v0.7.1测试

backend/routes/auth.py

@@ -78,10 +78,13 @@ async def change_password(request: Request, req: ChangePasswordRequest):
     """
     user = await get_current_user(request)
     
+    # 首次登录强制改密时跳过旧密码验证
+    force = req.force if hasattr(req, 'force') else False
     result = await AuthService.change_password(
         user_id=user["user_id"],
         old_password=req.old_password,
-        new_password=req.new_password
+        new_password=req.new_password,
+        force=force
     )
     
     if result["success"]:

backend/schemas/auth.py

@@ -33,8 +33,9 @@ class LoginResponse(BaseModel):
 
 class ChangePasswordRequest(BaseModel):
     """修改密码请求"""
-    old_password: str = Field(..., min_length=1, max_length=50, description="原密码")
+    old_password: str = Field(default="", max_length=50, description="原密码")
     new_password: str = Field(..., min_length=6, max_length=20, description="新密码")
+    force: bool = Field(default=False, description="是否强制修改（首次登录）")
 
 
 class ChangePasswordResponse(BaseModel):

backend/services/auth_service.py

@@ -107,15 +107,15 @@ class AuthService:
         return {"success": True, "message": "登出成功"}
     
     @staticmethod
-    async def change_password(user_id: int, old_password: str, new_password: str) -> Dict[str, Any]:
+    async def change_password(user_id: int, old_password: str, new_password: str, force: bool = False) -> Dict[str, Any]:
         """修改密码"""
         # 获取用户信息
         user = await UserModel.get_by_user_id(user_id)
         if not user:
             return {"success": False, "message": "用户不存在"}
         
-        # 验证原密码
-        if not security.verify_password(old_password, user["password_hash"]):
+        # 验证原密码（强制改密时跳过）
+        if not force and not security.verify_password(old_password, user["password_hash"]):
             return {"success": False, "message": "原密码错误"}
         
         # 验证新密码强度