diff --git a/backend/app/admin/api/v1/sys/token.py b/backend/app/admin/api/v1/sys/token.py index 38810afe8..d7d1fd7a9 100644 --- a/backend/app/admin/api/v1/sys/token.py +++ b/backend/app/admin/api/v1/sys/token.py @@ -61,7 +61,8 @@ def append_token_detail() -> None: extra_info = await redis_client.get(f'{settings.TOKEN_EXTRA_INFO_REDIS_PREFIX}:{session_uuid}') if extra_info: extra_info = json.loads(extra_info) - if extra_info.get('login_type') != 'swagger': + # 排除 swagger 登录生成的 token + if extra_info.get('swagger') is None: if username is not None: if username == extra_info.get('username'): append_token_detail() diff --git a/backend/app/admin/service/auth_service.py b/backend/app/admin/service/auth_service.py index f232ba321..a6b31c589 100644 --- a/backend/app/admin/service/auth_service.py +++ b/backend/app/admin/service/auth_service.py @@ -33,7 +33,7 @@ class AuthService: """认证服务类""" @staticmethod - async def user_verify(db: AsyncSession, username: str, password: str) -> User: + async def user_verify(db: AsyncSession, username: str, password: str | None) -> User: """ 验证用户名和密码 @@ -45,10 +45,16 @@ async def user_verify(db: AsyncSession, username: str, password: str) -> User: user = await user_dao.get_by_username(db, username) if not user: raise errors.NotFoundError(msg='用户名或密码有误') - elif not password_verify(password, user.password): + + if user.password is None: raise errors.AuthorizationError(msg='用户名或密码有误') - elif not user.status: + else: + if not password_verify(password, user.password): + raise errors.AuthorizationError(msg='用户名或密码有误') + + if not user.status: raise errors.AuthorizationError(msg='用户已被锁定, 请联系统管理员') + return user async def swagger_login(self, *, obj: HTTPBasicCredentials) -> tuple[str, User]: @@ -65,7 +71,7 @@ async def swagger_login(self, *, obj: HTTPBasicCredentials) -> tuple[str, User]: str(user.id), user.is_multi_login, # extra info - login_type='swagger', + swagger=True, ) return a_token.access_token, user