fix: 重置密码忽略租户过滤

2025-12-15 15:27:32 +08:00
parent d2c7e1fb71
commit 2150ae8f8c
3 changed files with 24 additions and 3 deletions
--- a/src/Application/TakeoutSaaS.Application/Identity/Handlers/ResetAdminPasswordByTokenCommandHandler.cs
+++ b/src/Application/TakeoutSaaS.Application/Identity/Handlers/ResetAdminPasswordByTokenCommandHandler.cs
@@ -46,12 +46,11 @@ public sealed class ResetAdminPasswordByTokenCommandHandler(
            throw new BusinessException(ErrorCodes.BadRequest, "重置链接无效或已过期");
        }

-        // 3. (空行后) 获取用户（可更新）并写入新密码哈希
-        var user = await userRepository.GetForUpdateAsync(userId.Value, cancellationToken)
+        // 3. (空行后) 获取用户（可更新，忽略租户过滤器）并写入新密码哈希
+        var user = await userRepository.GetForUpdateIgnoringTenantAsync(userId.Value, cancellationToken)
            ?? throw new BusinessException(ErrorCodes.NotFound, "用户不存在");

        user.PasswordHash = passwordHasher.HashPassword(user, password);
        await userRepository.SaveChangesAsync(cancellationToken);
    }
 }
-
--- a/src/Domain/TakeoutSaaS.Domain/Identity/Repositories/IIdentityUserRepository.cs
+++ b/src/Domain/TakeoutSaaS.Domain/Identity/Repositories/IIdentityUserRepository.cs
@@ -39,6 +39,15 @@ public interface IIdentityUserRepository
    /// <returns>后台用户或 null。</returns>
    Task<IdentityUser?> GetForUpdateAsync(long userId, CancellationToken cancellationToken = default);

+    /// <summary>
+    /// 根据 ID 获取后台用户（用于更新，忽略租户过滤器）。
+    /// </summary>
+    /// <remarks>用于跨租户场景（如平台生成的重置密码链接）。</remarks>
+    /// <param name="userId">用户 ID。</param>
+    /// <param name="cancellationToken">取消标记。</param>
+    /// <returns>后台用户或 null。</returns>
+    Task<IdentityUser?> GetForUpdateIgnoringTenantAsync(long userId, CancellationToken cancellationToken = default);
+
    /// <summary>
    /// 按租户与关键字查询后台用户列表（仅读）。
    /// </summary>
--- a/src/Infrastructure/TakeoutSaaS.Infrastructure/Identity/Persistence/EfIdentityUserRepository.cs
+++ b/src/Infrastructure/TakeoutSaaS.Infrastructure/Identity/Persistence/EfIdentityUserRepository.cs
@@ -50,6 +50,19 @@ public sealed class EfIdentityUserRepository(IdentityDbContext dbContext) : IIde
    public Task<IdentityUser?> GetForUpdateAsync(long userId, CancellationToken cancellationToken = default)
        => dbContext.IdentityUsers.FirstOrDefaultAsync(x => x.Id == userId, cancellationToken);

+    /// <summary>
+    /// 根据 ID 获取后台用户（用于更新，忽略租户过滤器）。
+    /// </summary>
+    /// <remarks>用于跨租户场景（如平台生成的重置密码链接）。</remarks>
+    /// <param name="userId">用户 ID。</param>
+    /// <param name="cancellationToken">取消标记。</param>
+    /// <returns>后台用户或 null。</returns>
+    public Task<IdentityUser?> GetForUpdateIgnoringTenantAsync(long userId, CancellationToken cancellationToken = default)
+        => dbContext.IdentityUsers
+            .IgnoreQueryFilters()
+            .Where(x => x.DeletedAt == null)
+            .FirstOrDefaultAsync(x => x.Id == userId, cancellationToken);
+
    /// <summary>
    /// 按租户与关键字搜索后台用户（只读）。
    /// </summary>