fix 修复bug

2026-04-28 19:40:02 +08:00
parent c234fe64d6
commit 0134a5ef64
11 changed files with 720 additions and 14 deletions
--- a/app/services/user_store.py
+++ b/app/services/user_store.py
@@ -454,6 +454,34 @@ class UserStore:
            )
            return True

+    def regenerate_reset_code(self, user_id: int, password: str) -> str | None:
+        uid = int(user_id or 0)
+        if uid <= 0:
+            return None
+        with self._conn() as c:
+            row = c.execute(
+                """
+                SELECT id, password_hash, password_salt
+                FROM users
+                WHERE id=? AND deleted_at IS NULL
+                LIMIT 1
+                """,
+                (uid,),
+            ).fetchone()
+            if not row:
+                return None
+            calc_pwd = self._hash_password(password or "", row["password_salt"] or "")
+            if not hmac.compare_digest(calc_pwd, row["password_hash"] or ""):
+                return None
+            reset_code = self._generate_reset_code()
+            reset_salt = secrets.token_hex(8)
+            reset_hash = self._hash_reset_code(reset_code, reset_salt)
+            c.execute(
+                "UPDATE users SET reset_code_hash=?, reset_code_salt=? WHERE id=?",
+                (reset_hash, reset_salt, uid),
+            )
+            return reset_code
+
    def create_session(self, user_id: int, ttl_seconds: int = 7 * 24 * 3600) -> str:
        token = secrets.token_urlsafe(32)
        token_hash = self._hash_token(token)