v1.7版本更新

backend/services/auth_service.py

@@ -48,11 +48,19 @@ class AuthService:
             return {"success": False, "message": "用户名或密码错误"}
         
         # 验证密码
-        if not security.verify_password(password, user["password_hash"]):
+        is_valid, needs_upgrade = security.verify_password_v2(password, user["password_hash"])
+        if not is_valid:
             await RedisClient.set_login_attempts(username)
             await LogService.write_login_log(username, 0, ip, user_agent, "用户名或密码错误")
             return {"success": False, "message": "用户名或密码错误"}
         
+        # 自动升级旧哈希密码
+        if needs_upgrade:
+            try:
+                await UserModel.update_password(user["user_id"], password)
+            except Exception:
+                pass
+        
         # 检查账号状态
         if user["status"] != 1:
             await LogService.write_login_log(username, 0, ip, user_agent, "账号已被禁用")
@@ -116,8 +124,10 @@ class AuthService:
             return {"success": False, "message": "用户不存在"}
         
         # 验证原密码（强制改密时跳过）
-        if not force and not security.verify_password(old_password, user["password_hash"]):
-            return {"success": False, "message": "原密码错误"}
+        if not force:
+            is_valid, _ = security.verify_password_v2(old_password, user["password_hash"])
+            if not is_valid:
+                return {"success": False, "message": "原密码错误"}
         
         # 验证新密码强度
         is_valid, msg = security.validate_password_strength(new_password)