fix: use raw SQL for user password update to avoid sor.U() generating wrong WHERE clause

2026-05-05 14:13:03 +08:00 · 2026-05-05 14:13:03 +08:00 · bec9cb956b
commit bec9cb956b
parent 1fc2be73c0
2 changed files with 10 additions and 4 deletions
--- a/app/init_permissions.py
+++ b/app/init_permissions.py
@ -361,10 +361,13 @@ async def create_admin_user(sor, username, password, superuser_role_id):
    # 检查用户是否已存在
    recs = await sor.R('users', {'username': username})
    if recs:
-        # 更新密码
        uid = recs[0].id
        encoded_pw = password_encode(password)
-        await sor.U('users', {'id': uid, 'password': encoded_pw})
+        # 用原始 SQL 更新密码，避免 sor.U() 错误生成 userid WHERE 条件
+        await sor.sqlExe(
+            "UPDATE users SET password = ${pw}$ WHERE id = ${uid}$",
+            {'pw': encoded_pw, 'uid': uid}
+        )
        print(f"  用户 {username} 已存在，已更新密码")
        # 检查是否已有角色
        existing_roles = await sor.R('userrole', {'userid': uid, 'roleid': superuser_role_id})
--- a/init_permissions.py
+++ b/init_permissions.py
@ -361,10 +361,13 @@ async def create_admin_user(sor, username, password, superuser_role_id):
    # 检查用户是否已存在
    recs = await sor.R('users', {'username': username})
    if recs:
-        # 更新密码
        uid = recs[0].id
        encoded_pw = password_encode(password)
-        await sor.U('users', {'id': uid, 'password': encoded_pw})
+        # 用原始 SQL 更新密码，避免 sor.U() 错误生成 userid WHERE 条件
+        await sor.sqlExe(
+            "UPDATE users SET password = ${pw}$ WHERE id = ${uid}$",
+            {'pw': encoded_pw, 'uid': uid}
+        )
        print(f"  用户 {username} 已存在，已更新密码")
        # 检查是否已有角色
        existing_roles = await sor.R('userrole', {'userid': uid, 'roleid': superuser_role_id})