安全漏洞修复 review by 孙凯

@@ -2,27 +2,27 @@ PODS:
   - Crashlytics (3.7.1):
     - Fabric (~> 1.6.3)
   - Fabric (1.6.7)
-  - React (0.26.3):
-    - React/Core (= 0.26.3)
-  - React/Core (0.26.3)
-  - React/RCTActionSheet (0.26.3):
+  - React (0.26.2):
+    - React/Core (= 0.26.2)
+  - React/Core (0.26.2)
+  - React/RCTActionSheet (0.26.2):
     - React/Core
-  - React/RCTImage (0.26.3):
+  - React/RCTImage (0.26.2):
     - React/Core
     - React/RCTNetwork
-  - React/RCTLinkingIOS (0.26.3):
+  - React/RCTLinkingIOS (0.26.2):
     - React/Core
-  - React/RCTNetwork (0.26.3):
+  - React/RCTNetwork (0.26.2):
     - React/Core
-  - React/RCTPushNotification (0.26.3):
+  - React/RCTPushNotification (0.26.2):
     - React/Core
-  - React/RCTText (0.26.3):
+  - React/RCTText (0.26.2):
     - React/Core
-  - React/RCTVibration (0.26.3):
+  - React/RCTVibration (0.26.2):
     - React/Core
-  - React/RCTWebSocket (0.26.3):
+  - React/RCTWebSocket (0.26.2):
     - React/Core
-  - RNDeviceInfo (0.9.3):
+  - RNDeviceInfo (0.9.2):
     - React
   - SSZipArchive (1.2)
 
@@ -50,8 +50,8 @@ EXTERNAL SOURCES:
 SPEC CHECKSUMS:
   Crashlytics: 3cdd4c9655be68032a0cf0379e0fb5ef6af22cad
   Fabric: caf7580c725e64db144f610ac65cd60956911dc7
-  React: 82b64b37b7ad5895b902b33bc7d5a49dbc22793e
-  RNDeviceInfo: dc3cbee96cd2392cf03d6ff6191dc15f1606a166
+  React: a764d67f6cf360723120951301cba3ee5ee05ce2
+  RNDeviceInfo: e3fe8d8fe52f74eab22b7d4784a4fdd2e9bf4a26
   SSZipArchive: 251093c65f98d6ea282c50bc404bfa631d9fd721
 
 PODFILE CHECKSUM: 499427107ab3896fefd1f94b31ea3eac6762d8cb

@@ -44,11 +44,12 @@ export function nextPageOfDataFailure(error) {
 export function nextPageOfDataRequest() {
 
     return (dispatch,getState) => {
-        const {home, actStmt} = getState();
+        const {home, actStmt, user} = getState();
+        let pid = user.profile.pid;
 
         dispatch(requestNextPage());
 
-        return new HomeService().accountSettlementData(home.shopId)
+        return new HomeService().accountSettlementData(home.shopId, pid)
             .then(json => {
                 dispatch(nextPageOfDataSuccess(json));
             })

@@ -74,7 +74,7 @@ export function deliveryGoodsFailure(error) {
 
 export function deliveryGoods() {
 	return (dispatch,getState) => {
-		let {deliverGoods,home} = getState();
+		let {deliverGoods,home, user} = getState();
 		let deliverData = deliverGoods&&deliverGoods.get('deliverData')?deliverGoods.get('deliverData'):null;
 
 		let expressValue = deliverGoods&&deliverGoods.get('expressValue')?deliverGoods.get('expressValue'):null;
@@ -93,8 +93,11 @@ export function deliveryGoods() {
 			})
 			expressGoodsMap[proRequisitionFormId] = expressList;
 		})
+
+		let pid = user.profile.pid;
+
 		dispatch(deliveryGoodsRequest())
-		return new DeliverGoodsService().deliveryGoods(expressId,expressNumber,shopId,expressGoodsMap)
+		return new DeliverGoodsService().deliveryGoods(expressId,expressNumber,shopId,expressGoodsMap, pid)
 			.then((json) => {
 				Alert.alert(
 					'提交成功！',
@@ -142,10 +145,12 @@ export function getExpressListFailure(error) {
 
 export function getExpressList() {
 	return (dispatch,getState) => {
-		let {home} = getState();
+		let {home, user} = getState();
+
+		let pid = user.profile.pid;
 
 		dispatch(getExpressListRequest())
-		return new DeliverGoodsService().getExpressList()
+		return new DeliverGoodsService().getExpressList(pid)
 			.then((json) => {
 				dispatch(getExpressListSuccess(json))
 			})
@@ -178,11 +183,13 @@ export function queryBySupplierIdFailure(error) {
 
 export function queryBySupplierId() {
 	return (dispatch,getState) => {
-		let {home} = getState();
+		let {home, user} = getState();
 		let supplierId = home.supplierId;
 
+		let pid = user.profile.pid;
+
 		dispatch(queryBySupplierIdRequest())
-		return new DeliverGoodsService().queryBySupplierId(supplierId)
+		return new DeliverGoodsService().queryBySupplierId(supplierId, pid)
 			.then((json) => {
 				let res = exposePruductListData(json);
 				dispatch(queryBySupplierIdSuccess(res))

@@ -107,7 +107,8 @@ export function failure(error) {
 export function requestData(params) {
     return (dispatch, getState) => {
 
-        const {deliveryStats} = getState();
+        const {deliveryStats, user} = getState();
+        let pid = user.profile.pid;
 
         if (deliveryStats.currentPage >= deliveryStats.pageCount || deliveryStats.isFetching) {//Last page reached....
             return;
@@ -115,7 +116,7 @@ export function requestData(params) {
 
         dispatch(request());
         return new DeliveryStatsService()
-        .deliveryStatsData(params)
+        .deliveryStatsData({...params, pid})
         .then(json => {
             dispatch(success(json));
         })

@@ -80,9 +80,10 @@ export function brandRankFailure(error) {
 
 export function overview(shopId) {
 
-	return dispatch => {
+	return (dispatch, getState) => {
 		dispatch(overviewRequest());
-        return new HomeService().overview(shopId)
+        const {user} = getState();
+        return new HomeService().overview(shopId, user.profile.pid)
             .then(json => {
                 dispatch(overviewSuccess(json));
             })
@@ -94,9 +95,10 @@ export function overview(shopId) {
 
 export function brandRank(shopId) {
 
-	return dispatch => {
+	return (dispatch, getState) => {
 		dispatch(brandRankRequest());
-        return new HomeService().brandRank(shopId)
+        const {user} = getState();
+        return new HomeService().brandRank(shopId, user.profile.pid)
             .then(json => {
                 dispatch(brandRankSuccess(json));
             })
@@ -198,7 +200,8 @@ export function getSellerShopTypeFailure(error) {
 export function getSellerShopType(shopId) {
 	return (dispatch,getState) => {
 		dispatch(getSellerShopTypeRequest());
-        return new HomeService().getSellerShopType(shopId)
+        const {user} = getState();
+        return new HomeService().getSellerShopType(shopId, user.profile.pid)
             .then(json => {
                 dispatch(getSellerShopTypeSuccess(json));
             })

@@ -61,7 +61,8 @@ export function getMsgList(shopId) {
         }
 
 		dispatch(requestMsgList(shopId));
-        return new MessageService().getMsgList(shopId)
+        const {user} = getState();
+        return new MessageService().getMsgList(shopId, user.profile.pid)
             .then(json => {
                 dispatch(requestMsgListSuccess(json));
             })
@@ -80,9 +81,10 @@ export function shouldRequestMsgList(message) {
 }
 
 export function setMsgIsRead(shopId, messageId) {
-    return dispatch => {
+    return (dispatch, getState) => {
         dispatch(batchSetMsgReadSuccess());
-        return new MessageService().setMsgIsRead(shopId, messageId)
+        const {user} = getState();
+        return new MessageService().setMsgIsRead(shopId, messageId, user.profile.pid)
             .then(json => {
                 dispatch(requestUnreadMsgNum(shopId, 'N'));
             })
@@ -114,9 +116,10 @@ export function batchSetMsgReadFailure(error) {
 }
 
 export function requestUnreadMsgNum(shopId, isRead) {
-    return dispatch => {
+    return (dispatch, getState) => {
 		dispatch(requestMsgNum());
-        return new MessageService().requestUnreadMsgNum(shopId, isRead)
+        const {user} = getState();
+        return new MessageService().requestUnreadMsgNum(shopId, isRead, user.profile.pid)
             .then(json => {
                 dispatch(setDot(json > 0));
             })

@@ -47,15 +47,17 @@ export function stockOutFailure(error) {
 
 export function stockOut() {
 	return (dispatch,getState) => {
-		let {outOfStock,home} = getState();
+		let {outOfStock,home,user} = getState();
 		let {initialRes} = outOfStock;
 		let productSku = initialRes?initialRes.get('productSku'):0;
 		let proReqFormId = initialRes?initialRes.get('proRequisitionFormId'):0;
 		let num = outOfStock.get('lackNum');
 		let shopId = home.shopId;
 
+        let pid = user.profile.pid;
+
 		dispatch(stockOutRequest())
-		return new OutOfStockService().stockOut(proReqFormId,productSku,num,shopId)
+		return new OutOfStockService().stockOut(proReqFormId,productSku,num,shopId,pid)
 			.then((json) => {
 
 				Alert.alert(

@@ -33,9 +33,11 @@ export function refoundStatsFailure(error) {
 
 export function refoundStats(params) {
 
-	return dispatch => {
+	return (dispatch, getState) => {
 		dispatch(refoundStatsRequest(params));
-        return new HomeService().refoundStats(params)
+        const {user} = getState();
+        let pid = user.profile.pid;
+        return new HomeService().refoundStats({...params, pid})
             .then(json => {
                 dispatch(refoundStatsSuccess(json));
             })

@@ -92,9 +92,12 @@ export function requestData(params) {
             return;
         }
 
+        const {user} = getState();
+        let pid = user.profile.pid;
+
         dispatch(request());
         return new RequestStatsService()
-        .requestStatsData(params)
+        .requestStatsData({...params, pid})
         .then(json => {
             dispatch(success(json));
         })

@@ -42,9 +42,12 @@ export function saleStatsFailure(error) {
 
 export function saleStats(params) {
 
-	return dispatch => {
+	return (dispatch, getState) => {
 		dispatch(saleStatsRequest(params));
-        return new HomeService().saleStats(params)
+        const {user} = getState();
+        let pid = user.profile.pid;
+        
+        return new HomeService().saleStats({...params, pid})
             .then(json => {
                 dispatch(saleStatsSuccess(json));
             })

@@ -37,9 +37,12 @@ export function requestData(params) {
             return;
         }
 
+        const {user} = getState();
+        let pid = user.profile.pid;
+        
         dispatch(request());
         return new StockStatsService()
-        .stockStatsData(params)
+        .stockStatsData({...params, pid})
         .then(json => {
             dispatch(success(json));
         })

@@ -113,7 +113,7 @@ export function getPurchaseListFailure(error) {
 
 export function getPurchaseList() {
 	return (dispatch,getState) => {
-		let {transferShipment,home} = getState();
+		let {transferShipment,home,user} = getState();
 		let {purchaseList} = transferShipment;
 
 		if (purchaseList.isFetching || purchaseList.endReached) {
@@ -124,8 +124,10 @@ export function getPurchaseList() {
 		let pageSize = purchaseList.pageSize;
 		let pageNo = purchaseList.pageNo + 1;
 
+		let pid = user.profile.pid;
+
 		dispatch(getPurchaseListRequest())
-		return new TransferShipmentService().getPurchaseList(shopId,pageSize,pageNo)
+		return new TransferShipmentService().getPurchaseList(shopId,pageSize,pageNo,pid)
 			.then((json) => {
 
 				json.endReached = json.pageNo == json.totalPage || json.records.length < pageSize;

@@ -10,7 +10,7 @@ export default class DeliverGoodsService {
 		this.api = new Request();
 	}
 
-	async deliveryGoods(expressId,expressNumber,shopId,expressGoodsMap) {
+	async deliveryGoods(expressId,expressNumber,shopId,expressGoodsMap,pid) {
 		return this.api.get({
 			url: '',
 			body: {
@@ -19,6 +19,7 @@ export default class DeliverGoodsService {
 				shopId: shopId,
 				expressGoodsMap: JSON.stringify(expressGoodsMap),
 				method:'app.purchase.delivery',
+				pid,
 			}
 		})
 		.then(data => {
@@ -29,11 +30,12 @@ export default class DeliverGoodsService {
 		});
 	}
 
-	async getExpressList() {
+	async getExpressList(pid) {
 		return this.api.get({
 			url: '',
 			body: {
 				method:'app.express.getExpressList',
+				pid,
 			}
 		})
 		.then(data => {
@@ -44,12 +46,13 @@ export default class DeliverGoodsService {
 		});
 	}
 
-	async queryBySupplierId(supplierId) {
+	async queryBySupplierId(supplierId,pid) {
 		return this.api.get({
 			url: '',
 			body: {
 				supplierId,
 				method:'app.purchase.queryBySupplierId',
+				pid,
 			}
 		})
 		.then(data => {

@@ -9,14 +9,15 @@ export default class UserService {
 		this.api = new Request();
 	}
 
-	async overview(shopId) {
+	async overview(shopId, pid) {
 		let dateId = moment().format('YYYYMMDD'); //20160524
 		return await this.api.get({
 			url: '',
 			body: {
 				method: 'app.shops.shopbusinessoverview',
 				shopId,
-				dateId
+				dateId,
+				pid,
 			}
 		})
 		.then((json) => {
@@ -27,14 +28,15 @@ export default class UserService {
 		});
 	}
 
-	async brandRank(shopId) {
+	async brandRank(shopId, pid) {
 		let dateId = moment().subtract(1, 'days').format('YYYYMMDD'); //20160524
 		return await this.api.get({
 			url: '',
 			body: {
 				method: 'app.shops.shopbrandrank',
 				shopId,
-				dateId
+				dateId,
+				pid,
 			}
 		})
 		.then((json) => {
@@ -45,12 +47,13 @@ export default class UserService {
 		});
 	}
 
-	async accountSettlementData(shopId) {
+	async accountSettlementData(shopId, pid) {
 		return await this.api.get({
 			url:'',
 			body: {
 				method: 'app.shops.accountbalance',
-				shopId
+				shopId,
+				pid,
 			}
 		})
 		.then((json) => {
@@ -120,6 +123,7 @@ export default class UserService {
 				beginTime: moment(params.beginTime, 'YYYY-M-D').format('YYYYMMDD'),
 				endTime: moment(params.endTime, 'YYYY-M-D').format('YYYYMMDD'),
 				shopId: params.shopId,
+				pid: params.pid,
 			}
 		})
 		.then((json) => {
@@ -140,6 +144,7 @@ export default class UserService {
 				beginTime: moment(params.beginTime, 'YYYY-M-D').format('YYYYMMDD'),
 				endTime: moment(params.endTime, 'YYYY-M-D').format('YYYYMMDD'),
 				shopId: params.shopId,
+				pid: params.pid,
 			}
 		})
 		.then((json) => {
@@ -151,12 +156,13 @@ export default class UserService {
 	}
 
 
-	async getSellerShopType(shopId) {
+	async getSellerShopType(shopId, pid) {
 		return await this.api.get({
 			url:'',
 			body: {
 				method: 'app.sellerShop.sellType',
-				shopId
+				shopId,
+				pid,
 			}
 		})
 		.then((json) => {

@@ -8,12 +8,13 @@ export default class MessageService {
 		this.api = new Request();
 	}
 
-	async getMsgList(shopsId) {
+	async getMsgList(shopsId, pid) {
 		return this.api.get({
 			url: '',
 			body: {
 				shopsId: shopsId,
 				method: 'app.shopInbox.getList',
+				pid,
 			}
 		})
 		.then(json => {
@@ -24,13 +25,14 @@ export default class MessageService {
 		});
 	}
 
-	async setMsgIsRead(shopsId, ids) {
+	async setMsgIsRead(shopsId, ids, pid) {
 		return this.api.get({
 			url: '',
 			body: {
 				shopsId: shopsId,
 				ids: ids,
 				method: 'app.shopInbox.batchSetIsRead',
+				pid,
 			}
 		})
 		.then(json => {
@@ -41,13 +43,14 @@ export default class MessageService {
 		});
 	}
 
-	async requestUnreadMsgNum(shopsId, isRead) {
+	async requestUnreadMsgNum(shopsId, isRead, pid) {
 		return this.api.get({
 			url: '',
 			body: {
 				shopsId: shopsId,
 				isRead: isRead,
 				method: 'app.shopInbox.getShopInboxTotal',
+				pid,
 			}
 		})
 		.then(json => {

@@ -10,7 +10,7 @@ export default class OutOfStockService {
 		this.api = new Request();
 	}
 
-	async stockOut(proReqFormId,productSku,num,shopId) {
+	async stockOut(proReqFormId,productSku,num,shopId,pid) {
 		return this.api.get({
             url: '',
             body: {
@@ -19,16 +19,13 @@ export default class OutOfStockService {
 				num: num,
 				shopId: shopId,
 				method:'app.purchase.stockOut',
+                pid,
             }
         })
         .then(data => {
-			console.log(data);
-			console.log('stockOut data');
             return data;
         })
         .catch(error => {
-			console.log(error);
-			console.log('stockOut error');
             throw error;
         });
 	}

@@ -118,6 +118,7 @@ export default class Request {
 
 		let reqOpts = {
 			method: opts.method,
+			credentials: "include",
 			headers: {
 
 			}

@@ -9,7 +9,7 @@ export default class TransferShipmentService {
 		this.api = new Request();
 	}
 
-	async getPurchaseList(shopId,pageSize,pageNo) {
+	async getPurchaseList(shopId,pageSize,pageNo,pid) {
 		return this.api.get({
             url: '',
             body: {
@@ -17,6 +17,7 @@ export default class TransferShipmentService {
                 pageSize: pageSize,
 				pageNo: pageNo,
 				method:'app.purchase.list',
+                pid,
             }
         })
         .then(data => {

@@ -29,13 +29,12 @@ export default class UserService {
 
 	async login(account, password) {
         let encryptPass = this.encrypt(password, CONFIG.flower.rose);
-        console.log(encryptPass)
 		return this.api.get({
             url: '',
             body: {
                 account: account,
                 password: encryptPass,
-                method:'app.shops.login',
+                method:'app.shops.loginAES',
 
             }
         })
@@ -47,14 +46,17 @@ export default class UserService {
         });
 	}
 
-    async modifyPassword(pid, oldPwd,newPwd,newPwdConfirm) {
+    async modifyPassword(pid,oldPwd,newPwd,newPwdConfirm) {
+        let encryptOldPass = this.encrypt(oldPwd, CONFIG.flower.rose);
+        let encryptNewPass = this.encrypt(newPwd, CONFIG.flower.rose);
+        let encryptNewPassConfirm = this.encrypt(newPwdConfirm, CONFIG.flower.rose);
         return this.api.get({
             url: '',
             body: {
-                pid: pid,
-                oldPwd: oldPwd,
-                newPwd:newPwd,
-                newPwdConfirm:newPwdConfirm,
+                pid:pid,
+                oldPwd:encryptOldPass,
+                newPwd:encryptNewPass,
+                newPwdConfirm:encryptNewPassConfirm,
                 method:'app.shops.changePwd',
 
             }
@@ -67,12 +69,13 @@ export default class UserService {
         });
     }
 
-	async checkUpdate() {
+	async checkUpdate(pid) {
 		return this.api.get({
 			url: '',
 			body: {
 				method: 'app.shops.checkAppVersion',
 				debug: 'XYZ',
+                pid,
 			}
 		})
 		.then(data => {