From 06b823ff96e4505afa3dcb84c95b654138b87e32 Mon Sep 17 00:00:00 2001 From: wxy Date: Thu, 26 Mar 2026 18:48:20 +0800 Subject: [PATCH] fix: prevent token refresh when tenant is disabled --- api/app/repositories/user_repository.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/api/app/repositories/user_repository.py b/api/app/repositories/user_repository.py index b4c11aa4..3f8919aa 100644 --- a/api/app/repositories/user_repository.py +++ b/api/app/repositories/user_repository.py @@ -19,18 +19,22 @@ class UserRepository: self.db = db def get_user_by_id(self, user_id: uuid.UUID) -> Optional[User]: - """根据ID获取用户""" - db_logger.debug(f"根据ID查询用户: user_id={user_id}") + """根据 ID 获取用户(租户禁用时返回 None)""" + db_logger.debug(f"根据 ID 查询用户:user_id={user_id}") try: user = self.db.query(User).options(joinedload(User.tenant)).filter(User.id == user_id).first() if user: - db_logger.debug(f"用户查询成功: {user.username} (ID: {user_id})") + # 检查租户状态,租户禁用时返回 None + if user.tenant and not user.tenant.is_active: + db_logger.warning(f"用户 {user.username} (ID: {user_id}) 所属租户 {user.tenant_id} 已被禁用") + return None + db_logger.debug(f"用户查询成功:{user.username} (ID: {user_id})") else: - db_logger.debug(f"用户不存在: user_id={user_id}") + db_logger.debug(f"用户不存在:user_id={user_id}") return user except Exception as e: - db_logger.error(f"根据ID查询用户失败: user_id={user_id} - {str(e)}") + db_logger.error(f"根据 ID 查询用户失败:user_id={user_id} - {str(e)}") raise def get_user_by_email(self, email: str) -> Optional[User]: