安全修复: 收敛认证与日志风险并补充基础测试

2026-02-16 00:34:52 +08:00
parent 7627885b1b
commit 7d42f96e42
12 changed files with 163 additions and 50 deletions
--- a/routes/api_user.py
+++ b/routes/api_user.py
@@ -365,7 +365,7 @@ def verify_bind_email(token):

        if database.update_user_email(user_id, email, verified=True):
            if not email_service.consume_email_token(token_id):
-                logger.warning(f"邮箱绑定成功但Token消费失败: token_id={token_id}, user_id={user_id}")
+                logger.warning(f"邮箱绑定成功但Token消费失败: user_id={user_id}")
            return _render_verify_bind_success(email)

        return _render_verify_bind_failed(title="绑定失败", error_message="邮箱绑定失败，请重试")