Skip to content

fix : 修复登陆失败,事务失效问题#317

Open
zhaieryuan wants to merge 1 commit intoiflytek:mainfrom
zhaieryuan:fix/user-login-failed-transactional
Open

fix : 修复登陆失败,事务失效问题#317
zhaieryuan wants to merge 1 commit intoiflytek:mainfrom
zhaieryuan:fix/user-login-failed-transactional

Conversation

@zhaieryuan
Copy link
Copy Markdown
Contributor

@zhaieryuan zhaieryuan commented Apr 16, 2026

Summary

  • 将登录失败计数逻辑从 LocalAuthService.handleFailedLogin() 内联方法抽取到独立的
    LocalAuthFailedService,使用 @transactional(propagation = REQUIRES_NEW)
    在独立事务中执行,确保即使外层登录事务回滚,失败计数和账户锁定仍能正确持久化
  • 在 LocalCredentialRepository 中新增 updateFailedAttemptsAndLockedUntil JPQL 更新方法,避免通过 JPA
    dirty checking 依赖外层事务
  • 修复原有实现中 @transactional 因 Spring 代理机制对同类内部方法调用不生效的问题(self-invocation
    不经过代理,导致事务注解失效)

Validation

  • Backend tests passed
  • Frontend typecheck/build passed(本次无前端变更,无需验证)
  • OpenAPI SDK regenerated or checked when API contracts changed(本次无 API 契约变更)
  • Smoke test run when relevant

Commands run:

cd server && JDK_JAVA_OPTIONS="-XX:+EnableDynamicAgentLoading" ./mvnw test -pl skillhub-auth -am
-Dtest=LocalAuthServiceTest -Dsurefire.failIfNoSpecifiedTests=false

Tests run: 12, Failures: 0, Errors: 0, Skipped: 0 — BUILD SUCCESS

Risk

  • User-facing impact: 无功能变化,仅修复事务边界。登录失败计数和锁定行为与预期设计一致
  • Deployment or migration impact: 无数据库迁移,无配置变更,可直接部署
  • Rollback approach: 直接 revert 即可,无数据兼容性问题

Notes

  • Related issue: 登录失败时 handleFailedLogin 的 @transactional 因 Spring self-invocation
    不生效,导致失败计数未持久化
  • Follow-up work: 建议补充 LocalAuthFailedService 的独立单元测试
  • Docs or operator runbooks updated when behavior changed: 无需更新

涉及文件

┌───────────────────────────────────────────────────────────────┬────────────────────────────────┐
│ 文件 │ 变更 │
├───────────────────────────────────────────────────────────────┼────────────────────────────────┤
│ server/skillhub-auth/src/main/java/.../LocalAuthFailedService │ 新增 — │
│ .java │ 独立事务处理失败登录计数 │
├───────────────────────────────────────────────────────────────┼────────────────────────────────┤
│ │ 注入 │
│ server/skillhub-auth/src/main/java/.../LocalAuthService.java │ LocalAuthFailedService,login │
│ │ 方法中调用替代原内联方法 │
├───────────────────────────────────────────────────────────────┼────────────────────────────────┤
│ server/skillhub-auth/src/main/java/.../LocalCredentialReposit │ 新增 updateFailedAttemptsAndLo │
│ ory.java │ ckedUntil JPQL 方法 │
├───────────────────────────────────────────────────────────────┼────────────────────────────────┤
│ │ 适配新架构:mock LocalAuthFail │
│ server/skillhub-auth/src/test/.../LocalAuthServiceTest.java │ edService,断言改为 verify │
│ │ 调用 │
└───────────────────────────────────────────────────────────────┴────────────────────────────────┘

@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Apr 16, 2026
edited
Loading

CLA assistant check
All committers have signed the CLA.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zhaieryuan @CLAassistant