fix: 修复伪装登录与重置链接返回
This commit is contained in:
@@ -359,7 +359,7 @@ public sealed class TenantsController(IMediator mediator) : BaseApiController
|
|||||||
var resetUrl = $"{origin}/#/auth/reset-password?token={Uri.EscapeDataString(token)}";
|
var resetUrl = $"{origin}/#/auth/reset-password?token={Uri.EscapeDataString(token)}";
|
||||||
|
|
||||||
// 3. (空行后) 返回链接
|
// 3. (空行后) 返回链接
|
||||||
return ApiResponse<string>.Ok(resetUrl);
|
return ApiResponse<string>.Ok(data: resetUrl);
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
|
|||||||
@@ -18,6 +18,7 @@ namespace TakeoutSaaS.Application.App.Tenants.Handlers;
|
|||||||
public sealed class ImpersonateTenantCommandHandler(
|
public sealed class ImpersonateTenantCommandHandler(
|
||||||
ITenantRepository tenantRepository,
|
ITenantRepository tenantRepository,
|
||||||
ITenantProvider tenantProvider,
|
ITenantProvider tenantProvider,
|
||||||
|
ITenantContextAccessor tenantContextAccessor,
|
||||||
ICurrentUserAccessor currentUserAccessor,
|
ICurrentUserAccessor currentUserAccessor,
|
||||||
IAdminAuthService adminAuthService,
|
IAdminAuthService adminAuthService,
|
||||||
IJwtTokenService jwtTokenService)
|
IJwtTokenService jwtTokenService)
|
||||||
@@ -35,6 +36,12 @@ public sealed class ImpersonateTenantCommandHandler(
|
|||||||
throw new BusinessException(ErrorCodes.Forbidden, "仅平台超级管理员可执行伪装登录");
|
throw new BusinessException(ErrorCodes.Forbidden, "仅平台超级管理员可执行伪装登录");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// 2. (空行后) 读取操作者信息(在平台租户上下文内)
|
||||||
|
var operatorProfile = await adminAuthService.GetProfileAsync(currentUserAccessor.UserId, cancellationToken);
|
||||||
|
var operatorName = string.IsNullOrWhiteSpace(operatorProfile.DisplayName)
|
||||||
|
? $"user:{currentUserAccessor.UserId}"
|
||||||
|
: operatorProfile.DisplayName;
|
||||||
|
|
||||||
// 2. (空行后) 校验租户存在且存在主管理员
|
// 2. (空行后) 校验租户存在且存在主管理员
|
||||||
var tenant = await tenantRepository.FindByIdAsync(request.TenantId, cancellationToken)
|
var tenant = await tenantRepository.FindByIdAsync(request.TenantId, cancellationToken)
|
||||||
?? throw new BusinessException(ErrorCodes.NotFound, "租户不存在");
|
?? throw new BusinessException(ErrorCodes.NotFound, "租户不存在");
|
||||||
@@ -44,32 +51,38 @@ public sealed class ImpersonateTenantCommandHandler(
|
|||||||
throw new BusinessException(ErrorCodes.BadRequest, "该租户未配置主管理员账号,无法伪装登录");
|
throw new BusinessException(ErrorCodes.BadRequest, "该租户未配置主管理员账号,无法伪装登录");
|
||||||
}
|
}
|
||||||
|
|
||||||
// 3. (空行后) 为租户主管理员签发令牌
|
// 3. (空行后) 进入目标租户上下文以读取租户内用户(避免多租户查询过滤导致找不到用户)
|
||||||
var targetProfile = await adminAuthService.GetProfileAsync(tenant.PrimaryOwnerUserId.Value, cancellationToken);
|
var originalTenantContext = tenantContextAccessor.Current;
|
||||||
var token = await jwtTokenService.CreateTokensAsync(targetProfile, false, cancellationToken);
|
tenantContextAccessor.Current = new TenantContext(tenant.Id, null, "admin:impersonate");
|
||||||
|
try
|
||||||
// 4. (空行后) 写入审计日志
|
|
||||||
var operatorProfile = await adminAuthService.GetProfileAsync(currentUserAccessor.UserId, cancellationToken);
|
|
||||||
var operatorName = string.IsNullOrWhiteSpace(operatorProfile.DisplayName)
|
|
||||||
? $"user:{currentUserAccessor.UserId}"
|
|
||||||
: operatorProfile.DisplayName;
|
|
||||||
|
|
||||||
var auditLog = new TenantAuditLog
|
|
||||||
{
|
{
|
||||||
TenantId = tenant.Id,
|
// 4. 为租户主管理员签发令牌
|
||||||
Action = TenantAuditAction.ImpersonatedLogin,
|
var targetProfile = await adminAuthService.GetProfileAsync(tenant.PrimaryOwnerUserId.Value, cancellationToken);
|
||||||
Title = "伪装登录",
|
var token = await jwtTokenService.CreateTokensAsync(targetProfile, false, cancellationToken);
|
||||||
Description = $"操作者:{operatorName},目标账号:{targetProfile.Account}",
|
|
||||||
OperatorId = currentUserAccessor.UserId,
|
|
||||||
OperatorName = operatorName,
|
|
||||||
PreviousStatus = tenant.Status,
|
|
||||||
CurrentStatus = tenant.Status
|
|
||||||
};
|
|
||||||
await tenantRepository.AddAuditLogAsync(auditLog, cancellationToken);
|
|
||||||
await tenantRepository.SaveChangesAsync(cancellationToken);
|
|
||||||
|
|
||||||
// 5. (空行后) 返回令牌
|
// 5. (空行后) 恢复租户上下文后写入审计日志
|
||||||
return token;
|
tenantContextAccessor.Current = originalTenantContext;
|
||||||
|
var auditLog = new TenantAuditLog
|
||||||
|
{
|
||||||
|
TenantId = tenant.Id,
|
||||||
|
Action = TenantAuditAction.ImpersonatedLogin,
|
||||||
|
Title = "伪装登录",
|
||||||
|
Description = $"操作者:{operatorName},目标账号:{targetProfile.Account}",
|
||||||
|
OperatorId = currentUserAccessor.UserId,
|
||||||
|
OperatorName = operatorName,
|
||||||
|
PreviousStatus = tenant.Status,
|
||||||
|
CurrentStatus = tenant.Status
|
||||||
|
};
|
||||||
|
await tenantRepository.AddAuditLogAsync(auditLog, cancellationToken);
|
||||||
|
await tenantRepository.SaveChangesAsync(cancellationToken);
|
||||||
|
|
||||||
|
// 6. (空行后) 返回令牌
|
||||||
|
return token;
|
||||||
|
}
|
||||||
|
finally
|
||||||
|
{
|
||||||
|
// 7. (空行后) 确保恢复租户上下文
|
||||||
|
tenantContextAccessor.Current = originalTenantContext;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user