fix: restrict password login to existing phone accounts

2026-04-26 01:11:45 +08:00
parent c4b9b8173f
commit 0a0f3f1bd8
33 changed files with 489 additions and 778 deletions
--- a/server-rs/crates/api-server/src/story_sessions.rs
+++ b/server-rs/crates/api-server/src/story_sessions.rs
@@ -384,13 +384,9 @@ mod tests {
    async fn seed_authenticated_state() -> AppState {
        let state = AppState::new(AppConfig::default()).expect("state should build");
        state
-            .password_entry_service()
-            .execute(module_auth::PasswordEntryInput {
-                username: "story_sessions_user".to_string(),
-                password: "secret123".to_string(),
-            })
+            .seed_test_phone_user_with_password("13800138108", "secret123")
            .await
-            .expect("seed login should succeed");
+            .id;
        state
    }

@@ -401,7 +397,7 @@ mod tests {
                session_id: "sess_story_sessions".to_string(),
                provider: AuthProvider::Password,
                roles: vec!["user".to_string()],
-                token_version: 1,
+                token_version: 2,
                phone_verified: true,
                binding_status: BindingStatus::Active,
                display_name: Some("故事会话用户".to_string()),