|
@@ -68,6 +68,7 @@ public class ActionApi {
|
|
|
//TODO 新逻辑 传递的reqid加上了自定义的字符串newReqid+时间,
|
|
//TODO 新逻辑 传递的reqid加上了自定义的字符串newReqid+时间,
|
|
|
//TODO 所以要取掉该字符串以便保证原逻辑不变的情况下设定每分钟更新新的reqid的进行验证,即当前系统会话内每一分钟传递新的reqid
|
|
//TODO 所以要取掉该字符串以便保证原逻辑不变的情况下设定每分钟更新新的reqid的进行验证,即当前系统会话内每一分钟传递新的reqid
|
|
|
logger.info("reqid=" + validateMessage.getReqid());
|
|
logger.info("reqid=" + validateMessage.getReqid());
|
|
|
|
|
+ String newReqid = "";
|
|
|
if (!StringUtils.isEmpty(validateMessage.getReqid())) {
|
|
if (!StringUtils.isEmpty(validateMessage.getReqid())) {
|
|
|
String reqid = validateMessage.getReqid();
|
|
String reqid = validateMessage.getReqid();
|
|
|
if (reqid.indexOf("newReqid") > 0) {
|
|
if (reqid.indexOf("newReqid") > 0) {
|
|
@@ -86,6 +87,7 @@ public class ActionApi {
|
|
|
logger.error("reqid已过期");
|
|
logger.error("reqid已过期");
|
|
|
return AjaxResult.error("授权已过期!");
|
|
return AjaxResult.error("授权已过期!");
|
|
|
}
|
|
}
|
|
|
|
|
+ newReqid = reqidlist[1];
|
|
|
}
|
|
}
|
|
|
validateMessage.setReqid(reqidlist[0]);
|
|
validateMessage.setReqid(reqidlist[0]);
|
|
|
}
|
|
}
|
|
@@ -102,7 +104,7 @@ public class ActionApi {
|
|
|
String authCode = validateMessage.getAuthCode();
|
|
String authCode = validateMessage.getAuthCode();
|
|
|
Dangan dangan = danganService.selectDanganByDanganName(validateMessage.getCid());
|
|
Dangan dangan = danganService.selectDanganByDanganName(validateMessage.getCid());
|
|
|
String keyId = dangan.getKeyId();
|
|
String keyId = dangan.getKeyId();
|
|
|
- String auth = keyId + validateMessage.getReqid();
|
|
|
|
|
|
|
+ String auth = keyId + validateMessage.getReqid()+newReqid;//授权码是传过去什么 加密的就是什么
|
|
|
|
|
|
|
|
auth = new Md5Hash(auth).toHex();
|
|
auth = new Md5Hash(auth).toHex();
|
|
|
if (!auth.equals(authCode)) {
|
|
if (!auth.equals(authCode)) {
|
