New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

登陆验证时没有对密码进行加密再比较 #56

Open

ChildHua opened this issue Dec 3, 2019 · 1 comment

ChildHua commented Dec 3, 2019

// GetRootUser 获取root用户
func GetRootUser() *schema.User {
	user := config.Global().Root
	return &schema.User{
		RecordID: user.UserName,
		UserName: user.UserName,
		RealName: user.RealName,
		Password: util.MD5HashString(user.Password),//这里的密码是进行过加密处理的
	}
}


func (a *Login) Verify(ctx context.Context, userName, password string) (*schema.User, error) {
	// 检查是否是超级用户
	root := GetRootUser()
	if userName == root.UserName && root.Password == password {//而这里的password却没有进行加密再比较
		return root, nil
	}

	result, err := a.UserModel.Query(ctx, schema.UserQueryParam{
		UserName: userName,
	})

The text was updated successfully, but these errors were encountered:

Owner

LyricTian commented Dec 3, 2019

嗯，登录时客户端进行了单次MD5加密，配置文件里面写的也是明文，只需要一次MD5加密对比即可。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment