From 84e8bb69e06cdd66eba6ab43b2fd91558013906e Mon Sep 17 00:00:00 2001
From: ShaBaoFa <wlfpanda1012@gmail.com>
Date: Fri, 5 Jul 2024 22:01:52 +0800
Subject: [PATCH] =?UTF-8?q?FIX=20:=20=E7=94=A8=E6=88=B7=E4=BF=A1=E6=81=AFp?=
 =?UTF-8?q?assword=E5=AD=97=E6=AE=B5=E9=9A=90=E8=97=8F.=E9=81=BF=E5=85=8D?=
 =?UTF-8?q?=E5=AE=89=E5=85=A8=E9=9A=90=E6=82=A3.=20(#297)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* LoginListener.php: 修复因为多点登录复用同一个token导致该账号最近一次登录的设备登出就无法获得正确的用户在线情况
SystemUserService.php: 1. 重写 token-key 正则匹配 2. kickUser 保证获取到所有token，一次性全部下线。 3. hasTokenBlack 只判断传入token所在scene的情况，否则会导致判断多重scene而导致在线用户监控列表出错。

* fix 用户返回信息会出现password字段，虽然是加密过的字段，但依旧存在安全隐患。故隐藏。

* UserAuthService.php 修复因为隐藏password导致user模型 toarray之后无法获取password导致登录流程出错的问题

* UserAuthService.php fix:获取主键value 而不是主键 key （Tab 按快了）
---
 app/System/Model/SystemUser.php                   |  6 ++++++
 .../Service/Dependencies/UserAuthService.php      | 15 ++++++++-------
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/app/System/Model/SystemUser.php b/app/System/Model/SystemUser.php
index 210f66c9..77b5e2c8 100644
--- a/app/System/Model/SystemUser.php
+++ b/app/System/Model/SystemUser.php
@@ -61,6 +61,12 @@ class SystemUser extends MineModel
      */
     protected ?string $table = 'system_user';
 
+    /**
+     * 隐藏的字段列表.
+     * @var string[]
+     */
+    protected array $hidden = ['password', 'deleted_at'];
+
     /**
      * The attributes that are mass assignable.
      */
diff --git a/app/System/Service/Dependencies/UserAuthService.php b/app/System/Service/Dependencies/UserAuthService.php
index e6840949..29fa8731 100644
--- a/app/System/Service/Dependencies/UserAuthService.php
+++ b/app/System/Service/Dependencies/UserAuthService.php
@@ -45,14 +45,15 @@ public function login(UserServiceVo $userServiceVo): string
         $mapper = container()->get(SystemUserMapper::class);
         try {
             event(new UserLoginBefore(['username' => $userServiceVo->getUsername(), 'password' => $userServiceVo->getPassword()]));
-            $userinfo = $mapper->checkUserByUsername($userServiceVo->getUsername())->toArray();
-            $password = $userinfo['password'];
-            unset($userinfo['password']);
-            $userLoginAfter = new UserLoginAfter($userinfo);
-            if ($mapper->checkPass($userServiceVo->getPassword(), $password)) {
+            /**
+             * @var SystemUser $userinfo
+             */
+            $userinfo = $mapper->checkUserByUsername($userServiceVo->getUsername());
+            $userLoginAfter = new UserLoginAfter($userinfo->toArray());
+            if ($mapper->checkPass($userServiceVo->getPassword(), $userinfo->password)) {
                 if (
-                    ($userinfo['status'] == SystemUser::USER_NORMAL)
-                    || ($userinfo['status'] == SystemUser::USER_BAN && $userinfo['id'] == env('SUPER_ADMIN'))
+                    ($userinfo->status == SystemUser::USER_NORMAL)
+                    || ($userinfo->status == SystemUser::USER_BAN && $userinfo->getKey() == env('SUPER_ADMIN'))
                 ) {
                     $userLoginAfter->message = t('jwt.login_success');
                     $token = user()->getToken($userLoginAfter->userinfo);