fix(auth): 登录目录就绪幂等化与并发控制
- employee/settings/user_session_metrics 的 ensure_*_ready 改为按 bind 缓存 + 锁, 避免每次登录重复建表与并发场景下的竞态 - auth 登录链路先查员工再降级触发目录就绪,并吞掉查询期 SQLAlchemy 异常 - 默认管理员账号由 superadmin 迁移为 admin,兼容历史账号回填 - 补充登录降级与设置持久化相关测试
This commit is contained in:
@@ -7,7 +7,7 @@ from sqlalchemy.pool import StaticPool
|
||||
from app.db.base import Base
|
||||
from app.schemas.auth import LoginRequest
|
||||
from app.schemas.settings import SettingsWrite
|
||||
from app.services.auth import AuthService
|
||||
from app.services.auth import AuthService, AuthenticatedUser
|
||||
from app.services.employee import EmployeeService
|
||||
from app.services.settings import SettingsService
|
||||
|
||||
@@ -97,3 +97,49 @@ def test_reenabled_employee_can_login_again() -> None:
|
||||
|
||||
assert result.ok is True
|
||||
assert result.user.username == employee.email
|
||||
|
||||
|
||||
def test_employee_login_skips_directory_bootstrap_when_employee_exists(monkeypatch) -> None:
|
||||
with build_session() as db:
|
||||
service = AuthService(db)
|
||||
calls: list[str] = []
|
||||
|
||||
class ExistingEmployee:
|
||||
email = "demo@example.com"
|
||||
password_hash = "hash"
|
||||
employment_status = "在职"
|
||||
|
||||
def fail_if_bootstrapped(self) -> None:
|
||||
calls.append("ensure_directory_ready")
|
||||
raise AssertionError("existing employee login should not run directory bootstrap")
|
||||
|
||||
monkeypatch.setattr(AuthService, "_find_employee_by_email", lambda self, _: ExistingEmployee())
|
||||
monkeypatch.setattr("app.services.auth.verify_password", lambda password, password_hash: True)
|
||||
monkeypatch.setattr(
|
||||
AuthService,
|
||||
"_build_employee_user",
|
||||
lambda self, employee: AuthenticatedUser(
|
||||
username=employee.email,
|
||||
name="Demo",
|
||||
role="使用者",
|
||||
department="",
|
||||
position="",
|
||||
grade="",
|
||||
employee_no="",
|
||||
manager_name="",
|
||||
location="",
|
||||
cost_center="",
|
||||
finance_owner_name="",
|
||||
risk_profile={},
|
||||
role_codes=["user"],
|
||||
email=employee.email,
|
||||
avatar="D",
|
||||
),
|
||||
)
|
||||
monkeypatch.setattr(EmployeeService, "ensure_directory_ready", fail_if_bootstrapped)
|
||||
|
||||
user = service._authenticate_employee("demo@example.com", "123456")
|
||||
|
||||
assert user is not None
|
||||
assert user.username == "demo@example.com"
|
||||
assert calls == []
|
||||
|
||||
Reference in New Issue
Block a user