From b4590fdfaee127256dd61ff387ad981633d5e647 Mon Sep 17 00:00:00 2001 From: cKey <35512826+colinin@users.noreply.github.com> Date: Fri, 22 Apr 2022 16:30:15 +0800 Subject: [PATCH] =?UTF-8?q?security:=20=E6=A3=80=E6=9F=A5=E6=9C=AA?= =?UTF-8?q?=E7=BB=8F=E6=8E=88=E6=9D=83=E7=9A=84=E9=82=AE=E4=BB=B6=E9=85=8D?= =?UTF-8?q?=E7=BD=AE.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../SettingManagement/SettingAppService.cs | 91 +++++++------ .../UserSettingAppService.cs | 122 +++++++++--------- 2 files changed, 110 insertions(+), 103 deletions(-) diff --git a/aspnet-core/modules/settings/LINGYUN.Abp.SettingManagement.Application/LINGYUN/Abp/SettingManagement/SettingAppService.cs b/aspnet-core/modules/settings/LINGYUN.Abp.SettingManagement.Application/LINGYUN/Abp/SettingManagement/SettingAppService.cs index 9263ae8b5..12f3461c6 100644 --- a/aspnet-core/modules/settings/LINGYUN.Abp.SettingManagement.Application/LINGYUN/Abp/SettingManagement/SettingAppService.cs +++ b/aspnet-core/modules/settings/LINGYUN.Abp.SettingManagement.Application/LINGYUN/Abp/SettingManagement/SettingAppService.cs @@ -349,6 +349,7 @@ namespace LINGYUN.Abp.SettingManagement #region 邮件设置 var emailSettingGroup = new SettingGroupDto(L["DisplayName:Emailing"], L["Description:Emailing"]); + var defaultMailSetting = emailSettingGroup.AddSetting(L["DisplayName:Emailing.Default"], L["Description:Emailing.Default"]); defaultMailSetting.AddDetail( SettingDefinitionManager.Get(EmailSettingNames.DefaultFromAddress), @@ -363,49 +364,53 @@ namespace LINGYUN.Abp.SettingManagement ValueType.String, providerName); - var smtpSetting = emailSettingGroup.AddSetting(L["DisplayName:Emailing.Smtp"], L["Description:Emailing.Smtp"]); - smtpSetting.AddDetail( - SettingDefinitionManager.Get(EmailSettingNames.Smtp.EnableSsl), - StringLocalizerFactory, - await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.EnableSsl, providerName, providerKey), - ValueType.Boolean, - providerName); - smtpSetting.AddDetail( - SettingDefinitionManager.Get(EmailSettingNames.Smtp.UseDefaultCredentials), - StringLocalizerFactory, - await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.UseDefaultCredentials, providerName, providerKey), - ValueType.Boolean, - providerName); - smtpSetting.AddDetail( - SettingDefinitionManager.Get(EmailSettingNames.Smtp.Domain), - StringLocalizerFactory, - await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Domain, providerName, providerKey), - ValueType.String, - providerName); - smtpSetting.AddDetail( - SettingDefinitionManager.Get(EmailSettingNames.Smtp.Host), - StringLocalizerFactory, - await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Host, providerName, providerKey), - ValueType.String, - providerName); - smtpSetting.AddDetail( - SettingDefinitionManager.Get(EmailSettingNames.Smtp.Port), - StringLocalizerFactory, - await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Port, providerName, providerKey), - ValueType.Number, - providerName); - smtpSetting.AddDetail( - SettingDefinitionManager.Get(EmailSettingNames.Smtp.UserName), - StringLocalizerFactory, - await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.UserName, providerName, providerKey), - ValueType.String, - providerName); - smtpSetting.AddDetail( - SettingDefinitionManager.Get(EmailSettingNames.Smtp.Password), - StringLocalizerFactory, - await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Password, providerName, providerKey), - ValueType.String, - providerName); + // 防止邮件设置泄露 + if (await AuthorizationService.IsGrantedAsync(AbpSettingManagementPermissions.Settings.Manager)) + { + var smtpSetting = emailSettingGroup.AddSetting(L["DisplayName:Emailing.Smtp"], L["Description:Emailing.Smtp"]); + smtpSetting.AddDetail( + SettingDefinitionManager.Get(EmailSettingNames.Smtp.EnableSsl), + StringLocalizerFactory, + await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.EnableSsl, providerName, providerKey), + ValueType.Boolean, + providerName); + smtpSetting.AddDetail( + SettingDefinitionManager.Get(EmailSettingNames.Smtp.UseDefaultCredentials), + StringLocalizerFactory, + await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.UseDefaultCredentials, providerName, providerKey), + ValueType.Boolean, + providerName); + smtpSetting.AddDetail( + SettingDefinitionManager.Get(EmailSettingNames.Smtp.Domain), + StringLocalizerFactory, + await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Domain, providerName, providerKey), + ValueType.String, + providerName); + smtpSetting.AddDetail( + SettingDefinitionManager.Get(EmailSettingNames.Smtp.Host), + StringLocalizerFactory, + await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Host, providerName, providerKey), + ValueType.String, + providerName); + smtpSetting.AddDetail( + SettingDefinitionManager.Get(EmailSettingNames.Smtp.Port), + StringLocalizerFactory, + await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Port, providerName, providerKey), + ValueType.Number, + providerName); + smtpSetting.AddDetail( + SettingDefinitionManager.Get(EmailSettingNames.Smtp.UserName), + StringLocalizerFactory, + await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.UserName, providerName, providerKey), + ValueType.String, + providerName); + smtpSetting.AddDetail( + SettingDefinitionManager.Get(EmailSettingNames.Smtp.Password), + StringLocalizerFactory, + await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Password, providerName, providerKey), + ValueType.String, + providerName); + } settingGroups.AddGroup(emailSettingGroup); diff --git a/aspnet-core/modules/settings/LINGYUN.Abp.SettingManagement.Application/LINGYUN/Abp/SettingManagement/UserSettingAppService.cs b/aspnet-core/modules/settings/LINGYUN.Abp.SettingManagement.Application/LINGYUN/Abp/SettingManagement/UserSettingAppService.cs index 7316e44d5..d4abafbc6 100644 --- a/aspnet-core/modules/settings/LINGYUN.Abp.SettingManagement.Application/LINGYUN/Abp/SettingManagement/UserSettingAppService.cs +++ b/aspnet-core/modules/settings/LINGYUN.Abp.SettingManagement.Application/LINGYUN/Abp/SettingManagement/UserSettingAppService.cs @@ -173,66 +173,68 @@ namespace LINGYUN.Abp.SettingManagement #region 邮件设置 - var emailSettingGroup = new SettingGroupDto(L["DisplayName:Emailing"], L["Description:Emailing"]); - var defaultMailSetting = emailSettingGroup.AddSetting(L["DisplayName:Emailing.Default"], L["Description:Emailing.Default"]); - defaultMailSetting.AddDetail( - SettingDefinitionManager.Get(EmailSettingNames.DefaultFromAddress), - StringLocalizerFactory, - await SettingManager.GetOrNullAsync(EmailSettingNames.DefaultFromAddress, providerName, providerKey), - ValueType.String, - providerName); - defaultMailSetting.AddDetail( - SettingDefinitionManager.Get(EmailSettingNames.DefaultFromDisplayName), - StringLocalizerFactory, - await SettingManager.GetOrNullAsync(EmailSettingNames.DefaultFromDisplayName, providerName, providerKey), - ValueType.String, - providerName); - - var smtpSetting = emailSettingGroup.AddSetting(L["DisplayName:Emailing.Smtp"], L["Description:Emailing.Smtp"]); - smtpSetting.AddDetail( - SettingDefinitionManager.Get(EmailSettingNames.Smtp.EnableSsl), - StringLocalizerFactory, - await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.EnableSsl, providerName, providerKey), - ValueType.Boolean, - providerName); - smtpSetting.AddDetail( - SettingDefinitionManager.Get(EmailSettingNames.Smtp.UseDefaultCredentials), - StringLocalizerFactory, - await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.UseDefaultCredentials, providerName, providerKey), - ValueType.Boolean, - providerName); - smtpSetting.AddDetail( - SettingDefinitionManager.Get(EmailSettingNames.Smtp.Domain), - StringLocalizerFactory, - await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Domain, providerName, providerKey), - ValueType.String, - providerName); - smtpSetting.AddDetail( - SettingDefinitionManager.Get(EmailSettingNames.Smtp.Host), - StringLocalizerFactory, - await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Host, providerName, providerKey), - ValueType.String, - providerName); - smtpSetting.AddDetail( - SettingDefinitionManager.Get(EmailSettingNames.Smtp.Port), - StringLocalizerFactory, - await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Port, providerName, providerKey), - ValueType.Number, - providerName); - smtpSetting.AddDetail( - SettingDefinitionManager.Get(EmailSettingNames.Smtp.UserName), - StringLocalizerFactory, - await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.UserName, providerName, providerKey), - ValueType.String, - providerName); - smtpSetting.AddDetail( - SettingDefinitionManager.Get(EmailSettingNames.Smtp.Password), - StringLocalizerFactory, - await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Password, providerName, providerKey), - ValueType.String, - providerName); - - settingGroups.AddGroup(emailSettingGroup); + // 控制用户行为, 禁止返回邮件配置 + + //var emailSettingGroup = new SettingGroupDto(L["DisplayName:Emailing"], L["Description:Emailing"]); + //var defaultMailSetting = emailSettingGroup.AddSetting(L["DisplayName:Emailing.Default"], L["Description:Emailing.Default"]); + //defaultMailSetting.AddDetail( + // SettingDefinitionManager.Get(EmailSettingNames.DefaultFromAddress), + // StringLocalizerFactory, + // await SettingManager.GetOrNullAsync(EmailSettingNames.DefaultFromAddress, providerName, providerKey), + // ValueType.String, + // providerName); + //defaultMailSetting.AddDetail( + // SettingDefinitionManager.Get(EmailSettingNames.DefaultFromDisplayName), + // StringLocalizerFactory, + // await SettingManager.GetOrNullAsync(EmailSettingNames.DefaultFromDisplayName, providerName, providerKey), + // ValueType.String, + // providerName); + + //var smtpSetting = emailSettingGroup.AddSetting(L["DisplayName:Emailing.Smtp"], L["Description:Emailing.Smtp"]); + //smtpSetting.AddDetail( + // SettingDefinitionManager.Get(EmailSettingNames.Smtp.EnableSsl), + // StringLocalizerFactory, + // await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.EnableSsl, providerName, providerKey), + // ValueType.Boolean, + // providerName); + //smtpSetting.AddDetail( + // SettingDefinitionManager.Get(EmailSettingNames.Smtp.UseDefaultCredentials), + // StringLocalizerFactory, + // await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.UseDefaultCredentials, providerName, providerKey), + // ValueType.Boolean, + // providerName); + //smtpSetting.AddDetail( + // SettingDefinitionManager.Get(EmailSettingNames.Smtp.Domain), + // StringLocalizerFactory, + // await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Domain, providerName, providerKey), + // ValueType.String, + // providerName); + //smtpSetting.AddDetail( + // SettingDefinitionManager.Get(EmailSettingNames.Smtp.Host), + // StringLocalizerFactory, + // await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Host, providerName, providerKey), + // ValueType.String, + // providerName); + //smtpSetting.AddDetail( + // SettingDefinitionManager.Get(EmailSettingNames.Smtp.Port), + // StringLocalizerFactory, + // await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Port, providerName, providerKey), + // ValueType.Number, + // providerName); + //smtpSetting.AddDetail( + // SettingDefinitionManager.Get(EmailSettingNames.Smtp.UserName), + // StringLocalizerFactory, + // await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.UserName, providerName, providerKey), + // ValueType.String, + // providerName); + //smtpSetting.AddDetail( + // SettingDefinitionManager.Get(EmailSettingNames.Smtp.Password), + // StringLocalizerFactory, + // await SettingManager.GetOrNullAsync(EmailSettingNames.Smtp.Password, providerName, providerKey), + // ValueType.String, + // providerName); + + //settingGroups.AddGroup(emailSettingGroup); #endregion