fix: 修复被禁用的账户可以通过短信验证码再次登录的问题

(cherry picked from commit fcfd68ac1c979374d0916ed87995030c465e9428)
2024-06-12 15:20:51 +08:00 · 2024-06-12 15:20:51 +08:00 · 30d0b10c99
parent 97e8c35f70
commit 30d0b10c99
1 changed files with 6 additions and 0 deletions
--- a/yudao-module-member/yudao-module-member-biz/src/main/java/cn/iocoder/yudao/module/member/service/auth/MemberAuthServiceImpl.java
+++ b/yudao-module-member/yudao-module-member-biz/src/main/java/cn/iocoder/yudao/module/member/service/auth/MemberAuthServiceImpl.java
@ -88,6 +88,12 @@ public class MemberAuthServiceImpl implements MemberAuthService {
        MemberUserDO user = userService.createUserIfAbsent(reqVO.getMobile(), userIp, getTerminal());
        Assert.notNull(user, "获取用户失败，结果为空");

+        // 校验是否禁用
+        if (ObjectUtil.notEqual(user.getStatus(), CommonStatusEnum.ENABLE.getStatus())) {
+            createLoginLog(user.getId(), reqVO.getMobile(), LoginLogTypeEnum.LOGIN_SMS, LoginResultEnum.USER_DISABLED);
+            throw exception(AUTH_LOGIN_USER_DISABLED);
+        }
+
        // 如果 socialType 非空，说明需要绑定社交用户
        String openid = null;
        if (reqVO.getSocialType() != null) {