Merge pull request #803 from menghaining/master

fix issue781:cwe-613
2025-06-16 18:30:03 +08:00 · 2023-03-15 17:11:06 +08:00 · 2023-03-15 17:11:06 +08:00 · 6588e166e2
commit 6588e166e2
parent c2dfd001ba a9a9516b4a
3 changed files with 21 additions and 0 deletions
--- a/contact-center/app/src/main/java/com/cskefu/cc/controller/admin/UsersController.java
+++ b/contact-center/app/src/main/java/com/cskefu/cc/controller/admin/UsersController.java
@ -38,6 +38,7 @@ import com.cskefu.cc.persistence.repository.PbxHostRepository;
 import com.cskefu.cc.persistence.repository.RoleRepository;
 import com.cskefu.cc.persistence.repository.UserRepository;
 import com.cskefu.cc.persistence.repository.UserRoleRepository;
 import com.cskefu.cc.proxy.AgentSessionProxy;
 import com.cskefu.cc.proxy.OrganProxy;
 import com.cskefu.cc.proxy.UserProxy;
 import com.cskefu.cc.util.Menu;
@ -163,6 +164,9 @@ public class UsersController extends Handler {
                organUserRes.delete(organUsers);
                userRepository.delete(dbUser);
                AgentSessionProxy agentSessionProxy = MainContext.getContext().getBean(AgentSessionProxy.class);
                agentSessionProxy.deleteUserSession(dbUser.getId(), dbUser.getOrgi());
            }
        } else {
            msg = "admin_user_not_exist";
--- a/contact-center/app/src/main/java/com/cskefu/cc/interceptor/UserInterceptorHandler.java
+++ b/contact-center/app/src/main/java/com/cskefu/cc/interceptor/UserInterceptorHandler.java
@ -24,6 +24,7 @@ import com.cskefu.cc.model.Dict;
 import com.cskefu.cc.model.Organ;
 import com.cskefu.cc.model.SystemConfig;
 import com.cskefu.cc.model.User;
 import com.cskefu.cc.proxy.AgentSessionProxy;
 import com.cskefu.cc.proxy.OrganProxy;
 import com.cskefu.cc.proxy.UserProxy;
 import com.cskefu.cc.util.Menu;
@ -52,6 +53,15 @@ public class UserInterceptorHandler extends HandlerInterceptorAdapter {
        User user = (User) request.getSession(true).getAttribute(Constants.USER_SESSION_NAME);
        Organ organ = (Organ) request.getSession(true).getAttribute(Constants.ORGAN_SESSION_NAME);
        if(user != null){
            AgentSessionProxy agentSessionProxy = MainContext.getContext().getBean(AgentSessionProxy.class);
            if(agentSessionProxy.isInvalidSessionId(user.getId(),MainUtils.getContextID(request.getSession().getId()),user.getOrgi())){
                request.getSession().invalidate();
                response.sendRedirect("/login.html");
                return false;
            }
        }
        if (handler instanceof HandlerMethod) {
            HandlerMethod handlerMethod = (HandlerMethod) handler;
            Menu menu = handlerMethod.getMethod().getAnnotation(Menu.class);
--- a/contact-center/app/src/main/java/com/cskefu/cc/proxy/AgentSessionProxy.java
+++ b/contact-center/app/src/main/java/com/cskefu/cc/proxy/AgentSessionProxy.java
@ -105,4 +105,11 @@ public class AgentSessionProxy {
 //        logger.info("[isInvalidSessionId] result {}", result);
        return result;
    }
    public void deleteUserSession(final String agentno, final String orgi) {
        if (cache.existUserSessionByAgentnoAndOrgi(agentno, orgi)) {
            logger.info("[deleteUserSession] agentno {}, orgi {}", agentno, orgi);
            cache.deleteUserSessionByAgentnoAndOrgi(agentno, orgi);
        }
    }
 }