fix: 修复伪装登录与重置链接返回
This commit is contained in:
@@ -18,6 +18,7 @@ namespace TakeoutSaaS.Application.App.Tenants.Handlers;
|
||||
public sealed class ImpersonateTenantCommandHandler(
|
||||
ITenantRepository tenantRepository,
|
||||
ITenantProvider tenantProvider,
|
||||
ITenantContextAccessor tenantContextAccessor,
|
||||
ICurrentUserAccessor currentUserAccessor,
|
||||
IAdminAuthService adminAuthService,
|
||||
IJwtTokenService jwtTokenService)
|
||||
@@ -35,6 +36,12 @@ public sealed class ImpersonateTenantCommandHandler(
|
||||
throw new BusinessException(ErrorCodes.Forbidden, "仅平台超级管理员可执行伪装登录");
|
||||
}
|
||||
|
||||
// 2. (空行后) 读取操作者信息(在平台租户上下文内)
|
||||
var operatorProfile = await adminAuthService.GetProfileAsync(currentUserAccessor.UserId, cancellationToken);
|
||||
var operatorName = string.IsNullOrWhiteSpace(operatorProfile.DisplayName)
|
||||
? $"user:{currentUserAccessor.UserId}"
|
||||
: operatorProfile.DisplayName;
|
||||
|
||||
// 2. (空行后) 校验租户存在且存在主管理员
|
||||
var tenant = await tenantRepository.FindByIdAsync(request.TenantId, cancellationToken)
|
||||
?? throw new BusinessException(ErrorCodes.NotFound, "租户不存在");
|
||||
@@ -44,32 +51,38 @@ public sealed class ImpersonateTenantCommandHandler(
|
||||
throw new BusinessException(ErrorCodes.BadRequest, "该租户未配置主管理员账号,无法伪装登录");
|
||||
}
|
||||
|
||||
// 3. (空行后) 为租户主管理员签发令牌
|
||||
var targetProfile = await adminAuthService.GetProfileAsync(tenant.PrimaryOwnerUserId.Value, cancellationToken);
|
||||
var token = await jwtTokenService.CreateTokensAsync(targetProfile, false, cancellationToken);
|
||||
|
||||
// 4. (空行后) 写入审计日志
|
||||
var operatorProfile = await adminAuthService.GetProfileAsync(currentUserAccessor.UserId, cancellationToken);
|
||||
var operatorName = string.IsNullOrWhiteSpace(operatorProfile.DisplayName)
|
||||
? $"user:{currentUserAccessor.UserId}"
|
||||
: operatorProfile.DisplayName;
|
||||
|
||||
var auditLog = new TenantAuditLog
|
||||
// 3. (空行后) 进入目标租户上下文以读取租户内用户(避免多租户查询过滤导致找不到用户)
|
||||
var originalTenantContext = tenantContextAccessor.Current;
|
||||
tenantContextAccessor.Current = new TenantContext(tenant.Id, null, "admin:impersonate");
|
||||
try
|
||||
{
|
||||
TenantId = tenant.Id,
|
||||
Action = TenantAuditAction.ImpersonatedLogin,
|
||||
Title = "伪装登录",
|
||||
Description = $"操作者:{operatorName},目标账号:{targetProfile.Account}",
|
||||
OperatorId = currentUserAccessor.UserId,
|
||||
OperatorName = operatorName,
|
||||
PreviousStatus = tenant.Status,
|
||||
CurrentStatus = tenant.Status
|
||||
};
|
||||
await tenantRepository.AddAuditLogAsync(auditLog, cancellationToken);
|
||||
await tenantRepository.SaveChangesAsync(cancellationToken);
|
||||
// 4. 为租户主管理员签发令牌
|
||||
var targetProfile = await adminAuthService.GetProfileAsync(tenant.PrimaryOwnerUserId.Value, cancellationToken);
|
||||
var token = await jwtTokenService.CreateTokensAsync(targetProfile, false, cancellationToken);
|
||||
|
||||
// 5. (空行后) 返回令牌
|
||||
return token;
|
||||
// 5. (空行后) 恢复租户上下文后写入审计日志
|
||||
tenantContextAccessor.Current = originalTenantContext;
|
||||
var auditLog = new TenantAuditLog
|
||||
{
|
||||
TenantId = tenant.Id,
|
||||
Action = TenantAuditAction.ImpersonatedLogin,
|
||||
Title = "伪装登录",
|
||||
Description = $"操作者:{operatorName},目标账号:{targetProfile.Account}",
|
||||
OperatorId = currentUserAccessor.UserId,
|
||||
OperatorName = operatorName,
|
||||
PreviousStatus = tenant.Status,
|
||||
CurrentStatus = tenant.Status
|
||||
};
|
||||
await tenantRepository.AddAuditLogAsync(auditLog, cancellationToken);
|
||||
await tenantRepository.SaveChangesAsync(cancellationToken);
|
||||
|
||||
// 6. (空行后) 返回令牌
|
||||
return token;
|
||||
}
|
||||
finally
|
||||
{
|
||||
// 7. (空行后) 确保恢复租户上下文
|
||||
tenantContextAccessor.Current = originalTenantContext;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user