提交 0896f37d 编写于 作者: DCloud_JSON's avatar DCloud_JSON

- 修复登陆成功后响应体包含的问题 - 修改了表的schema中字段username的编辑权限,防止用户通过clientDB绕过用户名不能重复的规则更新用户名的问题

上级 88b0cf50
## 1.0.48(2021-08-10)
- 修复登陆成功后响应体包含`userInfo.password`的问题
- 修改了`uni-id-users`表的schema中字段username的编辑权限,防止用户通过clientDB绕过用户名不能重复的规则更新用户名的问题
## 1.0.47(2021-08-09) ## 1.0.47(2021-08-09)
- 更新文档快速体验部署流程 - 更新文档快速体验部署流程
- 修复一键登陆优先时报变量找不到的问题 - 修复一键登陆优先时报变量找不到的问题
......
...@@ -181,7 +181,14 @@ ...@@ -181,7 +181,14 @@
"enable": false "enable": false
}, },
"h5": { "h5": {
"template": "" "template": "",
"sdkConfigs": {
"maps": {
"qqmap": {
"key": ""
}
}
}
}, },
"_spaceID": "", "_spaceID": "",
"vueVersion": "2" "vueVersion": "2"
......
{ {
"id": "uni-starter", "id": "uni-starter",
"displayName": "uni-starter", "displayName": "uni-starter",
"version": "1.0.47", "version": "1.0.48",
"description": "云端一体应用快速开发基本项目模版", "description": "云端一体应用快速开发基本项目模版",
"keywords": [ "keywords": [
"login", "login",
......
...@@ -12,13 +12,19 @@ ...@@ -12,13 +12,19 @@
"bsonType": "string", "bsonType": "string",
"title": "用户名", "title": "用户名",
"description": "用户名,不允许重复", "description": "用户名,不允许重复",
"trim": "both" "trim": "both",
"permission":{
"write":false
}
}, },
"password": { "password": {
"bsonType": "password", "bsonType": "password",
"title": "密码", "title": "密码",
"description": "密码,加密存储", "description": "密码,加密存储",
"trim": "both" "trim": "both",
"permission":{
"write":false
}
}, },
"password_secret_version": { "password_secret_version": {
"bsonType": "int", "bsonType": "int",
......
## 1.0.5(2021-08-10)
- 修复登陆成功后响应体包含userInfo.password的问题
- 新增微信登陆成功后,自动获取用户的微信昵称和头像完善用户个人资料
## 1.0.4(2021-07-31)
- 修复 登录日志在登录失败时不写入记录的 bug
- 修复 写入记录登录是未传递 type 参数的 bug
## 1.0.3(2021-07-02) ## 1.0.3(2021-07-02)
- 框架设定非 admin 不能创建用户, 用户可自定义 - 框架设定非 admin 不能创建用户, 用户可自定义
## 1.0.2(2021-07-01) ## 1.0.2(2021-07-01)
......
{ {
"id": "uni-id-cf", "id": "uni-id-cf",
"displayName": "uni-id-cf", "displayName": "uni-id-cf",
"version": "1.0.3", "version": "1.0.5",
"description": "uni-id-cf", "description": "uni-id-cf",
"keywords": [ "keywords": [
"uni-id-cf", "uni-id-cf",
...@@ -70,6 +70,10 @@ ...@@ -70,6 +70,10 @@
"快应用": { "快应用": {
"华为": "u", "华为": "u",
"联盟": "u" "联盟": "u"
},
"Vue": {
"vue2": "y",
"vue3": "u"
} }
} }
} }
......
uni-id-cf是uni-id-uniCloudFunction的缩写。 #### uni-id-cf是uni-id-uniCloudFunction的缩写。
直接调用他内置的云函数,即可直接使用uni-id的各类api。
#### 直接调用他内置的云函数,即可直接使用uni-id的各类api。
含:登录注册(含用户名密码登录、手机号验证码登录、app一键登录、微信登录、Apple登录、微信小程序登录)、修改密码、忘记密码、退出登录等 含:登录注册(含用户名密码登录、手机号验证码登录、app一键登录、微信登录、Apple登录、微信小程序登录)、修改密码、忘记密码、退出登录等
详细的使用方式见[uni-starter](https://ext.dcloud.net.cn/plugin?id=5057)
\ No newline at end of file > 详细的使用方式见[uni-starter](https://ext.dcloud.net.cn/plugin?id=5057)
\ No newline at end of file
...@@ -63,7 +63,7 @@ exports.main = async (event, context) => { ...@@ -63,7 +63,7 @@ exports.main = async (event, context) => {
} }
//禁止前台用户传递角色 //禁止前台用户传递角色
if (action.slice(0,7) == "loginBy") { if (action.slice(0, 7) == "loginBy") {
if (params.role) { if (params.role) {
return { return {
code: 403, code: 403,
...@@ -75,8 +75,11 @@ exports.main = async (event, context) => { ...@@ -75,8 +75,11 @@ exports.main = async (event, context) => {
//3.注册成功后创建新用户的积分表方法 //3.注册成功后创建新用户的积分表方法
async function registerSuccess(uid) { async function registerSuccess(uid) {
//用户接受邀请 //用户接受邀请
if(inviteCode){ if (inviteCode) {
await uniID.acceptInvite({inviteCode,uid}); await uniID.acceptInvite({
inviteCode,
uid
});
} }
//添加当前用户设备信息 //添加当前用户设备信息
await db.collection('uni-id-device').add({ await db.collection('uni-id-device').add({
...@@ -94,9 +97,6 @@ exports.main = async (event, context) => { ...@@ -94,9 +97,6 @@ exports.main = async (event, context) => {
} }
//4.记录成功登录的日志方法 //4.记录成功登录的日志方法
const loginLog = async (res = {}) => { const loginLog = async (res = {}) => {
if(res.code != 0){
return false
}
const now = Date.now() const now = Date.now()
const uniIdLogCollection = db.collection('uni-id-log') const uniIdLogCollection = db.collection('uni-id-log')
let logData = { let logData = {
...@@ -107,24 +107,29 @@ exports.main = async (event, context) => { ...@@ -107,24 +107,29 @@ exports.main = async (event, context) => {
create_date: now create_date: now
}; };
Object.assign(logData, if(res.code === 0){
res.code === 0 ? { logData.user_id = res.uid
user_id: res.uid, logData.state = 1
state: 1 if(res.userInfo&&res.userInfo.password){
} : { delete res.userInfo.password
state: 0 }
})
if (res.type == 'register') { if (res.type == 'register') {
await registerSuccess(res.uid) await registerSuccess(res.uid)
} else { } else {
if (Object.keys(deviceInfo).length) { if (Object.keys(deviceInfo).length) {
console.log(979797,{deviceInfo,user_id: res}); // console.log(979797, {
// deviceInfo,
// user_id: res
// });
//更新当前用户设备信息 //更新当前用户设备信息
await db.collection('uni-id-device').where({ await db.collection('uni-id-device').where({
user_id: res.uid user_id: res.uid
}).update(deviceInfo) }).update(deviceInfo)
} }
} }
}else{
logData.state = 0
}
return await uniIdLogCollection.add(logData) return await uniIdLogCollection.add(logData)
} }
...@@ -151,6 +156,11 @@ exports.main = async (event, context) => { ...@@ -151,6 +156,11 @@ exports.main = async (event, context) => {
} }
break; break;
case 'bindMobileBySms': case 'bindMobileBySms':
// console.log({
// uid: params.uid,
// mobile: params.mobile,
// code: params.code
// });
res = await uniID.bindMobile({ res = await uniID.bindMobile({
uid: params.uid, uid: params.uid,
mobile: params.mobile, mobile: params.mobile,
...@@ -159,7 +169,9 @@ exports.main = async (event, context) => { ...@@ -159,7 +169,9 @@ exports.main = async (event, context) => {
// console.log(res); // console.log(res);
break; break;
case 'register': case 'register':
var {username, password, nickname} = params var {
username, password, nickname
} = params
if (/^1\d{10}$/.test(username)) { if (/^1\d{10}$/.test(username)) {
return { return {
code: 401, code: 401,
...@@ -172,7 +184,12 @@ exports.main = async (event, context) => { ...@@ -172,7 +184,12 @@ exports.main = async (event, context) => {
msg: '用户名不能是邮箱' msg: '用户名不能是邮箱'
} }
} }
res = await uniID.register({username, password, nickname,inviteCode}); res = await uniID.register({
username,
password,
nickname,
inviteCode
});
if (res.code === 0) { if (res.code === 0) {
await registerSuccess(res.uid) await registerSuccess(res.uid)
} }
...@@ -212,6 +229,7 @@ exports.main = async (event, context) => { ...@@ -212,6 +229,7 @@ exports.main = async (event, context) => {
...params, ...params,
queryField: ['username', 'email', 'mobile'] queryField: ['username', 'email', 'mobile']
}); });
res.type = 'login'
await loginLog(res); await loginLog(res);
needCaptcha = await getNeedCaptcha(); needCaptcha = await getNeedCaptcha();
} }
...@@ -283,11 +301,11 @@ exports.main = async (event, context) => { ...@@ -283,11 +301,11 @@ exports.main = async (event, context) => {
break; break;
case 'sendSmsCode': case 'sendSmsCode':
/* -开始- 测试期间,为节约资源。统一虚拟短信验证码为: 123456;开启以下代码块即可 */ /* -开始- 测试期间,为节约资源。统一虚拟短信验证码为: 123456;开启以下代码块即可 */
return uniID.setVerifyCode({ // return uniID.setVerifyCode({
mobile: params.mobile, // mobile: params.mobile,
code: '123456', // code: '123456',
type: params.type // type: params.type
}) // })
/* -结束- */ /* -结束- */
// 简单限制一下客户端调用频率 // 简单限制一下客户端调用频率
...@@ -392,10 +410,11 @@ exports.main = async (event, context) => { ...@@ -392,10 +410,11 @@ exports.main = async (event, context) => {
} }
break; break;
// ----------- admin api ----------- // =========================== admin api start =========================
case 'registerAdmin': case 'registerAdmin': {
var { var {
username, password username,
password
} = params } = params
let { let {
total total
...@@ -408,11 +427,30 @@ exports.main = async (event, context) => { ...@@ -408,11 +427,30 @@ exports.main = async (event, context) => {
message: '超级管理员已存在,请登录...' message: '超级管理员已存在,请登录...'
} }
} }
return uniID.register({ const appid = params.appid
const appName = params.appName
delete params.appid
delete params.appName
res = await uniID.register({
username, username,
password, password,
role: ["admin"] role: ["admin"]
}) })
if (res.code === 0) {
const app = await db.collection('opendb-app-list').where({
appid
}).count()
if (!app.total) {
await db.collection('opendb-app-list').add({
appid,
name: appName,
description: "admin 管理后台",
create_date: Date.now()
})
}
}
}
break; break;
case 'registerUser': case 'registerUser':
const { const {
...@@ -426,21 +464,75 @@ exports.main = async (event, context) => { ...@@ -426,21 +464,75 @@ exports.main = async (event, context) => {
message: '非法访问, 无权限注册超级管理员', message: '非法访问, 无权限注册超级管理员',
} }
} else { } else {
// 过滤 dcloud_appid,注册用户成功后再提交
const dcloudAppidList = params.dcloud_appid
delete params.dcloud_appid
res = await uniID.register({ res = await uniID.register({
autoSetDcloudAppid: false,
...params ...params
}) })
if (res.code === 0) { if (res.code === 0) {
delete res.token delete res.token
delete res.tokenExpired delete res.tokenExpired
await uniID.setAuthorizedAppLogin({
uid: res.uid,
dcloudAppidList
})
} }
} }
break; break;
case 'updateUser': {
const {
userInfo
} = await uniID.getUserInfo({
uid: params.uid
})
if (userInfo.role.indexOf('admin') === -1) {
res = {
code: 403,
message: '非法访问, 无权限注册超级管理员',
}
} else {
// 过滤 dcloud_appid,注册用户成功后再提交
const dcloudAppidList = params.dcloud_appid
delete params.dcloud_appid
// 过滤 password,注册用户成功后再提交
const password = params.password
delete params.password
// 过滤 uid、id
const id = params.id
delete params.id
delete params.uid
res = await uniID.updateUser({
uid: id,
...params
})
if (res.code === 0) {
if (password) {
await uniID.resetPwd({
uid: id,
password
})
}
await uniID.setAuthorizedAppLogin({
uid: id,
dcloudAppidList
})
}
}
break;
}
case 'getCurrentUserInfo': case 'getCurrentUserInfo':
res = uniID.getUserInfo({ res = await uniID.getUserInfo({
uid: params.uid, uid: params.uid,
...params ...params
}) })
break; break;
// =========================== admin api end =========================
default: default:
res = { res = {
code: 403, code: 403,
......
...@@ -160,8 +160,15 @@ ...@@ -160,8 +160,15 @@
"enable" : false "enable" : false
}, },
"h5" : { "h5" : {
"template" : "" "template" : "",
"sdkConfigs" : {
"maps" : {
"qqmap" : {
"key" : ""
}
}
}
}, },
"_spaceID" : "76ce2c5e-31c7-4d81-8fcf-ed1541ecbc6e", "_spaceID" : "76ce2c5e-31c7-4d81-8fcf-ed1541ecbc6e",
"vueVersion" : "2" "vueVersion" : "3"
} }
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册