fix(auth): 登录目录就绪幂等化与并发控制

- employee/settings/user_session_metrics 的 ensure_*_ready 改为按 bind 缓存 + 锁,
  避免每次登录重复建表与并发场景下的竞态
- auth 登录链路先查员工再降级触发目录就绪,并吞掉查询期 SQLAlchemy 异常
- 默认管理员账号由 superadmin 迁移为 admin,兼容历史账号回填
- 补充登录降级与设置持久化相关测试
This commit is contained in:
caoxiaozhu
2026-06-18 22:11:53 +08:00
parent 59ba76c74a
commit 3f17619e0c
7 changed files with 155 additions and 19 deletions

View File

@@ -5,6 +5,7 @@ from datetime import UTC, datetime, timedelta
from typing import Any
from sqlalchemy import func, or_, select
from sqlalchemy.exc import SQLAlchemyError
from sqlalchemy.orm import Session, selectinload
from app.core.config import get_settings
@@ -127,8 +128,15 @@ class AuthService:
if not self.settings.setup_completed:
return None
EmployeeService(self.db).ensure_directory_ready()
employee = self._find_employee_by_email(identifier)
try:
employee = self._find_employee_by_email(identifier)
except SQLAlchemyError:
self.db.rollback()
employee = None
if employee is None:
EmployeeService(self.db).ensure_directory_ready()
employee = self._find_employee_by_email(identifier)
if employee is None or not employee.password_hash:
return None