From 95591c17533204a5a4bb1f2e874595e20470e67d Mon Sep 17 00:00:00 2001
From: TsMask <340112800@qq.com>
Date: Fri, 1 Sep 2023 10:29:52 +0800
Subject: [PATCH] =?UTF-8?q?=E7=99=BB=E5=BD=95=E6=A3=80=E6=9F=A5user?=
 =?UTF-8?q?=E7=A9=BA=E7=9A=84=E6=83=85=E5=86=B5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 features/security/account.go | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/features/security/account.go b/features/security/account.go
index 261759d4..ac70420c 100644
--- a/features/security/account.go
+++ b/features/security/account.go
@@ -90,7 +90,7 @@ func LoginFromOMC(w http.ResponseWriter, r *http.Request) {
 	*/
 	validUser, user, err := dborm.XormCheckLoginUser(oAuthBody.UserName,
 		oAuthBody.Value, config.GetYamlConfig().Auth.Crypt)
-	if !validUser && err != nil {
+	if !validUser || err != nil {
 		// response 400-4
 		log.Error("Authentication failed, mismatch user or password")
 		services.ResponseErrorWithJson(w, 400, err.Error())
@@ -112,13 +112,17 @@ func LoginFromOMC(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// 缓存用户信息
-	account.CacheLoginUser(user)
-	// 角色权限集合，管理员拥有所有权限
-	userId := fmt.Sprint(user.Id)
-	isAdmin := conf.IsAdmin(userId)
-	roles, perms := service.NewServiceAccount.RoleAndMenuPerms(userId, isAdmin)
-	services.ResponseStatusOK200LoginWhitRP(w, token, user, roles, perms)
+	if user != nil {
+		// 缓存用户信息
+		account.CacheLoginUser(user)
+		// 角色权限集合，管理员拥有所有权限
+		userId := fmt.Sprint(user.Id)
+		isAdmin := conf.IsAdmin(userId)
+		roles, perms := service.NewServiceAccount.RoleAndMenuPerms(userId, isAdmin)
+		services.ResponseStatusOK200LoginWhitRP(w, token, user, roles, perms)
+		return
+	}
+	services.ResponseBadRequest400IncorrectLogin(w)
 }
 
 func LogoutFromOMC(w http.ResponseWriter, r *http.Request) {