Fix the login password verification

Author: wu-clan

backend/app/admin/api/v1/sys/token.py

@@ -61,7 +61,8 @@ def append_token_detail() -> None:
         extra_info = await redis_client.get(f'{settings.TOKEN_EXTRA_INFO_REDIS_PREFIX}:{session_uuid}')
         if extra_info:
             extra_info = json.loads(extra_info)
-            if extra_info.get('login_type') != 'swagger':
+            # 排除 swagger 登录生成的 token
+            if extra_info.get('swagger') is None:
                 if username is not None:
                     if username == extra_info.get('username'):
                         append_token_detail()

backend/app/admin/service/auth_service.py

@@ -33,7 +33,7 @@ class AuthService:
     """认证服务类"""
 
     @staticmethod
-    async def user_verify(db: AsyncSession, username: str, password: str) -> User:
+    async def user_verify(db: AsyncSession, username: str, password: str | None) -> User:
         """
         验证用户名和密码
 
@@ -45,7 +45,7 @@ async def user_verify(db: AsyncSession, username: str, password: str) -> User:
         user = await user_dao.get_by_username(db, username)
         if not user:
             raise errors.NotFoundError(msg='用户名或密码有误')
-        elif not password_verify(password, user.password):
+        elif user.password is None or not password_verify(password, user.password):
             raise errors.AuthorizationError(msg='用户名或密码有误')
         elif not user.status:
             raise errors.AuthorizationError(msg='用户已被锁定, 请联系统管理员')
@@ -65,7 +65,7 @@ async def swagger_login(self, *, obj: HTTPBasicCredentials) -> tuple[str, User]:
                 str(user.id),
                 user.is_multi_login,
                 # extra info
-                login_type='swagger',
+                swagger=True,
             )
             return a_token.access_token, user