backend/app/admin/service/auth_service.py:48

• Allowing a None password in the verification may hide unintended cases; consider separating the check for a missing password from the password_verify call to clarify intended behavior.

elif user.password is None or not password_verify(password, user.password):

backend/app/admin/api/v1/sys/token.py:65

• Changing from a 'login_type' string to a boolean flag 'swagger' may introduce inconsistencies; ensure that all Swagger login tokens consistently set this flag and that downstream logic reflects the new type.

if extra_info.get('swagger') is None: