From 7489c7672272b40532d34bb896e58df9d5de0794 Mon Sep 17 00:00:00 2001 From: PKC278 <52959804+PKC278@users.noreply.github.com> Date: Tue, 20 Jan 2026 19:35:36 +0800 Subject: [PATCH] =?UTF-8?q?feat(passkey):=20=E5=85=81=E8=AE=B8=E5=9C=A8?= =?UTF-8?q?=E6=9C=AA=E5=BC=80=E5=90=AF=20OTP=20=E6=97=B6=E6=B3=A8=E5=86=8C?= =?UTF-8?q?=E9=80=9A=E8=A1=8C=E5=AF=86=E9=92=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/api/endpoints/mfa.py | 4 ++-- app/api/endpoints/system.py | 3 ++- app/core/config.py | 2 ++ 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/app/api/endpoints/mfa.py b/app/api/endpoints/mfa.py index d480bb3f..dbef09d1 100644 --- a/app/api/endpoints/mfa.py +++ b/app/api/endpoints/mfa.py @@ -207,8 +207,8 @@ def passkey_register_start( ) -> Any: """开始注册 PassKey - 生成注册选项""" try: - # 安全检查:必须先启用 OTP - if not current_user.is_otp: + # 安全检查:默认需要先启用 OTP,除非配置允许在未启用 OTP 时注册 + if not current_user.is_otp and not settings.PASSKEY_ALLOW_REGISTER_WITHOUT_OTP: return schemas.Response( success=False, message="为了确保在域名配置错误时仍能找回访问权限,请先启用 OTP 验证码再注册通行密钥" diff --git a/app/api/endpoints/system.py b/app/api/endpoints/system.py index d76fa9e7..6673b0ae 100644 --- a/app/api/endpoints/system.py +++ b/app/api/endpoints/system.py @@ -163,7 +163,8 @@ async def get_user_global_setting(_: User = Depends(get_current_active_user_asyn include={ "RECOGNIZE_SOURCE", "SEARCH_SOURCE", - "AI_RECOMMEND_ENABLED" + "AI_RECOMMEND_ENABLED", + "PASSKEY_ALLOW_REGISTER_WITHOUT_OTP" } ) # 智能助手总开关未开启,智能推荐状态强制返回False diff --git a/app/core/config.py b/app/core/config.py index 6bd72ca0..401a9857 100644 --- a/app/core/config.py +++ b/app/core/config.py @@ -393,6 +393,8 @@ class ConfigModel(BaseModel): SECURITY_IMAGE_SUFFIXES: list = Field(default=[".jpg", ".jpeg", ".png", ".webp", ".gif", ".svg", ".avif"]) # PassKey 是否强制用户验证(生物识别等) PASSKEY_REQUIRE_UV: bool = True + # 允许在未启用 OTP 时直接注册 PassKey + PASSKEY_ALLOW_REGISTER_WITHOUT_OTP: bool = False # ==================== 工作流配置 ==================== # 工作流数据共享