From 4496cc4b1f17c4b3de5e954388baeadf04de719d Mon Sep 17 00:00:00 2001
From: 田源 <lastanimals@163.com>
Date: 星期三, 29 十一月 2023 14:49:22 +0800
Subject: [PATCH] Merge remote-tracking branch 'origin/master'

---
 Source/UBCS/ubcs-auth/src/main/java/com/vci/ubcs/auth/service/BladeUserDetailsServiceImpl.java |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/Source/UBCS/ubcs-auth/src/main/java/com/vci/ubcs/auth/service/BladeUserDetailsServiceImpl.java b/Source/UBCS/ubcs-auth/src/main/java/com/vci/ubcs/auth/service/BladeUserDetailsServiceImpl.java
index 9913f8b..eb886d5 100644
--- a/Source/UBCS/ubcs-auth/src/main/java/com/vci/ubcs/auth/service/BladeUserDetailsServiceImpl.java
+++ b/Source/UBCS/ubcs-auth/src/main/java/com/vci/ubcs/auth/service/BladeUserDetailsServiceImpl.java
@@ -31,6 +31,7 @@
 import com.vci.ubcs.common.cache.CacheNames;
 import org.springblade.core.jwt.JwtUtil;
 import org.springblade.core.jwt.props.JwtProperties;
+import org.springblade.core.launch.constant.TokenConstant;
 import org.springblade.core.log.annotation.LoginOrLogoutLog;
 import org.springblade.core.redis.cache.BladeRedis;
 import org.springblade.core.secure.utils.AuthUtil;
@@ -110,6 +111,7 @@
 		// 鑾峰彇绉熸埛ID
 		String headerTenant = request.getHeader(TokenUtil.TENANT_HEADER_KEY);
 		String paramTenant = request.getParameter(TokenUtil.TENANT_PARAM_KEY);
+		String refreshToken = request.getParameter(TokenConstant.REFRESH_TOKEN);
 		String password = request.getParameter(TokenUtil.PASSWORD_KEY);
 		String grantType = request.getParameter(TokenUtil.GRANT_TYPE_KEY);
 		// 鍒ゆ柇绉熸埛璇锋眰澶�
@@ -139,7 +141,9 @@
 
 		//瓒呯骇绠＄悊鍛橀厤缃枃浠堕厤缃处鍙峰瘑鐮侊紝瀹炵幇鐧诲綍, 榛樿绉熸埛id鍜岃秴绠′负閰嶇疆鍑烘潵鐨�
 		if(tenantId.equals(this.tenantId) && userName.equals(username)){
-			if (!this.userName.equals(username) || !BladePasswordEncoderFactories.createDelegatingPasswordEncoder().encode(password).equalsIgnoreCase(AuthConstant.ENCRYPT+this.password)) {
+			if (Func.isBlank(refreshToken)/*鍒锋柊token涓嶇敤鏍￠獙瀵嗙爜*/
+				&& (!this.userName.equals(username) || !BladePasswordEncoderFactories.createDelegatingPasswordEncoder().encode(password).equalsIgnoreCase(AuthConstant.ENCRYPT+this.password))
+			) {
 				setFailCount(tenantId, username, count,strategy.getLockingTime());
 				throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND+"杩樻湁銆�"+(failCount-count)+"銆戞灏濊瘯鏈轰細!");
 			}

--
Gitblit v1.9.3