chore(release): v0.5.0-beta 发版准备
主要改动: backend 业务: - feat(error-codes): 统一错误码表 E1011/E1012 拆码 - E1011 AUTH_PASSWORD_WRONG: 本地密码错误 - E1012 AUTH_FIRST_LOGIN_PASSWORD_REQUIRED: 首次登录请先设置密码 - E1015 AUTH_OLD_PASSWORD_REQUIRED: 改密需要旧密码 - E1016 AUTH_OLD_PASSWORD_WRONG: 旧密码错误 - fix(agents): P0 降级放行时,如坐席已注册但未设密码,正确 raise 1012 (修复前会撞 1011 本地密码错误,与场景不符) - feat(approval): 审批模块 (T审批/A审批) - feat(config): approval_template_resource / approval_template_device 配置 - feat(main): /ready, /metrics, /version 端点(K8s 友好) backend 测试: - test(agents): 新增 test_agents.py — 3 个 Fix-4 降级登录测试 - 错误密码拒绝 - 缺密码拒绝 - 正确密码通过 pytest tests/test_agents.py → 3/3 通过 - test(conftest): 模块级 mock + slowapi 限流重置 + UTF-8 patch 解决 Windows pytest GBK 读 .env 失败 + 降级路径无法测试 仓库治理: - chore(gitignore): 排除 .workbuddy/memory/(workbuddy 本地记忆) - chore(docs): 重命名两份 IT 文档(前缀加智能区分版本) 部署与文档: - docs: RELEASE_NOTES_v0.5.0-beta.md / dashboard.html / 需求-发版预览页面 - docs: 部署、架构、PRD、安全、评审报告等同步 v0.5.0-beta - deploy-server: 打包脚本、nginx、docker-compose 版本号 bump 前端 (frontend-h5 / frontend-agent / frontend-admin / frontend-portal): - index.html / package.json 版本号与构建号 bump 自动验收(RELEASE_NOTES L100-104): - [x] pytest tests/test_agents.py -v → 3 passed - [x] grep Bs7ucT backend frontend-h5 frontend-agent → 无输出 - [x] grep AppException(101[123]) backend → 仅 1 处(登录场景 1012) - [ ] npm run build (frontend-h5 / frontend-agent) → 合并后跑 后续: 合并 feature/t-1-t4-merge → main,tag v0.5.0-beta
This commit is contained in:
Simon
+15
-18
@@ -36,6 +36,7 @@ from app.models.agent import Agent
|
||||
from app.schemas.agent import AgentLogin, AgentResponse, AgentStatusUpdate
|
||||
from app.services.wecom_service import WecomService
|
||||
from app.utils.response import AppException, ERR_UNAUTHORIZED, success_response
|
||||
from app.utils.error_codes import ErrorCode
|
||||
|
||||
# 速率限制器实例(与 main.py 共享同一配置)
|
||||
# 移除 env_file=None 参数:slowapi 0.1.9 不支持该参数
|
||||
@@ -217,24 +218,18 @@ async def agent_login(
|
||||
logger.warning(
|
||||
f"企微API不可达,已注册坐席降级放行: user_id={body.user_id}"
|
||||
)
|
||||
# P1 修复: 降级放行时,如果 agent 有 password_hash 则必须验证本地密码
|
||||
if existing_agent and existing_agent.password_hash:
|
||||
# P0 修复: 降级放行时,如果 agent 已设置密码则必须验证本地密码
|
||||
if existing_agent:
|
||||
if existing_agent.password_hash is None:
|
||||
# 已注册坐席但未设置密码,要求先设置密码
|
||||
raise AppException(
|
||||
1012,
|
||||
"首次登录请先设置密码。管理后台 → 坐席管理 → 设置本地密码"
|
||||
)
|
||||
if not body.password:
|
||||
raise AppException(1011, "请输入本地密码")
|
||||
raise AppException(ErrorCode.AUTH_PASSWORD_WRONG, "请输入本地密码")
|
||||
if not bcrypt.checkpw(body.password.encode('utf-8'), existing_agent.password_hash.encode('utf-8')):
|
||||
raise AppException(1011, "本地密码错误")
|
||||
|
||||
# P0-#5: 本地密码认证(企微验证失败时的备用认证)
|
||||
# 检查是否需要本地密码验证
|
||||
local_password_verified = False
|
||||
if body.password and agent and agent.password_hash:
|
||||
# 验证本地密码
|
||||
if bcrypt.checkpw(body.password.encode('utf-8'), agent.password_hash.encode('utf-8')):
|
||||
local_password_verified = True
|
||||
logger.info(f"本地密码验证通过: user_id={body.user_id}")
|
||||
else:
|
||||
# 本地密码错误,拒绝登录
|
||||
raise AppException(1011, "本地密码错误")
|
||||
raise AppException(ErrorCode.AUTH_PASSWORD_WRONG, "本地密码错误")
|
||||
|
||||
# 1. 查找或创建坐席记录
|
||||
stmt = select(Agent).where(Agent.user_id == body.user_id)
|
||||
@@ -571,9 +566,11 @@ async def update_agent_password(
|
||||
# 如果已有旧密码,验证旧密码
|
||||
if agent.password_hash:
|
||||
if not body.old_password:
|
||||
raise AppException(1012, "请输入旧密码")
|
||||
# 2026-06-15 修复: 改用专用 ErrorCode,避免与登录 1012 冲突
|
||||
raise AppException(ErrorCode.AUTH_OLD_PASSWORD_REQUIRED, "请输入旧密码")
|
||||
if not bcrypt.checkpw(body.old_password.encode('utf-8'), agent.password_hash.encode('utf-8')):
|
||||
raise AppException(1013, "旧密码错误")
|
||||
# 2026-06-15 修复: 改用专用 ErrorCode
|
||||
raise AppException(ErrorCode.AUTH_OLD_PASSWORD_WRONG, "旧密码错误")
|
||||
|
||||
# 设置新密码
|
||||
agent.password_hash = bcrypt.hashpw(body.new_password.encode('utf-8'), bcrypt.gensalt()).decode('utf-8')
|
||||
|
||||
Reference in New Issue
Block a user