-
- UserPrincipal record + JwtAuthenticationFilter 注入用户上下文 - SecurityConfig 补充 authenticationEntryPoint 返回 401 - UserService/UserServiceImpl: 创建用户、获取员工列表、获取权限组 - UserController: POST /users、GET /users/staffs、GET /users/permission-groups - UserServiceTest (6 cases) + UserControllerTest (5 cases) 全部通过
-
1. V2 migration: uk_usr_user_username 改为 (sUsername, sBrandsId) 复合唯一 2. AuthServiceImpl: UpdateWrapper 换 LambdaUpdateWrapper(一致性) 3. AuthServiceImpl.refresh(): 追加 tLockUntil 检查,防绕过锁定 4. AuthServiceTest: 新增 refresh_lockedUser_throws40103 5. pom.xml: Lombok 1.18.36 适配 Java 25,surefire ByteBuddy 实验模式 6. .mvn/jvm.config + scripts/test.sh: Java 21 编译兼容性修复
-
- LoginReqDTO/RefreshTokenReqDTO/LoginVO/BrandVO DTO/VO - AuthService interface: login/refresh/getBrands - AuthServiceImpl: multi-tenant brand query, BCrypt, disabled/lock check, fail count (5x → lock 30min), success reset; refresh token validate + re-issue; getBrands ORDER BY sName - UpdateWrapper (string columns) avoids LambdaWrapper unit test issue - BeanConfig: @Bean BCryptPasswordEncoder - AuthServiceTest: 10/10 PASS (7 login + 3 refresh/brands)
