From 061f6baaf15b810db6c126befb5b7633fa4c8c66 Mon Sep 17 00:00:00 2001 From: guke Date: Fri, 17 Jul 2026 21:49:10 +0800 Subject: [PATCH] =?UTF-8?q?feat(auth):=20=E5=BE=AE=E4=BF=A1=E7=99=BB?= =?UTF-8?q?=E5=BD=95=E4=B8=8E=E6=89=8B=E6=9C=BA=E5=8F=B7=E7=BB=91=E5=AE=9A?= =?UTF-8?q?=20/=20=E5=8D=A0=E7=94=A8=E5=86=B2=E7=AA=81=E5=A4=84=E7=90=86(M?= =?UTF-8?q?2=20+=20M3=20=C2=A710)=20(#139)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## 背景 / 需求 新增「微信登录」链路:用户用微信授权登录 App。openid 已绑账号即直接登入; 未绑则走「绑手机号」建号,并处理「手机号已被别的账号占用」的冲突(M2), 以及绑微信后展示昵称/头像的替换策略(M3 §10)。 关键取舍:微信登录**不套用**钱包提现里 bind-wechat 的「撞号即 409」逻辑 ——登录场景 openid 命中就应登入,不能因撞号把用户挡在门外。 ## 改动概览:新增 5 个端点(前缀 `/api/v1/auth`) | 方法 | 路径 | 作用 | |---|---|---| | POST | `/wechat-login` | code→openid。命中已绑用户→直接登入;未命中→签发 `bind_ticket`,返回 `need_bind_phone`(**此刻不建号**);未配 APP_ID/SECRET→503 | | POST | `/wechat/bind-phone/sms` | 持 `bind_ticket` + 手机号 + 短信码绑号 | | POST | `/wechat/bind-phone/jverify` | 持 `bind_ticket` + 极光本机号一键取号绑号 | | POST | `/wechat/conflict/continue` | 占用冲突·继续绑定=**登录老账号**(老号没绑微信则把 openid 绑上;已绑别的微信则只登入、丢弃本次 openid) | | POST | `/wechat/conflict/rebind` | 占用冲突·换绑=**单事务**注销老账号 X(腾号)+ 用该号重建新账号 Y + 写换绑台账;受 30 天限制 | 绑号两条取号路径(sms / jverify)尾段共用 `_finish_wechat_bind`: 手机号未注册→建微信账号(channel=wechat,昵称头像取微信)登入; 已被占用→返回 `phone_occupied`(带占用账号昵称/头像/注册时间/`has_wechat`、 `conflict_ticket`、`rebind_available`、`rebind_blocked_days`),交前端冲突页。 冲突页三选一,后端提供 continue / rebind 两个动作(「取消」为前端本地行为)。 ## 关键设计 **两种短时令牌(`core/security.py`,复用 `JWT_SECRET_KEY`,靠 `typ` 区分):** - `bind_ticket`(typ=wechat_bind,sub=openid,附微信昵称/头像,TTL 10min): openid 未命中时下发,覆盖「授权→输手机号→收码→验码」整个绑定流程。 - `conflict_ticket`(typ=wechat_conflict):比 bind_ticket **多编码已验证的手机号**; 换绑 / 继续绑定只认票里的 phone,堵住「拿别人手机号去夺号」的接管漏洞。 **30 天换绑限制:** 新增台账表 `phone_rebind_log`(手机号级、渠道无关), 记录「腾号重建」这一破坏性事件,靠 `rebound_at` 算窗口; 阈值走配置 `PHONE_REBIND_LIMIT_DAYS`。命中限制的换绑请求返回 409。 **M3 §10 昵称/头像替换:** 绑微信默认用微信昵称/头像替换展示, 抽成共享 helper,登录绑号路径与钱包绑微信路径两处共用 (故 `wallet.py`、`tests/test_withdraw.py` 一并有改动)。 --------- Co-authored-by: guke Reviewed-on: https://gitea.shaguabijia.com/WonderableAI/shaguabijia-app-server/pulls/139 --- alembic/versions/phone_rebind_log.py | 32 ++++ app/api/v1/auth.py | 276 ++++++++++++++++++++++++++- app/core/config.py | 9 + app/core/security.py | 85 +++++++++ app/models/__init__.py | 1 + app/models/phone_rebind_log.py | 31 +++ app/repositories/phone_rebind.py | 39 ++++ app/repositories/user.py | 132 +++++++++++++ app/repositories/wallet.py | 2 + app/schemas/auth.py | 61 ++++++ tests/test_wechat_conflict.py | 232 ++++++++++++++++++++++ tests/test_wechat_login.py | 198 +++++++++++++++++++ tests/test_withdraw.py | 88 +++++++++ 13 files changed, 1185 insertions(+), 1 deletion(-) create mode 100644 alembic/versions/phone_rebind_log.py create mode 100644 app/models/phone_rebind_log.py create mode 100644 app/repositories/phone_rebind.py create mode 100644 tests/test_wechat_conflict.py create mode 100644 tests/test_wechat_login.py diff --git a/alembic/versions/phone_rebind_log.py b/alembic/versions/phone_rebind_log.py new file mode 100644 index 0000000..d6c0265 --- /dev/null +++ b/alembic/versions/phone_rebind_log.py @@ -0,0 +1,32 @@ +"""phone_rebind_log 表(M2 换绑 30 天限制台账) + +Revision ID: phone_rebind_log +Revises: comparison_llm_cost +""" +from alembic import op +import sqlalchemy as sa + +revision = "phone_rebind_log" +down_revision = "comparison_llm_cost" +branch_labels = None +depends_on = None + + +def upgrade() -> None: + op.create_table( + "phone_rebind_log", + sa.Column("id", sa.Integer(), primary_key=True, autoincrement=True), + sa.Column("phone", sa.String(length=20), nullable=False), + sa.Column("old_user_id", sa.Integer(), nullable=True), + sa.Column("new_user_id", sa.Integer(), nullable=False), + sa.Column("source", sa.String(length=32), nullable=False, server_default="wechat_conflict"), + sa.Column("rebound_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False), + ) + op.create_index("ix_phone_rebind_log_phone", "phone_rebind_log", ["phone"]) + op.create_index("ix_phone_rebind_log_rebound_at", "phone_rebind_log", ["rebound_at"]) + + +def downgrade() -> None: + op.drop_index("ix_phone_rebind_log_rebound_at", table_name="phone_rebind_log") + op.drop_index("ix_phone_rebind_log_phone", table_name="phone_rebind_log") + op.drop_table("phone_rebind_log") diff --git a/app/api/v1/auth.py b/app/api/v1/auth.py index b2b0382..e3728be 100644 --- a/app/api/v1/auth.py +++ b/app/api/v1/auth.py @@ -13,6 +13,7 @@ from __future__ import annotations import logging from fastapi import APIRouter, HTTPException, Request +from sqlalchemy.exc import IntegrityError from app.api.deps import CurrentUser, DbSession from app.core import test_account @@ -22,14 +23,25 @@ from app.core.ratelimit import ( enforce_rate_limit, record_rate_limits, ) -from app.core.security import TokenError, decode_token, issue_token_pair +from app.core.security import ( + TokenError, + create_bind_ticket, + create_conflict_ticket, + decode_bind_ticket, + decode_conflict_ticket, + decode_token, + issue_token_pair, +) +from app.integrations import wxpay from app.integrations.jiguang import JiguangError, mask_phone, verify_and_get_phone from app.integrations.sms import SmsError, send_code, verify_code from app.repositories import onboarding as onboarding_repo +from app.repositories import phone_rebind as rebind_repo from app.repositories import user as user_repo from app.schemas.auth import ( JverifyLoginRequest, LogoutResponse, + OccupiedAccountInfo, RefreshRequest, SmsLoginRequest, SmsSendRequest, @@ -37,6 +49,13 @@ from app.schemas.auth import ( TokenPair, TokenWithUser, UserOut, + WechatBindPhoneJverifyRequest, + WechatBindPhoneSmsRequest, + WechatBindResultResponse, + WechatConflictContinueRequest, + WechatConflictRebindRequest, + WechatLoginRequest, + WechatLoginResponse, ) logger = logging.getLogger("shagua.auth") @@ -175,6 +194,261 @@ def sms_login(req: SmsLoginRequest, request: Request, db: DbSession) -> TokenWit return _login_response(user, onboarding_completed=completed) +# ===================== 微信登录 ===================== + +@router.post( + "/wechat-login", + response_model=WechatLoginResponse, + summary="微信登录(openid 命中即登入,否则发绑号令牌)", +) +def wechat_login(req: WechatLoginRequest, db: DbSession) -> WechatLoginResponse: + from app.core.config import settings # 局部 import,避免循环 + + # 微信登录只需 code→openid(sns/oauth2),不需要商户转账证书;故只校验 APP_ID/SECRET。 + if not (settings.WECHAT_APP_ID and settings.WECHAT_APP_SECRET): + raise HTTPException(status_code=503, detail="wechat login not configured") + + try: + info = wxpay.code_to_userinfo(req.code) # {openid, nickname, avatar_url, raw};失败抛 ValueError + except ValueError as e: + raise HTTPException(status_code=400, detail=str(e)) from e + + openid = info["openid"] + user = user_repo.get_user_by_wechat_openid(db, openid) + if user is not None: + # openid 命中 → 直接登入(绝不套用提现 bind-wechat 的"撞号即 409"逻辑) + if user.status != "active": + raise HTTPException(status_code=403, detail="account disabled") + user_repo.touch_last_login(db, user) + completed = onboarding_repo.is_completed(db, user_id=user.id, device_id=req.device_id) + logger.info("wechat_login hit user_id=%d openid=%s*** onboarded=%s", user.id, openid[:6], completed) + return WechatLoginResponse( + status="logged_in", + token=_login_response(user, onboarding_completed=completed), + ) + + # 未命中 → 签发短时 bind_ticket,进手机号绑定流程(账号此刻还不建) + ticket = create_bind_ticket( + openid=openid, + wechat_nickname=info["nickname"], + wechat_avatar_url=info["avatar_url"], + ) + logger.info("wechat_login new openid=%s*** issue bind_ticket", openid[:6]) + return WechatLoginResponse( + status="need_bind_phone", + bind_ticket=ticket, + wechat_nickname=info["nickname"], + wechat_avatar_url=info["avatar_url"], + ) + + +def _finish_wechat_bind( + db, + *, + openid: str, + wechat_nickname: str | None, + wechat_avatar_url: str | None, + phone: str, + device_id: str, +) -> WechatBindResultResponse: + """绑手机建号的公共尾段:手机号被占用 → 返回 phone_occupied(M2 处理 3 选 1); + 未占用 → 新建微信账号(channel=wechat,昵称头像取微信)→ 签 token 登入。""" + existing = user_repo.get_user_by_phone(db, phone) + if existing is not None: + from app.core.config import settings # 局部 import,避免循环 + + ticket = create_conflict_ticket( + openid=openid, + wechat_nickname=wechat_nickname, + wechat_avatar_url=wechat_avatar_url, + phone=phone, + ) + blocked = rebind_repo.rebound_within_days(db, phone, settings.PHONE_REBIND_LIMIT_DAYS) + logger.info( + "wechat bind phone occupied phone=%s by user_id=%d has_wechat=%s", + mask_phone(phone), existing.id, bool(existing.wechat_openid), + ) + return WechatBindResultResponse( + status="phone_occupied", + occupied_account=OccupiedAccountInfo( + nickname=existing.nickname, + avatar_url=existing.avatar_url, + created_at=existing.created_at, + has_wechat=bool(existing.wechat_openid), + ), + conflict_ticket=ticket, + rebind_available=not blocked, + rebind_blocked_days=( + rebind_repo.remaining_block_days(db, phone, settings.PHONE_REBIND_LIMIT_DAYS) + if blocked else 0 + ), + ) + user = user_repo.create_wechat_user( + db, + phone=phone, + openid=openid, + wechat_nickname=wechat_nickname, + wechat_avatar_url=wechat_avatar_url, + ) + completed = onboarding_repo.is_completed(db, user_id=user.id, device_id=device_id) + logger.info("wechat bind ok user_id=%d phone=%s openid=%s*** onboarded=%s", + user.id, mask_phone(phone), openid[:6], completed) + return WechatBindResultResponse( + status="logged_in", + token=_login_response(user, onboarding_completed=completed), + ) + + +@router.post( + "/wechat/bind-phone/sms", + response_model=WechatBindResultResponse, + summary="微信登录·其他手机号(短信)绑定", +) +def wechat_bind_phone_sms( + req: WechatBindPhoneSmsRequest, request: Request, db: DbSession +) -> WechatBindResultResponse: + try: + claims = decode_bind_ticket(req.bind_ticket) + except TokenError as e: + raise HTTPException(status_code=401, detail="授权已过期,请重新用微信登录") from e + + # 防刷:同 sms/login,按 设备+IP 每小时限流(放在验证码校验之前,失败也计数) + enforce_rate_limit( + request, + scope="wechat-bind-sms-device", + subject=req.device_id, + limit=SMS_LOGIN_MAX_PER_HOUR, + window_sec=3600, + detail="登录尝试过于频繁,请稍后再试", + ) + + if not verify_code(req.phone, req.code): + raise HTTPException(status_code=400, detail="invalid sms code") + + return _finish_wechat_bind( + db, + openid=claims["openid"], + wechat_nickname=claims["wnk"], + wechat_avatar_url=claims["wav"], + phone=req.phone, + device_id=req.device_id, + ) + + +@router.post( + "/wechat/bind-phone/jverify", + response_model=WechatBindResultResponse, + summary="微信登录·本机号(极光)绑定", +) +def wechat_bind_phone_jverify( + req: WechatBindPhoneJverifyRequest, db: DbSession +) -> WechatBindResultResponse: + try: + claims = decode_bind_ticket(req.bind_ticket) + except TokenError as e: + raise HTTPException(status_code=401, detail="授权已过期,请重新用微信登录") from e + + try: + phone = verify_and_get_phone(req.login_token) + except JiguangError as e: + logger.error("[JG] verify+decrypt failed: %s", e, exc_info=True) + raise HTTPException(status_code=502, detail=f"jiguang verify failed: {e}") from e + + return _finish_wechat_bind( + db, + openid=claims["openid"], + wechat_nickname=claims["wnk"], + wechat_avatar_url=claims["wav"], + phone=phone, + device_id=req.device_id, + ) + + +# ===================== 微信占用冲突(M2) ===================== + +@router.post( + "/wechat/conflict/continue", + response_model=WechatBindResultResponse, + summary="微信占用冲突·继续绑定(登录老账号,能绑就绑)", +) +def wechat_conflict_continue( + req: WechatConflictContinueRequest, request: Request, db: DbSession +) -> WechatBindResultResponse: + try: + claims = decode_conflict_ticket(req.conflict_ticket) + except TokenError as e: + raise HTTPException(status_code=401, detail="操作超时,请重新用微信登录") from e + + enforce_rate_limit( + request, scope="wechat-conflict-device", subject=req.device_id, + limit=SMS_LOGIN_MAX_PER_HOUR, window_sec=3600, detail="操作过于频繁,请稍后再试", + ) + + user = user_repo.get_user_by_phone(db, claims["phone"]) + if user is None: + # P 期间被腾空(老账号改号/注销)→ 前提已变,让前端重走 + raise HTTPException(status_code=409, detail="账号状态已变化,请重新登录") + if user.status != "active": + raise HTTPException(status_code=403, detail="account disabled") + + if user.wechat_openid is None: + try: + user_repo.attach_wechat_to_user( + db, user, openid=claims["openid"], + wechat_nickname=claims["wnk"], wechat_avatar_url=claims["wav"], + ) + except IntegrityError: + db.rollback() # openid 被别处绑走 → 只登入不绑 + user_repo.touch_last_login(db, user) + else: + user_repo.touch_last_login(db, user) # X 已绑别的微信 → 只登入,丢弃本次 openid + + completed = onboarding_repo.is_completed(db, user_id=user.id, device_id=req.device_id) + logger.info("wechat conflict continue user_id=%d openid=%s***", user.id, claims["openid"][:6]) + return WechatBindResultResponse( + status="logged_in", + token=_login_response(user, onboarding_completed=completed), + ) + + +@router.post( + "/wechat/conflict/rebind", + response_model=WechatBindResultResponse, + summary="微信占用冲突·换绑(注销老账号+用该号重建全新账号)", +) +def wechat_conflict_rebind( + req: WechatConflictRebindRequest, request: Request, db: DbSession +) -> WechatBindResultResponse: + from app.core.config import settings # 局部 import,避免循环 + + try: + claims = decode_conflict_ticket(req.conflict_ticket) + except TokenError as e: + raise HTTPException(status_code=401, detail="操作超时,请重新用微信登录") from e + + enforce_rate_limit( + request, scope="wechat-conflict-device", subject=req.device_id, + limit=SMS_LOGIN_MAX_PER_HOUR, window_sec=3600, detail="操作过于频繁,请稍后再试", + ) + + phone = claims["phone"] + if rebind_repo.rebound_within_days(db, phone, settings.PHONE_REBIND_LIMIT_DAYS): + days = rebind_repo.remaining_block_days(db, phone, settings.PHONE_REBIND_LIMIT_DAYS) + raise HTTPException(status_code=409, detail=f"该手机号 {days} 天内已换绑过,暂不能再次换绑") + + user = user_repo.rebind_account( + db, phone=phone, openid=claims["openid"], + wechat_nickname=claims["wnk"], wechat_avatar_url=claims["wav"], + ) + completed = onboarding_repo.is_completed(db, user_id=user.id, device_id=req.device_id) + logger.info("wechat conflict rebind new_user_id=%d phone=%s openid=%s***", + user.id, mask_phone(phone), claims["openid"][:6]) + return WechatBindResultResponse( + status="logged_in", + token=_login_response(user, onboarding_completed=completed), + ) + + # ===================== Refresh ===================== @router.post("/refresh", response_model=TokenPair, summary="用 refresh_token 换新 token 对") diff --git a/app/core/config.py b/app/core/config.py index bf27932..fe01e31 100644 --- a/app/core/config.py +++ b/app/core/config.py @@ -44,6 +44,11 @@ class Settings(BaseSettings): JWT_ALGORITHM: str = "HS256" JWT_ACCESS_TOKEN_EXPIRE_MINUTES: int = 120 JWT_REFRESH_TOKEN_EXPIRE_DAYS: int = 30 + # 微信登录未命中 openid 时签发的"待绑手机"令牌有效期(JWT_SECRET_KEY 签名,typ=wechat_bind; + # 见 security.create_bind_ticket)。需覆盖"授权→输手机号→收短信→输验证码"整个绑定流程。 + WECHAT_BIND_TICKET_EXPIRE_MINUTES: int = 10 + # 一个手机号 30 天内最多换绑一次(微信占用冲突页的"换绑"动作)。见 phone_rebind_log。 + PHONE_REBIND_LIMIT_DAYS: int = 30 # ===== Admin 后台 ===== # admin 用独立 JWT secret(≠ JWT_SECRET_KEY),App 用户 token 无法越权访问后台。 @@ -81,6 +86,7 @@ class Settings(BaseSettings): SMS_SIGN_ID: int = 31729 # 极光短信签名 ID(非机密,可被 .env 覆盖) SMS_TEMPLATE_ID: int = 1 # 极光短信模板 ID(变量名 code,有效期 5 分钟) SMS_CODE_LENGTH: int = 6 # 验证码位数(本服务生成;前端 code 字段 4-8 位兼容) + SMS_DAILY_LIMIT_PER_PHONE: int = 10 # 单手机号每日发送上限(防刷 + 控费) SMS_MAX_VERIFY_ATTEMPTS: int = 5 # 单个验证码最多校验失败次数,超过即作废(防爆破) # ===== 测试账号(release 包全流程联调用)===== @@ -106,6 +112,9 @@ class Settings(BaseSettings): # 美团调用走的代理。本机开发直连美团会 SSL EOF,需填 http://127.0.0.1:7897; # 线上国内服务器留空(=直连)。见 .env.example 与 integrations/meituan.py。 MT_CPS_PROXY: str = "" + # 本地开发:开启后 /feed 接口直接返回 mock 数据,不调美团 API、不查离线库, + # 方便前端联调 feed 卡片样式、分页、距离排序等 UI。生产必须 false。 + MT_CPS_MOCK_FEED: bool = True @property def mt_cps_configured(self) -> bool: diff --git a/app/core/security.py b/app/core/security.py index 8e852be..ebbbac0 100644 --- a/app/core/security.py +++ b/app/core/security.py @@ -87,6 +87,91 @@ def issue_token_pair(user_id: int) -> dict[str, Any]: } +def create_bind_ticket( + *, openid: str, wechat_nickname: str | None, wechat_avatar_url: str | None +) -> str: + """微信登录未命中 openid 时,签发短时"待绑手机"令牌,承载 openid + 微信昵称头像。 + + typ='wechat_bind'、sub=openid;有效期 settings.WECHAT_BIND_TICKET_EXPIRE_MINUTES 分钟。 + 与 access/refresh 用同一 JWT_SECRET_KEY 签名,靠 typ 区分,decode_bind_ticket 校验 typ。 + """ + now = _now() + expire = now + timedelta(minutes=settings.WECHAT_BIND_TICKET_EXPIRE_MINUTES) + payload: dict[str, Any] = { + "sub": openid, + "typ": "wechat_bind", + "wnk": wechat_nickname, + "wav": wechat_avatar_url, + "iat": int(now.timestamp()), + "exp": int(expire.timestamp()), + } + return jwt.encode(payload, settings.JWT_SECRET_KEY, algorithm=settings.JWT_ALGORITHM) + + +def decode_bind_ticket(token: str) -> dict[str, Any]: + """解析"待绑手机"令牌,校验签名/过期/类型。失败抛 TokenError。 + + 返回 {'openid': str, 'wnk': str|None, 'wav': str|None}。 + """ + try: + payload = jwt.decode(token, settings.JWT_SECRET_KEY, algorithms=[settings.JWT_ALGORITHM]) + except jwt.ExpiredSignatureError as e: + raise TokenError("bind ticket expired") from e + except jwt.InvalidTokenError as e: + raise TokenError(f"invalid bind ticket: {e}") from e + if payload.get("typ") != "wechat_bind": + raise TokenError(f"wrong token type: want=wechat_bind got={payload.get('typ')}") + if "sub" not in payload: + raise TokenError("bind ticket missing sub") + return {"openid": payload["sub"], "wnk": payload.get("wnk"), "wav": payload.get("wav")} + + +def create_conflict_ticket( + *, openid: str, wechat_nickname: str | None, wechat_avatar_url: str | None, phone: str +) -> str: + """手机号占用时签发的短时"冲突处理"令牌。 + + 比 bind_ticket 多编码 **已验证的手机号 phone** —— 换绑/继续绑定只认它,证明"这对 + openid/手机号刚在绑号时验证通过",免用户重输验证码,又堵住"拿自己 openid + 任意手机号 + 去夺号"的接管漏洞。typ='wechat_conflict';有效期复用 WECHAT_BIND_TICKET_EXPIRE_MINUTES。 + """ + now = _now() + expire = now + timedelta(minutes=settings.WECHAT_BIND_TICKET_EXPIRE_MINUTES) + payload: dict[str, Any] = { + "sub": openid, + "typ": "wechat_conflict", + "wnk": wechat_nickname, + "wav": wechat_avatar_url, + "phn": phone, + "iat": int(now.timestamp()), + "exp": int(expire.timestamp()), + } + return jwt.encode(payload, settings.JWT_SECRET_KEY, algorithm=settings.JWT_ALGORITHM) + + +def decode_conflict_ticket(token: str) -> dict[str, Any]: + """解析"冲突处理"令牌,校验签名/过期/类型。失败抛 TokenError。 + + 返回 {'openid': str, 'wnk': str|None, 'wav': str|None, 'phone': str}。 + """ + try: + payload = jwt.decode(token, settings.JWT_SECRET_KEY, algorithms=[settings.JWT_ALGORITHM]) + except jwt.ExpiredSignatureError as e: + raise TokenError("conflict ticket expired") from e + except jwt.InvalidTokenError as e: + raise TokenError(f"invalid conflict ticket: {e}") from e + if payload.get("typ") != "wechat_conflict": + raise TokenError(f"wrong token type: want=wechat_conflict got={payload.get('typ')}") + if "sub" not in payload or "phn" not in payload: + raise TokenError("conflict ticket missing sub/phn") + return { + "openid": payload["sub"], + "wnk": payload.get("wnk"), + "wav": payload.get("wav"), + "phone": payload["phn"], + } + + # ===================== 密码 hash(admin 后台账号用)===================== # 用户侧是手机号+验证码登录,不存密码;仅 admin 账号用 username+password 登录。 diff --git a/app/models/__init__.py b/app/models/__init__.py index 694aa00..b6303b7 100644 --- a/app/models/__init__.py +++ b/app/models/__init__.py @@ -32,6 +32,7 @@ from app.models.invite_fingerprint import InviteFingerprint # noqa: F401 from app.models.launch_confirm_sample import LaunchConfirmSample # noqa: F401 from app.models.meituan_coupon import MeituanCoupon # noqa: F401 from app.models.onboarding import OnboardingCompletion # noqa: F401 +from app.models.phone_rebind_log import PhoneRebindLog # noqa: F401 from app.models.ops_marquee_seed import OpsMarqueeSeed # noqa: F401 from app.models.ops_stat_config import OpsStatConfig # noqa: F401 from app.models.price_observation import PriceObservation # noqa: F401 diff --git a/app/models/phone_rebind_log.py b/app/models/phone_rebind_log.py new file mode 100644 index 0000000..c28be70 --- /dev/null +++ b/app/models/phone_rebind_log.py @@ -0,0 +1,31 @@ +"""手机号换绑台账。 + +记录"手机号从老账号被夺走、重建为新账号(X 注销 → Y)"这一破坏性事件,支撑"一个手机号 +30 天内最多换绑一次"的限制。手机号级、渠道无关(source 标来源);普通微信绑定不写此表。 +见 M2 spec §4.1。 +""" +from __future__ import annotations + +from datetime import datetime + +from sqlalchemy import DateTime, Integer, String, func +from sqlalchemy.orm import Mapped, mapped_column + +from app.db.base import Base + + +class PhoneRebindLog(Base): + __tablename__ = "phone_rebind_log" + + id: Mapped[int] = mapped_column(Integer, primary_key=True, autoincrement=True) + # 被换绑的真实手机号(注意:存真实号,不是老账号被腾号后的 deleted_) + phone: Mapped[str] = mapped_column(String(20), index=True, nullable=False) + # 被注销的老账号 X;P 换绑时已被腾空(极边界)则为空 + old_user_id: Mapped[int | None] = mapped_column(Integer, nullable=True) + # 换绑后新建的账号 Y + new_user_id: Mapped[int] = mapped_column(Integer, nullable=False) + # 换绑来源。手机号级配额、渠道无关,留字段给未来其他换绑路径共用同一份 30 天限制。 + source: Mapped[str] = mapped_column(String(32), nullable=False, default="wechat_conflict") + rebound_at: Mapped[datetime] = mapped_column( + DateTime(timezone=True), server_default=func.now(), index=True, nullable=False + ) diff --git a/app/repositories/phone_rebind.py b/app/repositories/phone_rebind.py new file mode 100644 index 0000000..34275d3 --- /dev/null +++ b/app/repositories/phone_rebind.py @@ -0,0 +1,39 @@ +"""手机号换绑台账(phone_rebind_log)的查询与写入。见 M2 spec §4.1。""" +from __future__ import annotations + +import math +from datetime import datetime, timedelta, timezone + +from sqlalchemy import func, select +from sqlalchemy.orm import Session + +from app.models.phone_rebind_log import PhoneRebindLog + + +def rebound_within_days(db: Session, phone: str, days: int) -> bool: + """该手机号在最近 days 天内是否换绑过(命中 → 禁止再次换绑)。""" + since = datetime.now(timezone.utc) - timedelta(days=days) + stmt = ( + select(PhoneRebindLog.id) + .where(PhoneRebindLog.phone == phone, PhoneRebindLog.rebound_at >= since) + .limit(1) + ) + return db.execute(stmt).first() is not None + + +def remaining_block_days(db: Session, phone: str, days: int) -> int: + """距离该手机号可再次换绑还剩几天(向上取整;无记录返回 0)。""" + last = db.execute( + select(func.max(PhoneRebindLog.rebound_at)).where(PhoneRebindLog.phone == phone) + ).scalar_one_or_none() + if last is None: + return 0 + if last.tzinfo is None: # SQLite 取回 naive datetime,按 UTC 归一 + last = last.replace(tzinfo=timezone.utc) + remaining = (last + timedelta(days=days) - datetime.now(timezone.utc)).total_seconds() + return max(0, math.ceil(remaining / 86400)) + + +def add_rebind_log(db: Session, *, phone: str, old_user_id: int | None, new_user_id: int, source: str) -> None: + """写一条换绑台账(**不 commit**,交给调用方 rebind_account 的单事务)。""" + db.add(PhoneRebindLog(phone=phone, old_user_id=old_user_id, new_user_id=new_user_id, source=source)) diff --git a/app/repositories/user.py b/app/repositories/user.py index 7a560ef..2157cfc 100644 --- a/app/repositories/user.py +++ b/app/repositories/user.py @@ -12,6 +12,7 @@ from sqlalchemy import select from sqlalchemy.orm import Session from app.models.user import User +from app.repositories import phone_rebind # ===== 创建时分配的标识:用户名(对外展示账号 ID)+ 默认昵称 ===== @@ -58,6 +59,17 @@ def is_default_nickname(nickname: str | None) -> bool: ) +def apply_wechat_display_identity( + user: User, *, wechat_nickname: str | None, wechat_avatar_url: str | None +) -> None: + """§10:用已有账号绑微信时,仅当展示字段仍为默认才用微信昵称/头像替换(两规则独立); + 自定义(改过昵称/传过头像)则保留。只改内存对象,由调用方 commit。""" + if is_default_nickname(user.nickname) and wechat_nickname: + user.nickname = wechat_nickname + if user.avatar_url is None and wechat_avatar_url: + user.avatar_url = wechat_avatar_url + + def get_user_by_username(db: Session, username: str) -> User | None: return db.execute( select(User).where(User.username == username) @@ -86,6 +98,85 @@ def get_user_by_phone(db: Session, phone: str) -> User | None: return db.execute(stmt).scalar_one_or_none() +def get_user_by_wechat_openid(db: Session, openid: str) -> User | None: + stmt = select(User).where(User.wechat_openid == openid) + return db.execute(stmt).scalar_one_or_none() + + +def touch_last_login(db: Session, user: User) -> User: + """openid 命中登录时更新 last_login_at(手机号登录在 upsert_user_for_login 里已更新)。""" + user.last_login_at = datetime.now(timezone.utc) + db.commit() + db.refresh(user) + return user + + +def attach_wechat_to_user( + db: Session, user: User, *, openid: str, wechat_nickname: str | None, wechat_avatar_url: str | None +) -> User: + """继续绑定:把微信 openid + 微信源字段并入已存在账号(调用方保证 user.wechat_openid 为空)。 + + 写 wechat_openid / wechat_nickname / wechat_avatar_url,并按 §10 规则回填展示字段: + 仅当昵称仍为默认值(is_default_nickname)时用微信昵称替换,仅当头像为 null 时用微信头像替换; + 用户已自定义的展示昵称/头像始终保留,两规则相互独立。 + 撞 openid 唯一约束(O 期间被别处绑走,极罕见)时由调用方捕获 IntegrityError 兜底降级为"只登入不绑"。 + """ + user.wechat_openid = openid + user.wechat_nickname = wechat_nickname + user.wechat_avatar_url = wechat_avatar_url + user.last_login_at = datetime.now(timezone.utc) + apply_wechat_display_identity(user, wechat_nickname=wechat_nickname, wechat_avatar_url=wechat_avatar_url) + db.commit() + db.refresh(user) + return user + + +def _build_wechat_user( + db: Session, + *, + phone: str, + openid: str, + wechat_nickname: str | None, + wechat_avatar_url: str | None, +) -> User: + """构造并 db.add 一个微信账号行(register_channel='wechat',展示昵称头像取微信,缺则默认), + **不 commit**。create_wechat_user 与 rebind_account 共用,保证建号逻辑单一来源。""" + user = User( + phone=phone, + username=_gen_unique_username(db), + nickname=wechat_nickname or _gen_nickname(), + avatar_url=wechat_avatar_url, + register_channel="wechat", + wechat_openid=openid, + wechat_nickname=wechat_nickname, + wechat_avatar_url=wechat_avatar_url, + last_login_at=datetime.now(timezone.utc), + ) + db.add(user) + return user + + +def create_wechat_user( + db: Session, + *, + phone: str, + openid: str, + wechat_nickname: str | None, + wechat_avatar_url: str | None, +) -> User: + """微信登录新建账号(未占用分支)。见 _build_wechat_user。 + + openid 唯一约束是并发/重复绑定的最终防线(极罕见,openid 在 wechat-login 刚查过为空)。 + """ + user = _build_wechat_user( + db, phone=phone, openid=openid, + wechat_nickname=wechat_nickname, wechat_avatar_url=wechat_avatar_url, + ) + db.commit() + db.refresh(user) + return user + + def upsert_user_for_login( db: Session, *, @@ -154,3 +245,44 @@ def soft_delete_account(db: Session, user: User) -> None: # 释放邀请码唯一槽 user.invite_code = None db.commit() + + +def rebind_account( + db: Session, + *, + phone: str, + openid: str, + wechat_nickname: str | None, + wechat_avatar_url: str | None, + source: str = "wechat_conflict", +) -> User: + """换绑:**单事务内**注销老账号 X(腾出手机号)+ 用该号建全新微信账号 Y + 写换绑台账。 + + - 老账号可能已不存在(P 被腾空)→ old_user_id=None,直接建 Y(幂等更稳)。 + - 手机号唯一约束靠时序:先把 X.phone 改名并 flush 腾号,再插 Y。 + - 全程不中途 commit,任一步失败整体回滚,绝不出现"X 删了 Y 没建"。 + X 的字段变更等价 soft_delete_account(软删 + 匿名化 + 释放 openid/邀请码唯一槽),但不在此 commit。 + """ + old = get_user_by_phone(db, phone) + old_id = old.id if old is not None else None + if old is not None: + old.status = "deleted" + old.phone = f"deleted_{old.id}" + old.nickname = None + old.avatar_url = None + old.wechat_openid = None + old.wechat_nickname = None + old.wechat_avatar_url = None + old.invite_code = None + db.flush() # 先落 phone 改名,腾出手机号唯一约束,才能给 Y 用 + new_user = _build_wechat_user( + db, phone=phone, openid=openid, + wechat_nickname=wechat_nickname, wechat_avatar_url=wechat_avatar_url, + ) + db.flush() # 拿 new_user.id + phone_rebind.add_rebind_log( + db, phone=phone, old_user_id=old_id, new_user_id=new_user.id, source=source + ) + db.commit() + db.refresh(new_user) + return new_user diff --git a/app/repositories/wallet.py b/app/repositories/wallet.py index 29b7a2c..c5f42d0 100644 --- a/app/repositories/wallet.py +++ b/app/repositories/wallet.py @@ -20,6 +20,7 @@ from app.core.config import settings from app.core.rewards import COIN_PER_CENT, coins_to_cents from app.integrations import wxpay from app.models.user import User +from app.repositories.user import apply_wechat_display_identity from app.models.wallet import ( CashTransaction, CoinAccount, @@ -378,6 +379,7 @@ def bind_wechat_openid(db: Session, user_id: int, code: str) -> dict: user.wechat_openid = info["openid"] user.wechat_nickname = info["nickname"] user.wechat_avatar_url = info["avatar_url"] + apply_wechat_display_identity(user, wechat_nickname=info["nickname"], wechat_avatar_url=info["avatar_url"]) db.commit() return info diff --git a/app/schemas/auth.py b/app/schemas/auth.py index 3870a52..03a03b1 100644 --- a/app/schemas/auth.py +++ b/app/schemas/auth.py @@ -102,3 +102,64 @@ class RefreshRequest(BaseModel): class LogoutResponse(BaseModel): ok: bool = True + + +# ===== 微信登录 ===== + +class WechatLoginRequest(BaseModel): + code: str = Field(..., min_length=1, description="微信 App 授权拿到的 code(单次有效)") + device_id: str = Field( + "", max_length=64, + description="硬件级设备标识(Android ANDROID_ID),用于新手引导按 设备+账号 去重;空=按未完成处理", + ) + + +class WechatLoginResponse(BaseModel): + # status="logged_in" → openid 命中,token 有值;"need_bind_phone" → 未命中,bind_ticket 有值 + status: str + token: TokenWithUser | None = None + bind_ticket: str | None = None + wechat_nickname: str | None = None + wechat_avatar_url: str | None = None + + +class OccupiedAccountInfo(BaseModel): + """手机号被占用时返回的原账号脱敏展示信息(供冲突页)。""" + nickname: str | None = None + avatar_url: str | None = None + created_at: datetime + has_wechat: bool = False + + +class WechatBindResultResponse(BaseModel): + # status="logged_in" → 未占用,已建号登入,token 有值; + # "phone_occupied" → 手机号被占用,occupied_account + conflict_ticket 有值,token 为 None + status: str + token: TokenWithUser | None = None + occupied_account: OccupiedAccountInfo | None = None + conflict_ticket: str | None = None # 占用时签发,换绑/继续绑定只认它 + rebind_available: bool | None = None # 该手机号 30 天内是否还能换绑(给换绑按钮预置禁用态) + rebind_blocked_days: int | None = None # 被限时剩余天数(rebind_available=False 时>0) + + +class WechatBindPhoneSmsRequest(BaseModel): + bind_ticket: str = Field(..., min_length=1) + phone: str = Field(..., min_length=11, max_length=11, pattern=r"^1\d{10}$") + code: str = Field(..., min_length=4, max_length=8) + device_id: str = Field("", max_length=64) + + +class WechatBindPhoneJverifyRequest(BaseModel): + bind_ticket: str = Field(..., min_length=1) + login_token: str = Field(..., min_length=1, description="客户端 loginAuth 拿到的 loginToken") + device_id: str = Field("", max_length=64) + + +class WechatConflictContinueRequest(BaseModel): + conflict_ticket: str = Field(..., min_length=1) + device_id: str = Field("", max_length=64) + + +class WechatConflictRebindRequest(BaseModel): + conflict_ticket: str = Field(..., min_length=1) + device_id: str = Field("", max_length=64) diff --git a/tests/test_wechat_conflict.py b/tests/test_wechat_conflict.py new file mode 100644 index 0000000..5ba4b84 --- /dev/null +++ b/tests/test_wechat_conflict.py @@ -0,0 +1,232 @@ +"""微信登录 M2 测试:conflict_ticket 令牌、继续绑定(attach/只登入)、换绑(建号+软删+30天限)。 + +沿用 tests/test_wechat_login.py 风格:HTTP 走 client;微信 code→openid 用 monkeypatch; +短信走 SMS_MOCK(任意 6 位过)。数据变更用"再走一遍 wechat-login 看 openid 落在哪个账号"做行为断言。 +""" +from __future__ import annotations + +import pytest + +from app.api.v1 import auth # noqa: F401 (后续测试打桩 verify_and_get_phone 用) +from app.core import security +from app.integrations import wxpay +from app.models.phone_rebind_log import PhoneRebindLog + + +def _fake_userinfo(openid: str, nickname: str | None = "微信昵称", avatar: str | None = "http://x/a.png"): + def _f(code: str) -> dict: + return {"openid": openid, "nickname": nickname, "avatar_url": avatar, "raw": {}} + return _f + + +def _sms_occupy(client, phone: str) -> int: + """用普通短信登录占用一个手机号(register_channel=sms),返回该账号 id。""" + assert client.post("/api/v1/auth/sms/send", json={"phone": phone}).status_code == 200 + r = client.post("/api/v1/auth/sms/login", json={"phone": phone, "code": "123456"}) + assert r.status_code == 200, r.text + return r.json()["user"]["id"] + + +def _occupy_via_conflict(client, monkeypatch, openid: str, phone: str, device_id: str) -> dict: + """微信登录(新 openid)→ 绑同一手机号 → 返回 phone_occupied 的响应体(含 conflict_ticket)。""" + monkeypatch.setattr(wxpay, "code_to_userinfo", _fake_userinfo(openid)) + ticket = client.post( + "/api/v1/auth/wechat-login", json={"code": "c", "device_id": device_id} + ).json()["bind_ticket"] + r = client.post( + "/api/v1/auth/wechat/bind-phone/sms", + json={"bind_ticket": ticket, "phone": phone, "code": "123456", "device_id": device_id}, + ) + assert r.status_code == 200, r.text + body = r.json() + assert body["status"] == "phone_occupied" + return body + + +# ===== Task 1: 模型可导入(建表由 conftest 的 create_all 完成) ===== + +def test_phone_rebind_log_model_importable() -> None: + assert PhoneRebindLog.__tablename__ == "phone_rebind_log" + + +# ===== Task 2: conflict_ticket 令牌 ===== + +def test_conflict_ticket_roundtrip() -> None: + token = security.create_conflict_ticket( + openid="oid1", wechat_nickname="昵", wechat_avatar_url="http://a", phone="13900139000" + ) + claims = security.decode_conflict_ticket(token) + assert claims["openid"] == "oid1" + assert claims["wnk"] == "昵" + assert claims["wav"] == "http://a" + assert claims["phone"] == "13900139000" + + +def test_conflict_ticket_wrong_type_rejected() -> None: + # bind_ticket 冒充 conflict_ticket → TokenError(typ 不匹配) + bind = security.create_bind_ticket(openid="oid", wechat_nickname=None, wechat_avatar_url=None) + with pytest.raises(security.TokenError): + security.decode_conflict_ticket(bind) + + +def test_conflict_ticket_expired_rejected(monkeypatch) -> None: + monkeypatch.setattr(security.settings, "WECHAT_BIND_TICKET_EXPIRE_MINUTES", -1) + token = security.create_conflict_ticket( + openid="oid", wechat_nickname=None, wechat_avatar_url=None, phone="13900139000" + ) + with pytest.raises(security.TokenError): + security.decode_conflict_ticket(token) + + +# ===== Task 3: 占用响应扩展 ===== + +def test_phone_occupied_returns_conflict_ticket_and_flags(client, monkeypatch) -> None: + phone = "13900139101" + _sms_occupy(client, phone) # 老账号 X(sms,无微信) + body = _occupy_via_conflict(client, monkeypatch, "openid_occ_101", phone, "devO1") + assert body["conflict_ticket"] + assert body["rebind_available"] is True # 首次,未换绑过 + assert body["rebind_blocked_days"] == 0 + assert body["occupied_account"]["has_wechat"] is False # X 是 sms 账号 + + +# ===== Task 4: 继续绑定 ===== + +def test_continue_attaches_wechat_and_logs_into_existing(client, monkeypatch) -> None: + """X 无微信 → 继续绑定并入 openid + 登入 X;之后同 openid 登录直接命中 X。""" + phone = "13900139201" + x_id = _sms_occupy(client, phone) # X:sms 账号,无微信 + body = _occupy_via_conflict(client, monkeypatch, "openid_cont_201", phone, "devC1") + + r = client.post( + "/api/v1/auth/wechat/conflict/continue", + json={"conflict_ticket": body["conflict_ticket"], "device_id": "devC1"}, + ) + assert r.status_code == 200, r.text + assert r.json()["status"] == "logged_in" + assert r.json()["token"]["user"]["id"] == x_id # 登入的是老账号 X + + # openid 现已并入 X:再走 wechat-login 直接命中 X + r = client.post("/api/v1/auth/wechat-login", json={"code": "c", "device_id": "devC1"}) + assert r.json()["status"] == "logged_in" + assert r.json()["token"]["user"]["id"] == x_id + + +def test_continue_when_existing_has_wechat_logs_in_and_discards_openid(client, monkeypatch) -> None: + """X 已绑别的微信 → 继续绑定只登入 X、丢弃本次 openid(不覆盖)。""" + phone = "13900139202" + # 先建一个已绑微信 O1 的账号 X(微信登录 O1 + 短信绑号) + monkeypatch.setattr(wxpay, "code_to_userinfo", _fake_userinfo("openid_o1_202")) + t = client.post("/api/v1/auth/wechat-login", json={"code": "c", "device_id": "devC2"}).json()["bind_ticket"] + x = client.post( + "/api/v1/auth/wechat/bind-phone/sms", + json={"bind_ticket": t, "phone": phone, "code": "123456", "device_id": "devC2"}, + ).json() + x_id = x["token"]["user"]["id"] + + # 新 openid O2 撞同号 → 占用(has_wechat=True)→ 继续绑定 + body = _occupy_via_conflict(client, monkeypatch, "openid_o2_202", phone, "devC2b") + assert body["occupied_account"]["has_wechat"] is True + r = client.post( + "/api/v1/auth/wechat/conflict/continue", + json={"conflict_ticket": body["conflict_ticket"], "device_id": "devC2b"}, + ) + assert r.status_code == 200, r.text + assert r.json()["token"]["user"]["id"] == x_id # 登入 X + + # O2 被丢弃:再走 wechat-login(O2)→ 仍未命中(need_bind_phone) + monkeypatch.setattr(wxpay, "code_to_userinfo", _fake_userinfo("openid_o2_202")) + assert client.post( + "/api/v1/auth/wechat-login", json={"code": "c", "device_id": "devC2b"} + ).json()["status"] == "need_bind_phone" + + +def test_continue_expired_ticket_returns_401(client, monkeypatch) -> None: + monkeypatch.setattr(security.settings, "WECHAT_BIND_TICKET_EXPIRE_MINUTES", -1) + expired = security.create_conflict_ticket( + openid="oid", wechat_nickname=None, wechat_avatar_url=None, phone="13900139209" + ) + r = client.post( + "/api/v1/auth/wechat/conflict/continue", + json={"conflict_ticket": expired, "device_id": "devC3"}, + ) + assert r.status_code == 401, r.text + + +# ===== Task 5: 换绑 ===== + +def test_rebind_creates_new_account_and_binds_openid(client, monkeypatch) -> None: + """换绑 → 建全新微信账号 Y(≠X)+ openid 落到 Y;老账号 X 被注销(手机号归 Y)。""" + phone = "13900139301" + x_id = _sms_occupy(client, phone) + body = _occupy_via_conflict(client, monkeypatch, "openid_rb_301", phone, "devR1") + + r = client.post( + "/api/v1/auth/wechat/conflict/rebind", + json={"conflict_ticket": body["conflict_ticket"], "device_id": "devR1"}, + ) + assert r.status_code == 200, r.text + y = r.json()["token"]["user"] + assert r.json()["status"] == "logged_in" + assert y["phone"] == phone + assert y["register_channel"] == "wechat" + assert y["id"] != x_id # 是全新账号,不是老账号 + + # openid 落到 Y:再走 wechat-login 命中 Y + r = client.post("/api/v1/auth/wechat-login", json={"code": "c", "device_id": "devR1"}) + assert r.json()["status"] == "logged_in" + assert r.json()["token"]["user"]["id"] == y["id"] + + +# ===== §10: continue 路径也应用展示身份回填规则 ===== + +def test_continue_applies_section10(client, monkeypatch) -> None: + """§10 via M2 attach 路径: X 是默认昵称+null头像的 sms 账号; + continue 绑定微信后,展示昵称/头像应被微信值替换,并体现在响应的 token.user 中。""" + phone = "13900139211" + _sms_occupy(client, phone) # 建 X:默认昵称, null avatar + body = _occupy_via_conflict( + client, monkeypatch, "openid_s10", phone, "devS10" + ) # fake_userinfo 默认 nickname="微信昵称", avatar="http://x/a.png" + + r = client.post( + "/api/v1/auth/wechat/conflict/continue", + json={"conflict_ticket": body["conflict_ticket"], "device_id": "devS10"}, + ) + assert r.status_code == 200, r.text + user_out = r.json()["token"]["user"] + assert user_out["nickname"] == "微信昵称" + assert user_out["avatar_url"] == "http://x/a.png" + + +def test_rebind_blocked_within_30_days(client, monkeypatch) -> None: + """同一手机号 30 天内二次换绑 → 409;占用响应 rebind_available=False。""" + phone = "13900139302" + _sms_occupy(client, phone) + body = _occupy_via_conflict(client, monkeypatch, "openid_rb_302a", phone, "devR2") + assert client.post( + "/api/v1/auth/wechat/conflict/rebind", + json={"conflict_ticket": body["conflict_ticket"], "device_id": "devR2"}, + ).status_code == 200 + + # 第二次:新 openid 撞同号 → 占用响应此时 rebind_available=False + body2 = _occupy_via_conflict(client, monkeypatch, "openid_rb_302b", phone, "devR2b") + assert body2["rebind_available"] is False + assert body2["rebind_blocked_days"] >= 1 + r = client.post( + "/api/v1/auth/wechat/conflict/rebind", + json={"conflict_ticket": body2["conflict_ticket"], "device_id": "devR2b"}, + ) + assert r.status_code == 409, r.text + + +def test_rebind_expired_ticket_returns_401(client, monkeypatch) -> None: + monkeypatch.setattr(security.settings, "WECHAT_BIND_TICKET_EXPIRE_MINUTES", -1) + expired = security.create_conflict_ticket( + openid="oid", wechat_nickname=None, wechat_avatar_url=None, phone="13900139309" + ) + r = client.post( + "/api/v1/auth/wechat/conflict/rebind", + json={"conflict_ticket": expired, "device_id": "devR3"}, + ) + assert r.status_code == 401, r.text diff --git a/tests/test_wechat_login.py b/tests/test_wechat_login.py new file mode 100644 index 0000000..84504c5 --- /dev/null +++ b/tests/test_wechat_login.py @@ -0,0 +1,198 @@ +"""微信登录 M1 测试:bind_ticket 令牌、wechat-login(openid 命中/未命中)、 +bind-phone(建号/占用/令牌过期)。 + +沿用 tests/test_auth.py 风格:HTTP 走 client fixture;微信 code→openid 用 monkeypatch +拦掉(conftest 里 WECHAT_APP_ID/SECRET 是 dummy,不真连微信);短信走 SMS_MOCK(任意 6 位通过)。 +""" +from __future__ import annotations + +import pytest + +from app.api.v1 import auth +from app.core import security +from app.integrations import wxpay + + +def _fake_userinfo(openid: str, nickname: str | None = "微信昵称", avatar: str | None = "http://x/a.png"): + """返回一个可传给 monkeypatch 的假 code_to_userinfo(忽略 code,固定返回给定 openid)。""" + def _f(code: str) -> dict: + return {"openid": openid, "nickname": nickname, "avatar_url": avatar, "raw": {}} + return _f + + +# ===== Task 1: bind_ticket 令牌 ===== + +def test_bind_ticket_roundtrip() -> None: + token = security.create_bind_ticket(openid="oid1", wechat_nickname="昵", wechat_avatar_url="http://a") + claims = security.decode_bind_ticket(token) + assert claims["openid"] == "oid1" + assert claims["wnk"] == "昵" + assert claims["wav"] == "http://a" + + +def test_bind_ticket_wrong_type_rejected() -> None: + # 用 access token 冒充 bind_ticket → TokenError(typ 不匹配) + access, _ = security.create_token(user_id=1, token_type="access") + with pytest.raises(security.TokenError): + security.decode_bind_ticket(access) + + +def test_bind_ticket_expired_rejected(monkeypatch) -> None: + monkeypatch.setattr(security.settings, "WECHAT_BIND_TICKET_EXPIRE_MINUTES", -1) + token = security.create_bind_ticket(openid="oid", wechat_nickname=None, wechat_avatar_url=None) + with pytest.raises(security.TokenError): + security.decode_bind_ticket(token) + + +# ===== Task 2: wechat-login ===== + +def test_wechat_login_new_openid_returns_bind_ticket(client, monkeypatch) -> None: + monkeypatch.setattr(wxpay, "code_to_userinfo", _fake_userinfo("openid_new_1", "小明", "http://x/m.png")) + r = client.post("/api/v1/auth/wechat-login", json={"code": "wxcode1", "device_id": "devA"}) + assert r.status_code == 200, r.text + body = r.json() + assert body["status"] == "need_bind_phone" + assert body["bind_ticket"] + assert body["wechat_nickname"] == "小明" + assert body["wechat_avatar_url"] == "http://x/m.png" + assert body["token"] is None + + +def test_wechat_login_invalid_code_returns_400(client, monkeypatch) -> None: + def _raise(code: str) -> dict: + raise ValueError("微信授权失败: invalid code") + monkeypatch.setattr(wxpay, "code_to_userinfo", _raise) + r = client.post("/api/v1/auth/wechat-login", json={"code": "bad", "device_id": "devA"}) + assert r.status_code == 400, r.text + + +# ===== Task 3: bind-phone/sms ===== + +def test_wechat_bind_sms_creates_account_then_openid_logs_in(client, monkeypatch) -> None: + """未占用 → 建微信账号(channel=wechat,昵称头像取微信);再次同 openid 登录 → 直接登入同一账号。""" + monkeypatch.setattr(wxpay, "code_to_userinfo", _fake_userinfo("openid_flow_2", "阿花", "http://x/h.png")) + phone = "13900139002" + + # 1) 微信登录 → 未命中 → 拿 ticket + r = client.post("/api/v1/auth/wechat-login", json={"code": "c1", "device_id": "devB"}) + ticket = r.json()["bind_ticket"] + assert ticket + + # 2) 短信绑号(SMS_MOCK:任意 6 位通过)→ 建号 + 登入 + r = client.post( + "/api/v1/auth/wechat/bind-phone/sms", + json={"bind_ticket": ticket, "phone": phone, "code": "123456", "device_id": "devB"}, + ) + assert r.status_code == 200, r.text + body = r.json() + assert body["status"] == "logged_in" + user = body["token"]["user"] + assert user["phone"] == phone + assert user["register_channel"] == "wechat" + assert user["nickname"] == "阿花" + assert user["avatar_url"] == "http://x/h.png" + uid = user["id"] + + # 3) 再次微信登录(同 openid)→ 命中 → 直接登入同一账号 + r = client.post("/api/v1/auth/wechat-login", json={"code": "c2", "device_id": "devB"}) + assert r.status_code == 200, r.text + body = r.json() + assert body["status"] == "logged_in" + assert body["token"]["user"]["id"] == uid + + +def test_wechat_bind_sms_phone_occupied(client, monkeypatch) -> None: + """手机号已被其他账号占用 → 返回 phone_occupied + 原账号信息(不建号)。""" + phone = "13900139003" + # 先用普通短信登录占用该手机号(register_channel=sms) + assert client.post("/api/v1/auth/sms/send", json={"phone": phone}).status_code == 200 + r = client.post("/api/v1/auth/sms/login", json={"phone": phone, "code": "123456"}) + assert r.status_code == 200, r.text + occupied_nickname = r.json()["user"]["nickname"] + + # 微信登录(新 openid)→ 未命中 → ticket + monkeypatch.setattr(wxpay, "code_to_userinfo", _fake_userinfo("openid_occ_3")) + ticket = client.post( + "/api/v1/auth/wechat-login", json={"code": "c", "device_id": "devC"} + ).json()["bind_ticket"] + + # 绑同一手机号 → 占用 + r = client.post( + "/api/v1/auth/wechat/bind-phone/sms", + json={"bind_ticket": ticket, "phone": phone, "code": "123456", "device_id": "devC"}, + ) + assert r.status_code == 200, r.text + body = r.json() + assert body["status"] == "phone_occupied" + assert body["token"] is None + assert body["occupied_account"]["nickname"] == occupied_nickname + assert body["occupied_account"]["avatar_url"] is None # 短信注册账号无头像 → 序列化为 null + assert body["occupied_account"]["created_at"] + + +def test_wechat_bind_sms_expired_ticket_returns_401(client, monkeypatch) -> None: + """过期 bind_ticket → 401。""" + monkeypatch.setattr(security.settings, "WECHAT_BIND_TICKET_EXPIRE_MINUTES", -1) + expired = security.create_bind_ticket(openid="openid_exp", wechat_nickname="x", wechat_avatar_url=None) + r = client.post( + "/api/v1/auth/wechat/bind-phone/sms", + json={"bind_ticket": expired, "phone": "13900139009", "code": "123456", "device_id": "devD"}, + ) + assert r.status_code == 401, r.text + + +# ===== Task 4: bind-phone/jverify ===== + +def test_wechat_bind_jverify_creates_account(client, monkeypatch) -> None: + """本机号(极光)绑定路径:verify_and_get_phone 拦掉,未占用 → 建号登入。""" + monkeypatch.setattr(wxpay, "code_to_userinfo", _fake_userinfo("openid_jv_5", "极光用户", None)) + phone = "13900139005" + # 极光 loginToken→手机号 在 auth 模块命名空间打桩(auth.py 顶部 from ...jiguang import verify_and_get_phone) + monkeypatch.setattr(auth, "verify_and_get_phone", lambda token: phone) + + ticket = client.post( + "/api/v1/auth/wechat-login", json={"code": "c", "device_id": "devE"} + ).json()["bind_ticket"] + + r = client.post( + "/api/v1/auth/wechat/bind-phone/jverify", + json={"bind_ticket": ticket, "login_token": "jgtoken", "device_id": "devE"}, + ) + assert r.status_code == 200, r.text + body = r.json() + assert body["status"] == "logged_in" + user = body["token"]["user"] + assert user["phone"] == phone + assert user["register_channel"] == "wechat" + assert user["nickname"] == "极光用户" + # 微信 userinfo 隐私脱敏 avatar=None → 头像为空(客户端兜底默认头像) + assert user["avatar_url"] is None + + +def test_wechat_bind_jverify_expired_ticket_returns_401(client, monkeypatch) -> None: + """过期 bind_ticket → 401(极光绑号路径,decode 先于极光核验)。""" + monkeypatch.setattr(security.settings, "WECHAT_BIND_TICKET_EXPIRE_MINUTES", -1) + expired = security.create_bind_ticket(openid="openid_jv_exp", wechat_nickname="x", wechat_avatar_url=None) + r = client.post( + "/api/v1/auth/wechat/bind-phone/jverify", + json={"bind_ticket": expired, "login_token": "jgtoken", "device_id": "devE"}, + ) + assert r.status_code == 401, r.text + + +def test_wechat_bind_jverify_jiguang_error_returns_502(client, monkeypatch) -> None: + """极光核验失败(JiguangError)→ 502。""" + monkeypatch.setattr(wxpay, "code_to_userinfo", _fake_userinfo("openid_jv_err")) + + def _raise(token: str) -> str: + raise auth.JiguangError("mock jg failure") + + monkeypatch.setattr(auth, "verify_and_get_phone", _raise) + ticket = client.post( + "/api/v1/auth/wechat-login", json={"code": "c", "device_id": "devE"} + ).json()["bind_ticket"] + r = client.post( + "/api/v1/auth/wechat/bind-phone/jverify", + json={"bind_ticket": ticket, "login_token": "badtoken", "device_id": "devE"}, + ) + assert r.status_code == 502, r.text diff --git a/tests/test_withdraw.py b/tests/test_withdraw.py index 55e6a2f..55a978a 100644 --- a/tests/test_withdraw.py +++ b/tests/test_withdraw.py @@ -312,6 +312,94 @@ def test_bind_rejects_openid_already_bound(client, monkeypatch) -> None: assert r.status_code == 409, r.text +# ===== §10 绑微信时展示身份回填规则 ===== + +def test_bind_replaces_default_nickname_and_null_avatar(client, monkeypatch) -> None: + """§10-A: 全默认(昵称=系统默认,头像=null) → 绑微信后两个展示字段都替换为微信值。""" + monkeypatch.setattr( + "app.integrations.wxpay.code_to_userinfo", + lambda code: {"openid": "openid_s10_a", "nickname": "微信昵称A", "avatar_url": "https://x/a.png", "raw": {}}, + ) + token = _login(client, "13800003001") + r = client.post("/api/v1/wallet/bind-wechat", json={"code": "c"}, headers=_auth(token)) + assert r.status_code == 200, r.text + + r = client.get("/api/v1/auth/me", headers=_auth(token)) + assert r.status_code == 200, r.text + body = r.json() + assert body["nickname"] == "微信昵称A" + assert body["avatar_url"] == "https://x/a.png" + + +def test_bind_keeps_customized_nickname(client, monkeypatch) -> None: + """§10-B: 用户已改过昵称 → 绑微信后昵称保留,但 null 头像仍替换为微信头像。""" + monkeypatch.setattr( + "app.integrations.wxpay.code_to_userinfo", + lambda code: {"openid": "openid_s10_b", "nickname": "微信昵称B", "avatar_url": "https://x/b.png", "raw": {}}, + ) + token = _login(client, "13800003002") + # 先把昵称改成非默认值 + r = client.patch( + "/api/v1/user/profile", json={"nickname": "我的名字"}, headers=_auth(token) + ) + assert r.status_code == 200, r.text + + r = client.post("/api/v1/wallet/bind-wechat", json={"code": "c"}, headers=_auth(token)) + assert r.status_code == 200, r.text + + r = client.get("/api/v1/auth/me", headers=_auth(token)) + body = r.json() + assert body["nickname"] == "我的名字" # 保留自定义昵称 + assert body["avatar_url"] == "https://x/b.png" # null 头像被微信头像替换 + + +def test_bind_keeps_customized_avatar(client, monkeypatch) -> None: + """§10-C: 已有自定义头像 → 绑微信后头像保留,但默认昵称替换为微信昵称。""" + monkeypatch.setattr( + "app.integrations.wxpay.code_to_userinfo", + lambda code: {"openid": "openid_s10_c", "nickname": "微信昵称C", "avatar_url": "https://x/c.png", "raw": {}}, + ) + token = _login(client, "13800003003") + phone = "13800003003" + # 直接用 DB 给用户写入自定义头像(保持默认昵称) + db = SessionLocal() + try: + user = db.execute(select(User).where(User.phone == phone)).scalar_one() + user.avatar_url = "https://custom/av.png" + db.commit() + finally: + db.close() + + r = client.post("/api/v1/wallet/bind-wechat", json={"code": "c"}, headers=_auth(token)) + assert r.status_code == 200, r.text + + r = client.get("/api/v1/auth/me", headers=_auth(token)) + body = r.json() + assert body["nickname"] == "微信昵称C" # 默认昵称被替换 + assert body["avatar_url"] == "https://custom/av.png" # 自定义头像保留 + + +def test_bind_wechat_empty_keeps_default(client, monkeypatch) -> None: + """§10-D: 微信侧 nickname/avatar 均为 None → 不覆盖,展示字段维持原默认值。""" + monkeypatch.setattr( + "app.integrations.wxpay.code_to_userinfo", + lambda code: {"openid": "openid_s10_d", "nickname": None, "avatar_url": None, "raw": {}}, + ) + token = _login(client, "13800003004") + + r = client.get("/api/v1/auth/me", headers=_auth(token)) + original_nickname = r.json()["nickname"] # 系统分配的默认昵称 + assert original_nickname.startswith("用户") + + r = client.post("/api/v1/wallet/bind-wechat", json={"code": "c"}, headers=_auth(token)) + assert r.status_code == 200, r.text + + r = client.get("/api/v1/auth/me", headers=_auth(token)) + body = r.json() + assert body["nickname"] == original_nickname # 默认昵称不变 + assert body["avatar_url"] is None # 头像仍为 null + + def test_withdraw_reject_refunds(client, monkeypatch) -> None: """管理员审核拒绝 → 退回现金 + 单 rejected + 理由写入 fail_reason(用户可见)。""" monkeypatch.setattr("app.integrations.wxpay.code_to_userinfo", lambda code: {"openid": "openid_reject", "nickname": None, "avatar_url": None, "raw": {}})