github/cosin
1
0
Fork 0
mirror of https://github.com/chatopera/cosin.git synced 2025-07-16 00:22:22 +08:00
Code Issues Releases Wiki Activity

fix issue781:cwe-613

Browse Source 
Signed-off-by: menghaining <menghaining@ict.ac.cn>
This commit is contained in:
menghaining 2023-03-15 10:59:42 +08:00
parent c2dfd001ba
commit a9a9516b4a
3 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
contact-center/app/src/main/java/com/cskefu/cc/controller/admin/UsersController.java
View File

@ -38,6 +38,7 @@ import com.cskefu.cc.persistence.repository.PbxHostRepository;
import com.cskefu.cc.persistence.repository.RoleRepository;
import com.cskefu.cc.persistence.repository.UserRepository;
import com.cskefu.cc.persistence.repository.UserRoleRepository;
import com.cskefu.cc.proxy.AgentSessionProxy;
import com.cskefu.cc.proxy.OrganProxy;
import com.cskefu.cc.proxy.UserProxy;
import com.cskefu.cc.util.Menu;
@ -163,6 +164,9 @@ public class UsersController extends Handler {
organUserRes.delete(organUsers);
userRepository.delete(dbUser);
AgentSessionProxy agentSessionProxy = MainContext.getContext().getBean(AgentSessionProxy.class);
agentSessionProxy.deleteUserSession(dbUser.getId(), dbUser.getOrgi());
}
} else {
msg = "admin_user_not_exist";

10
contact-center/app/src/main/java/com/cskefu/cc/interceptor/UserInterceptorHandler.java
View File

@ -24,6 +24,7 @@ import com.cskefu.cc.model.Dict;
import com.cskefu.cc.model.Organ;
import com.cskefu.cc.model.SystemConfig;
import com.cskefu.cc.model.User;
import com.cskefu.cc.proxy.AgentSessionProxy;
import com.cskefu.cc.proxy.OrganProxy;
import com.cskefu.cc.proxy.UserProxy;
import com.cskefu.cc.util.Menu;
@ -52,6 +53,15 @@ public class UserInterceptorHandler extends HandlerInterceptorAdapter {
User user = (User) request.getSession(true).getAttribute(Constants.USER_SESSION_NAME);
Organ organ = (Organ) request.getSession(true).getAttribute(Constants.ORGAN_SESSION_NAME);
if(user != null){
AgentSessionProxy agentSessionProxy = MainContext.getContext().getBean(AgentSessionProxy.class);
if(agentSessionProxy.isInvalidSessionId(user.getId(),MainUtils.getContextID(request.getSession().getId()),user.getOrgi())){
request.getSession().invalidate();
response.sendRedirect("/login.html");
return false;
}
}
if (handler instanceof HandlerMethod) {
HandlerMethod handlerMethod = (HandlerMethod) handler;
Menu menu = handlerMethod.getMethod().getAnnotation(Menu.class);

7
contact-center/app/src/main/java/com/cskefu/cc/proxy/AgentSessionProxy.java
View File

@ -105,4 +105,11 @@ public class AgentSessionProxy {
// logger.info("[isInvalidSessionId] result {}", result);
return result;
}
public void deleteUserSession(final String agentno, final String orgi) {
if (cache.existUserSessionByAgentnoAndOrgi(agentno, orgi)) {
logger.info("[deleteUserSession] agentno {}, orgi {}", agentno, orgi);
cache.deleteUserSessionByAgentnoAndOrgi(agentno, orgi);
}
}
}