fix(auth): 登录目录就绪幂等化与并发控制
- employee/settings/user_session_metrics 的 ensure_*_ready 改为按 bind 缓存 + 锁, 避免每次登录重复建表与并发场景下的竞态 - auth 登录链路先查员工再降级触发目录就绪,并吞掉查询期 SQLAlchemy 异常 - 默认管理员账号由 superadmin 迁移为 admin,兼容历史账号回填 - 补充登录降级与设置持久化相关测试
This commit is contained in:
@@ -186,6 +186,23 @@ def test_legacy_setup_admin_password_is_migrated_to_database(monkeypatch) -> Non
|
||||
assert service.verify_admin_login("setup-admin", password) is not None
|
||||
|
||||
|
||||
def test_default_admin_credentials_are_written_to_database(monkeypatch) -> None:
|
||||
temp_dir = build_temp_secret_dir()
|
||||
monkeypatch.setattr(admin_secret, "ADMIN_SECRET_FILE", temp_dir / "missing-admin.json")
|
||||
monkeypatch.setattr(secret_box, "SECRET_KEY_FILE", temp_dir / "settings.key")
|
||||
monkeypatch.setattr(Base.metadata, "create_all", lambda *args, **kwargs: None)
|
||||
monkeypatch.setenv("HERMES_HOME", str(temp_dir / ".hermes"))
|
||||
|
||||
with build_session(temp_dir / "settings.db") as db:
|
||||
service = SettingsService(db)
|
||||
settings_row, secrets_row = service.ensure_settings_ready()
|
||||
|
||||
assert settings_row.admin_account == "admin"
|
||||
assert secrets_row.admin_password_hash
|
||||
assert service.verify_admin_login("admin", "admin") is not None
|
||||
assert service.verify_admin_login("superadmin", "admin") is None
|
||||
|
||||
|
||||
def test_settings_service_syncs_models_to_hermes_config(monkeypatch) -> None:
|
||||
temp_dir = build_temp_secret_dir()
|
||||
hermes_home = temp_dir / ".hermes"
|
||||
|
||||
Reference in New Issue
Block a user