refactor(security): 重构安全配置并优化测试环境

- 移除旧的测试套件和UAT测试文件 - 更新密码编码器配置使用BCrypt strength=12 - 添加用户角色关联表和相关服务 - 优化前端日期显示格式 - 清理无用资源和配置文件 - 增强测试数据管理和清理功能
2026-03-27 13:00:22 +08:00
parent ce30893a96
commit af44c23f21
294 changed files with 16057 additions and 22601 deletions
@@ -0,0 +1,43 @@
+#!/usr/bin/env python3
+"""
+测试 BCryptPasswordEncoder 的 strength 参数
+"""
+import bcrypt
+
+def test_bcrypt_strength():
+    password = "admin123"
+    
+    # 测试不同的 strength 值
+    for strength in [10, 12]:
+        print(f"\n=== Testing BCrypt with strength={strength} ===")
+        hash_result = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt(strength))
+        hash_str = hash_result.decode('utf-8')
+        print(f"Hash: {hash_str}")
+        print(f"Length: {len(hash_str)}")
+        
+        # 检查哈希格式
+        parts = hash_str.split('$')
+        if len(parts) >= 3:
+            print(f"Algorithm: {parts[1]}")  # 应该是 2a 或 2b
+            print(f"Strength in hash: {parts[2][:2]}")  # 应该是 strength 值
+        
+        # 验证密码
+        is_valid = bcrypt.checkpw(password.encode('utf-8'), hash_result)
+        print(f"Password matches: {is_valid}")
+        
+        # 测试用不同的 strength 验证
+        if strength == 10:
+            hash_10 = hash_str
+        elif strength == 12:
+            hash_12 = hash_str
+    
+    print("\n=== Cross-testing ===")
+    print(f"Hash with strength=10: {hash_10}")
+    print(f"Hash with strength=12: {hash_12}")
+    
+    # 测试用 strength=10 的编码器验证 strength=12 的哈希
+    print(f"\nCan strength=10 encoder verify strength=12 hash? {bcrypt.checkpw(password.encode('utf-8'), hash_12.encode('utf-8'))}")
+    print(f"Can strength=12 encoder verify strength=10 hash? {bcrypt.checkpw(password.encode('utf-8'), hash_10.encode('utf-8'))}")
+
+if __name__ == '__main__':
+    test_bcrypt_strength()