fix: restrict password login to existing phone accounts

2026-04-26 01:11:45 +08:00
parent c4b9b8173f
commit 0a0f3f1bd8
33 changed files with 489 additions and 778 deletions
--- a/server-rs/crates/api-server/src/state.rs
+++ b/server-rs/crates/api-server/src/state.rs
@@ -38,6 +38,7 @@ pub struct AppState {
    admin_runtime: Option<AdminRuntime>,
    refresh_cookie_config: RefreshCookieConfig,
    oss_client: Option<OssClient>,
+    #[cfg_attr(test, allow(dead_code))]
    auth_store: InMemoryAuthStore,
    password_entry_service: PasswordEntryService,
    refresh_session_service: RefreshSessionService,
@@ -96,6 +97,9 @@ pub enum AppStateInitError {

 impl AppState {
    pub fn new(config: AppConfig) -> Result<Self, AppStateInitError> {
+        #[cfg(test)]
+        let auth_store = InMemoryAuthStore::default();
+        #[cfg(not(test))]
        let auth_store = InMemoryAuthStore::from_persistence_path(config.auth_store_path.clone())
            .map_err(AppStateInitError::AuthStore)?;
        Self::new_with_auth_store(config, auth_store)
@@ -206,19 +210,27 @@ impl AppState {
    }

    pub async fn sync_auth_store_snapshot_to_spacetime(&self) -> Result<(), SpacetimeClientError> {
+        #[cfg(test)]
+        return Ok(());
+
+        #[cfg(not(test))]
        let snapshot_json = self
            .auth_store
            .export_snapshot_json()
            .map_err(SpacetimeClientError::Runtime)?;
+        #[cfg(not(test))]
        let updated_at_micros = i64::try_from(
            OffsetDateTime::now_utc().unix_timestamp_nanos() / 1_000,
        )
        .map_err(|_| SpacetimeClientError::Runtime("认证快照更新时间超出 i64 范围".to_string()))?;
+        #[cfg(not(test))]
        self.spacetime_client
            .upsert_auth_store_snapshot(snapshot_json, updated_at_micros)
            .await?;
        // ?????????????????????????????????
+        #[cfg(not(test))]
        self.spacetime_client.import_auth_store_snapshot().await?;
+        #[cfg(not(test))]
        Ok(())
    }

@@ -401,6 +413,47 @@ impl AppState {

 #[cfg(test)]
 impl AppState {
+    pub(crate) async fn seed_test_phone_user_with_password(
+        &self,
+        phone_number: &str,
+        password: &str,
+    ) -> module_auth::AuthUser {
+        let now = OffsetDateTime::now_utc();
+        self.phone_auth_service()
+            .send_code(
+                module_auth::SendPhoneCodeInput {
+                    phone_number: phone_number.to_string(),
+                    scene: module_auth::PhoneAuthScene::Login,
+                },
+                now,
+            )
+            .await
+            .expect("test phone code should send");
+        let user = self
+            .phone_auth_service()
+            .login(
+                module_auth::PhoneLoginInput {
+                    phone_number: phone_number.to_string(),
+                    verify_code: "123456".to_string(),
+                },
+                now + time::Duration::seconds(1),
+            )
+            .await
+            .expect("test phone login should create user")
+            .user;
+        let changed = self
+            .password_entry_service()
+            .change_password(module_auth::ChangePasswordInput {
+                user_id: user.id.clone(),
+                current_password: None,
+                new_password: password.to_string(),
+            })
+            .await
+            .expect("test password should set");
+
+        changed.user
+    }
+
    fn cache_test_runtime_snapshot(&self, record: RuntimeSnapshotRecord) {
        self.test_runtime_snapshot_store
            .lock()