feat: 支持租户伪装登录与管理员重置链接
This commit is contained in:
@@ -0,0 +1,25 @@
|
||||
namespace TakeoutSaaS.Application.Identity.Abstractions;
|
||||
|
||||
/// <summary>
|
||||
/// 管理后台“重置密码链接”令牌存储。
|
||||
/// </summary>
|
||||
public interface IAdminPasswordResetTokenStore
|
||||
{
|
||||
/// <summary>
|
||||
/// 签发一次性重置令牌。
|
||||
/// </summary>
|
||||
/// <param name="userId">目标用户 ID。</param>
|
||||
/// <param name="expiresAt">过期时间(UTC)。</param>
|
||||
/// <param name="cancellationToken">取消标记。</param>
|
||||
/// <returns>令牌值。</returns>
|
||||
Task<string> IssueAsync(long userId, DateTime expiresAt, CancellationToken cancellationToken = default);
|
||||
|
||||
/// <summary>
|
||||
/// 消费一次性重置令牌(成功后即删除)。
|
||||
/// </summary>
|
||||
/// <param name="token">令牌值。</param>
|
||||
/// <param name="cancellationToken">取消标记。</param>
|
||||
/// <returns>令牌绑定的用户 ID;不存在/过期返回 null。</returns>
|
||||
Task<long?> ConsumeAsync(string token, CancellationToken cancellationToken = default);
|
||||
}
|
||||
|
||||
@@ -0,0 +1,20 @@
|
||||
using MediatR;
|
||||
|
||||
namespace TakeoutSaaS.Application.Identity.Commands;
|
||||
|
||||
/// <summary>
|
||||
/// 通过重置链接令牌重置管理员密码命令。
|
||||
/// </summary>
|
||||
public sealed record ResetAdminPasswordByTokenCommand : IRequest
|
||||
{
|
||||
/// <summary>
|
||||
/// 一次性重置令牌。
|
||||
/// </summary>
|
||||
public required string Token { get; init; }
|
||||
|
||||
/// <summary>
|
||||
/// 新密码(明文,仅用于服务端哈希)。
|
||||
/// </summary>
|
||||
public required string NewPassword { get; init; }
|
||||
}
|
||||
|
||||
@@ -0,0 +1,18 @@
|
||||
namespace TakeoutSaaS.Application.Identity.Contracts;
|
||||
|
||||
/// <summary>
|
||||
/// 通过重置链接令牌重置管理员密码请求。
|
||||
/// </summary>
|
||||
public sealed class ResetAdminPasswordRequest
|
||||
{
|
||||
/// <summary>
|
||||
/// 一次性重置令牌。
|
||||
/// </summary>
|
||||
public string Token { get; init; } = string.Empty;
|
||||
|
||||
/// <summary>
|
||||
/// 新密码。
|
||||
/// </summary>
|
||||
public string NewPassword { get; init; } = string.Empty;
|
||||
}
|
||||
|
||||
@@ -0,0 +1,57 @@
|
||||
using MediatR;
|
||||
using Microsoft.AspNetCore.Identity;
|
||||
using TakeoutSaaS.Application.Identity.Abstractions;
|
||||
using TakeoutSaaS.Application.Identity.Commands;
|
||||
using TakeoutSaaS.Domain.Identity.Entities;
|
||||
using TakeoutSaaS.Domain.Identity.Repositories;
|
||||
using TakeoutSaaS.Shared.Abstractions.Constants;
|
||||
using TakeoutSaaS.Shared.Abstractions.Exceptions;
|
||||
|
||||
namespace TakeoutSaaS.Application.Identity.Handlers;
|
||||
|
||||
/// <summary>
|
||||
/// 通过重置链接令牌重置管理员密码处理器。
|
||||
/// </summary>
|
||||
public sealed class ResetAdminPasswordByTokenCommandHandler(
|
||||
IAdminPasswordResetTokenStore tokenStore,
|
||||
IIdentityUserRepository userRepository,
|
||||
IPasswordHasher<IdentityUser> passwordHasher)
|
||||
: IRequestHandler<ResetAdminPasswordByTokenCommand>
|
||||
{
|
||||
/// <inheritdoc />
|
||||
public async Task Handle(ResetAdminPasswordByTokenCommand request, CancellationToken cancellationToken)
|
||||
{
|
||||
// 1. 参数校验
|
||||
var token = request.Token?.Trim() ?? string.Empty;
|
||||
if (string.IsNullOrWhiteSpace(token))
|
||||
{
|
||||
throw new BusinessException(ErrorCodes.BadRequest, "重置令牌不能为空");
|
||||
}
|
||||
|
||||
var password = request.NewPassword?.Trim() ?? string.Empty;
|
||||
if (string.IsNullOrWhiteSpace(password))
|
||||
{
|
||||
throw new BusinessException(ErrorCodes.BadRequest, "新密码不能为空");
|
||||
}
|
||||
|
||||
if (password.Length is < 6 or > 32)
|
||||
{
|
||||
throw new BusinessException(ErrorCodes.BadRequest, "新密码长度需为 6~32 位");
|
||||
}
|
||||
|
||||
// 2. (空行后) 校验并消费令牌
|
||||
var userId = await tokenStore.ConsumeAsync(token, cancellationToken);
|
||||
if (!userId.HasValue || userId.Value == 0)
|
||||
{
|
||||
throw new BusinessException(ErrorCodes.BadRequest, "重置链接无效或已过期");
|
||||
}
|
||||
|
||||
// 3. (空行后) 获取用户(可更新)并写入新密码哈希
|
||||
var user = await userRepository.GetForUpdateAsync(userId.Value, cancellationToken)
|
||||
?? throw new BusinessException(ErrorCodes.NotFound, "用户不存在");
|
||||
|
||||
user.PasswordHash = passwordHasher.HashPassword(user, password);
|
||||
await userRepository.SaveChangesAsync(cancellationToken);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user