Closed Hill4109 closed 2 years ago
@Hill4109 I got the info from you as below. The super user's name in your cachecloud system is admin. (Not Admin) But when you login with Admin, you will login successfully.
And I check the code, it did happen repeatedly in some case. In cachecloud project, it will get user from mysql by username. And if not specially config, mysql is case insensitive. To avoid this, try one mean as below.
We will fix it in main branch.
We have fix it in main branch.
您好,用户问题修复了,感谢。 另外产生新的问题了,目前直接访问ip:8080 自动admin用户登录,这个感觉略过登录校验了,另外普通用户可以设置密码吗?
您好,用户问题修复了,感谢。 另外产生新的问题了,目前直接访问ip:8080 自动admin用户登录,这个感觉略过登录校验了,另外普通用户可以设置密码吗?
UserLoginStatusCookieServiceImpl里面跳过了对local环境的用户认证,换个profile就好了
@Override
public String getUserNameFromLoginStatus(HttpServletRequest request) {
if (EnvUtil.isLocal(environment)) {
//todo for local
return "admin";
}
//other codes...
}
稳定master分支下载的cachecloud,正常admin用户密码修改过后,admin登录需要用新的密码。但是Admin用户(第一个字母大写),使用默认密码可以登录,目前会被攻破,虽说是内网,也希望有解决办法