超级管理员权限问题

[Hill4109]

稳定master分支下载的cachecloud，正常admin用户密码修改过后，admin登录需要用新的密码。但是Admin用户（第一个字母大写），使用默认密码可以登录，目前会被攻破，虽说是内网，也希望有解决办法

[githubname1024]

@Hill4109 I got the info from you as below. The super user's name in your cachecloud system is admin. (Not Admin) But when you login with Admin, you will login successfully.

And I check the code, it did happen repeatedly in some case. In cachecloud project, it will get user from mysql by username. And if not specially config, mysql is case insensitive. To avoid this, try one mean as below.

1. Please check whether you config the ldap url in the system config. Or update the passportCheck func in the com.sohu.cache.web.util.LoginUtil.
2. Update the AppUserDao.xml mapper file. Update getByName func add binary in where clause like select * from app_user where binary name = #{name};
3. delete the admin user and config a new super user. This means does not fix absolutely. It just forbid the default admin user.

We will fix it in main branch.

[githubname1024]

We have fix it in main branch.

[Hill4109]

您好，用户问题修复了，感谢。 另外产生新的问题了，目前直接访问ip:8080 自动admin用户登录，这个感觉略过登录校验了，另外普通用户可以设置密码吗？

[xishian]

您好，用户问题修复了，感谢。 另外产生新的问题了，目前直接访问ip:8080 自动admin用户登录，这个感觉略过登录校验了，另外普通用户可以设置密码吗？

UserLoginStatusCookieServiceImpl里面跳过了对local环境的用户认证，换个profile就好了

    @Override
    public String getUserNameFromLoginStatus(HttpServletRequest request) {
        if (EnvUtil.isLocal(environment)) {
            //todo for local
            return "admin";
        }
        //other codes...
    }