diff --git a/Admin.NET/Admin.NET.Core/Service/Auth/SysAuthService.cs b/Admin.NET/Admin.NET.Core/Service/Auth/SysAuthService.cs index 2cc2642f..de12be24 100644 --- a/Admin.NET/Admin.NET.Core/Service/Auth/SysAuthService.cs +++ b/Admin.NET/Admin.NET.Core/Service/Auth/SysAuthService.cs @@ -352,8 +352,8 @@ public class SysAuthService : IDynamicApiController, ITransient // .Where(u => u.Id == _userManager.UserId) // .ExecuteCommandAsync(); - // 更新用户Token版本缓存 - _sysCacheService.Set($"{CacheConst.KeyUserToken}{_userManager.UserId}", $"{_userManager.TokenVersion + 1}"); + //// 更新用户Token版本缓存 退出系统不用更新系统缓存,更新后其他已登录机全都要重新登录。 + //_sysCacheService.Set($"{CacheConst.KeyUserToken}{_userManager.UserId}", $"{_userManager.TokenVersion + 1}"); // 发布系统退出事件 await _eventPublisher.PublishAsync(UserEventTypeEnum.Logout, _userManager); diff --git a/Admin.NET/Admin.NET.Core/Service/User/SysUserService.cs b/Admin.NET/Admin.NET.Core/Service/User/SysUserService.cs index 7c219835..27ddb015 100644 --- a/Admin.NET/Admin.NET.Core/Service/User/SysUserService.cs +++ b/Admin.NET/Admin.NET.Core/Service/User/SysUserService.cs @@ -140,7 +140,8 @@ public class SysUserService : IDynamicApiController, ITransient if (await query.AnyAsync(u => u.Account == input.Account)) throw Oops.Oh(ErrorCodeEnum.D1003); if (!string.IsNullOrWhiteSpace(input.Phone) && await query.AnyAsync(u => u.Phone == input.Phone)) throw Oops.Oh(ErrorCodeEnum.D1032); - input.TokenVersion++; + ////更新用户普通信息时不因更新TokenVersion + //input.TokenVersion++; var user = input.Adapt(); await _sysUserRep.AsUpdateable(user).IgnoreColumns(true).IgnoreColumns(u => new { u.Password, u.Status, u.TenantId }).ExecuteCommandAsync(); @@ -287,13 +288,16 @@ public class SysUserService : IDynamicApiController, ITransient { var user = await _sysUserRep.GetByIdAsync(input.UserId) ?? throw Oops.Oh(ErrorCodeEnum.D0009); - await _sysUserRoleService.GrantUserRole(input); - - // 强制下线账号和失效Token - await OfflineAndExpireToken(user); - - // 发布更新用户角色事件 - await _eventPublisher.PublishAsync(UserEventTypeEnum.UpdateRole, input); + // 若账号的角色发生变化,才更新 + var roles = await _sysUserRoleService.GetUserRoleIdList(input.UserId); + if(!roles.SequenceEqual(input.RoleIdList)) + { + await _sysUserRoleService.GrantUserRole(input); + // 强制下线账号和失效Token + await OfflineAndExpireToken(user); + // 发布更新用户角色事件 + await _eventPublisher.PublishAsync(UserEventTypeEnum.UpdateRole, input); + } } /// @@ -461,8 +465,8 @@ public class SysUserService : IDynamicApiController, ITransient /// private async Task OfflineAndExpireToken(SysUser user) { - // 更新Token版本缓存 - _sysCacheService.Set($"{CacheConst.KeyUserToken}{user.Id}", $"{user.TokenVersion + 1}"); + // 更新Token版本缓存,当角色、机构、密码、重置、删除、状态改变时,Token版本清0 + _sysCacheService.Remove($"{CacheConst.KeyUserToken}{user.Id}"); // 强制下线账号 await _sysOnlineUserService.ForceOfflineByUserId(user.Id); diff --git a/Admin.NET/Admin.NET.Web.Core/Handlers/JwtHandler.cs b/Admin.NET/Admin.NET.Web.Core/Handlers/JwtHandler.cs index 3b55db87..ec38d2c1 100644 --- a/Admin.NET/Admin.NET.Web.Core/Handlers/JwtHandler.cs +++ b/Admin.NET/Admin.NET.Web.Core/Handlers/JwtHandler.cs @@ -49,6 +49,12 @@ namespace Admin.NET.Web.Core { // 查库并缓存用户Token版本 var user = await serviceScope.ServiceProvider.GetRequiredService().Queryable().FirstAsync(u => u.Id == long.Parse(userId)); + if (user == null || user.IsDelete) + { + context.Fail(new AuthorizationFailureReason(this, "账户失效或被禁止")); + context.GetCurrentHttpContext().SignoutToSwagger(); + return; + } sysCacheService.Set($"{CacheConst.KeyUserToken}{user.Id}", $"{user.TokenVersion}"); tokenVersion2 = user.TokenVersion.ToString(); }