createTokenByAccountOrEmail缺陷,测试密码是否正确时缺少对密码是否为空的判断
Closed this issue · 1 comments
main-voice commented
if (user == null) {
QueryWrapper<User> queryAccountWrapper = new QueryWrapper<>();
queryAccountWrapper.eq("account", accountOrEmail);
user = userMapper.selectOne(queryAccountWrapper);
if (user == null) {
return Result.fail(TCode.ACCOUNT_NOT_EXIST.getCode(), "User does not exist", null);
}
}
boolean matches = passwordEncoder.matches(password, user.getPassword());
if (!matches) {
return Result.fail(TCode.PWD_ERROR.getCode(), TCode.PWD_ERROR.getMsg(), null);
}
在上面的代码中,没有对于密码是否为空的判断,在判断完用户是否存在之后就直接去对密码进行了匹配
main-voice commented
已解决