修复漏洞问题——限制注册时候不能修改手机号和openid

2026-05-06 12:05:12 +08:00
parent 35feb9a147
commit d0ba77ae92
2 changed files with 12 additions and 3 deletions
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java
@@ -16,7 +16,6 @@ import com.ruoyi.common.utils.ip.IpUtils;
 import com.ruoyi.framework.web.service.OauthLoginHlwService;
 import com.ruoyi.framework.web.service.OauthLoginService;
 import io.swagger.annotations.ApiOperation;
-import org.apache.commons.collections4.CollectionUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.*;
@@ -248,6 +247,16 @@ public class SysLoginController
            return AjaxResult.error("请求过于频繁，请稍后再试");
        }

+        //手机号和openid不能修改
+        if(registerBody.getAppUser()!=null){
+            AppUser appUser=registerBody.getAppUser();
+            if (StringUtils.isNotBlank(appUser.getPhone()) || StringUtils.isNotBlank(appUser.getOpenid())) {
+                return AjaxResult.error("信息完善接口不允许修改手机号或openid");
+            }
+            appUser.setPhone(null);
+            appUser.setOpenid(null);
+        }
+
        String token=loginService.registerAppUser(registerBody);
        return AjaxResult.success().put("token",token);
    }