125,18 +125,18 @@ public class UserServiceImpl implements UserService {
if (rows.size() == 0) { if (rows.size() == 0) {
promise.complete(new JsonObject() promise.complete(new JsonObject()
.put("success", false) .put("success", false)
.put("message", "用户不存在")); .put("message", "用户名或密码错误"));
return; return;
} }
Row row = rows.iterator().next(); Row row = rows.iterator().next();
SysUser existUser = rowToUser(row); SysUser existUser = rowToUser(row);
// 验证密码 // 验证密码
if (!PasswordUtil.checkPassword(user.getPassword(), existUser.getPassword())) { if (!PasswordUtil.checkPassword(user.getPassword(), existUser.getPassword())) {
promise.complete(new JsonObject() promise.complete(new JsonObject()
.put("success", false) .put("success", false)
.put("message", "密码错误")); .put("message", "用户名或密码错误"));
return; return;
} }
@@ -169,7 +169,7 @@ public class UserServiceImpl implements UserService {
log.error("登录查询失败", err); log.error("登录查询失败", err);
promise.complete(new JsonObject() promise.complete(new JsonObject()
.put("success", false) .put("success", false)
.put("message", "登录失败: " + err.getMessage())); .put("message", "登录失败,请稍后重试"));
}); });
return promise.future(); return promise.future();