fix bug #89

hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/AuthorizationController.java

@@ -32,6 +32,7 @@ import org.hswebframework.web.logging.AccessLogger;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.http.MediaType;
+import org.springframework.util.Assert;
 import org.springframework.web.bind.annotation.*;
 
 import javax.servlet.http.HttpServletRequest;
@@ -77,9 +78,8 @@ public class AuthorizationController {
     public ResponseMessage<Map<String, Object>> authorize(@ApiParam(example = "{\"username\":\"admin\",\"password\":\"admin\"}")
                                                           @RequestBody Map<String, String> parameter) {
 
-        return doLogin(Objects.requireNonNull(parameter.get("username"), "用户名不能为空")
-                , Objects.requireNonNull(parameter.get("password"), "密码不能为空")
-                , parameter);
+
+        return doLogin(parameter.get("username"), parameter.get("password"), parameter);
     }
 
     @PostMapping(value = "/login", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
@@ -93,6 +93,9 @@ public class AuthorizationController {
 
     @SneakyThrows
     protected ResponseMessage<Map<String, Object>> doLogin(String username, String password, Map<String, ?> parameter) {
+        Assert.hasLength(username, "用户名不能为空");
+        Assert.hasLength(password, "密码不能为空");
+
         AuthorizationFailedEvent.Reason reason = AuthorizationFailedEvent.Reason.OTHER;
         Function<String, Object> parameterGetter = parameter::get;
         try {

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-local/src/main/java/org/hswebframework/web/service/authorization/simple/SimpleUserService.java

@@ -25,6 +25,7 @@ import org.springframework.cache.annotation.Caching;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
+import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 
@@ -78,7 +79,7 @@ public class SimpleUserService extends AbstractService<UserEntity, String>
     @Override
     @Transactional(readOnly = true)
     public UserEntity selectByUsername(String username) {
-        if (null == username) {
+        if (!StringUtils.hasLength(username)) {
             return null;
         }
         return createQuery().where("username", username).single();
@@ -87,8 +88,8 @@ public class SimpleUserService extends AbstractService<UserEntity, String>
     @Override
     @Transactional(readOnly = true)
     public UserEntity selectByUserNameAndPassword(String plainUsername, String plainPassword) {
-        Objects.requireNonNull(plainUsername);
-        Objects.requireNonNull(plainPassword);
+        Assert.hasLength(plainUsername, "用户名不能为空");
+        Assert.hasLength(plainPassword, "密码不能为空");
 
         return Optional.ofNullable(selectByUsername(plainUsername))
                 .filter(user -> encodePassword(plainPassword, user.getSalt()).equals(user.getPassword()))

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/test/groovy/org/hswebframework/web/authorization/starter/FixBug89Test.groovy

@@ -0,0 +1,73 @@
+package org.hswebframework.web.authorization.starter
+
+import com.alibaba.fastjson.JSON
+import org.hswebframework.web.entity.authorization.UserEntity
+import org.hswebframework.web.service.authorization.UserService
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.boot.test.context.SpringBootTest
+import org.springframework.context.ConfigurableApplicationContext
+import org.springframework.context.annotation.Configuration
+import org.springframework.http.MediaType
+import org.springframework.test.context.ContextConfiguration
+import org.springframework.test.context.web.WebAppConfiguration
+import org.springframework.test.web.servlet.MockMvc
+import org.springframework.test.web.servlet.setup.MockMvcBuilders
+import spock.lang.Shared
+import spock.lang.Specification
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*
+
+
+@WebAppConfiguration
+@ContextConfiguration
+@SpringBootTest(classes = [TestApplication.class], properties = ["classpath:application.yml"])
+@Configuration
+class FixBug89Test extends Specification {
+
+    @Autowired
+    private ConfigurableApplicationContext context;
+
+    @Shared
+    private MockMvc mockMvc;
+
+    @Autowired
+    private UserService userService;
+
+
+    void setup() {
+        mockMvc = MockMvcBuilders.webAppContextSetup(context).build();
+        UserEntity userEntity = userService.createEntity();
+        userEntity.setName("test");
+        userEntity.setUsername("fix-bug#89");
+        userEntity.setPassword("fix-bug#89");
+        if (userService.selectByUsername("fix-bug#89") == null) {
+            userService.insert(userEntity);
+        }
+    }
+
+    def doLogin(username, password) {
+        def response = mockMvc.perform(post("/authorize/login")
+                .contentType(MediaType.APPLICATION_JSON)
+                .content("""{"username":"${username}","password":"${password}"}"""))
+//                .andExpect(status().is(200))
+                .andReturn()
+                .getResponse()
+                .getContentAsString()
+        return JSON.parseObject(response).get("status");
+    }
+
+    def "测试用户名为空时登录依旧能登录成功问题"() {
+        given:
+        def user = userService.selectByUserNameAndPassword("fix-bug#89", "fix-bug#89");
+        expect:
+        user != null
+        doLogin(username, password) == code
+        where:
+        username     | password     | code
+        "fix-bug#89" | "fix-bug#89" | 200
+        "fix-bug#89" | ""           | 400
+        ""           | "fix-bug#89" | 400
+        ""           | ""           | 400
+
+
+    }
+}

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/test/groovy/org/hswebframework/web/authorization/starter/TestApplication.java

@@ -1,6 +1,9 @@
 package org.hswebframework.web.authorization.starter;
 
+import org.hswebframework.web.authorization.basic.web.AuthorizationController;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.test.context.web.WebAppConfiguration;
 
 /**
@@ -9,6 +12,13 @@ import org.springframework.test.context.web.WebAppConfiguration;
  */
 @SpringBootApplication
 @WebAppConfiguration
+@Configuration
 public class TestApplication {
 
+    @Bean
+    public AuthorizationController authorizationController() {
+        return new AuthorizationController();
+    }
+
+
 }