fix: 修复伪装登录与重置链接返回

2025-12-15 15:15:42 +08:00
parent 2249588e07
commit d2c7e1fb71
2 changed files with 39 additions and 26 deletions
--- a/src/Api/TakeoutSaaS.AdminApi/Controllers/TenantsController.cs
+++ b/src/Api/TakeoutSaaS.AdminApi/Controllers/TenantsController.cs
@@ -359,7 +359,7 @@ public sealed class TenantsController(IMediator mediator) : BaseApiController
        var resetUrl = $"{origin}/#/auth/reset-password?token={Uri.EscapeDataString(token)}";

        // 3. (空行后) 返回链接
-        return ApiResponse<string>.Ok(resetUrl);
+        return ApiResponse<string>.Ok(data: resetUrl);
    }

    /// <summary>
--- a/src/Application/TakeoutSaaS.Application/App/Tenants/Handlers/ImpersonateTenantCommandHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/App/Tenants/Handlers/ImpersonateTenantCommandHandler.cs
@@ -18,6 +18,7 @@ namespace TakeoutSaaS.Application.App.Tenants.Handlers;
 public sealed class ImpersonateTenantCommandHandler(
    ITenantRepository tenantRepository,
    ITenantProvider tenantProvider,
+    ITenantContextAccessor tenantContextAccessor,
    ICurrentUserAccessor currentUserAccessor,
    IAdminAuthService adminAuthService,
    IJwtTokenService jwtTokenService)
@@ -35,6 +36,12 @@ public sealed class ImpersonateTenantCommandHandler(
            throw new BusinessException(ErrorCodes.Forbidden, "仅平台超级管理员可执行伪装登录");
        }

+        // 2. (空行后) 读取操作者信息（在平台租户上下文内）
+        var operatorProfile = await adminAuthService.GetProfileAsync(currentUserAccessor.UserId, cancellationToken);
+        var operatorName = string.IsNullOrWhiteSpace(operatorProfile.DisplayName)
+            ? $"user:{currentUserAccessor.UserId}"
+            : operatorProfile.DisplayName;
+
        // 2. (空行后) 校验租户存在且存在主管理员
        var tenant = await tenantRepository.FindByIdAsync(request.TenantId, cancellationToken)
            ?? throw new BusinessException(ErrorCodes.NotFound, "租户不存在");
@@ -44,32 +51,38 @@ public sealed class ImpersonateTenantCommandHandler(
            throw new BusinessException(ErrorCodes.BadRequest, "该租户未配置主管理员账号，无法伪装登录");
        }

-        // 3. (空行后) 为租户主管理员签发令牌
-        var targetProfile = await adminAuthService.GetProfileAsync(tenant.PrimaryOwnerUserId.Value, cancellationToken);
-        var token = await jwtTokenService.CreateTokensAsync(targetProfile, false, cancellationToken);
-
-        // 4. (空行后) 写入审计日志
-        var operatorProfile = await adminAuthService.GetProfileAsync(currentUserAccessor.UserId, cancellationToken);
-        var operatorName = string.IsNullOrWhiteSpace(operatorProfile.DisplayName)
-            ? $"user:{currentUserAccessor.UserId}"
-            : operatorProfile.DisplayName;
-
-        var auditLog = new TenantAuditLog
+        // 3. (空行后) 进入目标租户上下文以读取租户内用户（避免多租户查询过滤导致找不到用户）
+        var originalTenantContext = tenantContextAccessor.Current;
+        tenantContextAccessor.Current = new TenantContext(tenant.Id, null, "admin:impersonate");
+        try
        {
-            TenantId = tenant.Id,
-            Action = TenantAuditAction.ImpersonatedLogin,
-            Title = "伪装登录",
-            Description = $"操作者：{operatorName}，目标账号：{targetProfile.Account}",
-            OperatorId = currentUserAccessor.UserId,
-            OperatorName = operatorName,
-            PreviousStatus = tenant.Status,
-            CurrentStatus = tenant.Status
-        };
-        await tenantRepository.AddAuditLogAsync(auditLog, cancellationToken);
-        await tenantRepository.SaveChangesAsync(cancellationToken);
+            // 4. 为租户主管理员签发令牌
+            var targetProfile = await adminAuthService.GetProfileAsync(tenant.PrimaryOwnerUserId.Value, cancellationToken);
+            var token = await jwtTokenService.CreateTokensAsync(targetProfile, false, cancellationToken);

-        // 5. (空行后) 返回令牌
-        return token;
+            // 5. (空行后) 恢复租户上下文后写入审计日志
+            tenantContextAccessor.Current = originalTenantContext;
+            var auditLog = new TenantAuditLog
+            {
+                TenantId = tenant.Id,
+                Action = TenantAuditAction.ImpersonatedLogin,
+                Title = "伪装登录",
+                Description = $"操作者：{operatorName}，目标账号：{targetProfile.Account}",
+                OperatorId = currentUserAccessor.UserId,
+                OperatorName = operatorName,
+                PreviousStatus = tenant.Status,
+                CurrentStatus = tenant.Status
+            };
+            await tenantRepository.AddAuditLogAsync(auditLog, cancellationToken);
+            await tenantRepository.SaveChangesAsync(cancellationToken);
+
+            // 6. (空行后) 返回令牌
+            return token;
+        }
+        finally
+        {
+            // 7. (空行后) 确保恢复租户上下文
+            tenantContextAccessor.Current = originalTenantContext;
+        }
    }
 }
-