From bec9cb956b6cc05ca08e18dd9318221825a753db Mon Sep 17 00:00:00 2001 From: yumoqing Date: Tue, 5 May 2026 14:13:03 +0800 Subject: [PATCH] fix: use raw SQL for user password update to avoid sor.U() generating wrong WHERE clause --- app/init_permissions.py | 7 +++++-- init_permissions.py | 7 +++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/app/init_permissions.py b/app/init_permissions.py index fad8f31..773f81f 100644 --- a/app/init_permissions.py +++ b/app/init_permissions.py @@ -361,10 +361,13 @@ async def create_admin_user(sor, username, password, superuser_role_id): # 检查用户是否已存在 recs = await sor.R('users', {'username': username}) if recs: - # 更新密码 uid = recs[0].id encoded_pw = password_encode(password) - await sor.U('users', {'id': uid, 'password': encoded_pw}) + # 用原始 SQL 更新密码,避免 sor.U() 错误生成 userid WHERE 条件 + await sor.sqlExe( + "UPDATE users SET password = ${pw}$ WHERE id = ${uid}$", + {'pw': encoded_pw, 'uid': uid} + ) print(f" 用户 {username} 已存在,已更新密码") # 检查是否已有角色 existing_roles = await sor.R('userrole', {'userid': uid, 'roleid': superuser_role_id}) diff --git a/init_permissions.py b/init_permissions.py index fad8f31..773f81f 100644 --- a/init_permissions.py +++ b/init_permissions.py @@ -361,10 +361,13 @@ async def create_admin_user(sor, username, password, superuser_role_id): # 检查用户是否已存在 recs = await sor.R('users', {'username': username}) if recs: - # 更新密码 uid = recs[0].id encoded_pw = password_encode(password) - await sor.U('users', {'id': uid, 'password': encoded_pw}) + # 用原始 SQL 更新密码,避免 sor.U() 错误生成 userid WHERE 条件 + await sor.sqlExe( + "UPDATE users SET password = ${pw}$ WHERE id = ${uid}$", + {'pw': encoded_pw, 'uid': uid} + ) print(f" 用户 {username} 已存在,已更新密码") # 检查是否已有角色 existing_roles = await sor.R('userrole', {'userid': uid, 'roleid': superuser_role_id})