feat(passkey): 允许在未开启 OTP 时注册通行密钥

2026-03-20 03:57:30 +08:00 · 2026-01-20 19:35:36 +08:00
parent bcdf1b6efe
commit 7489c76722
3 changed files with 6 additions and 3 deletions
--- a/app/api/endpoints/mfa.py
+++ b/app/api/endpoints/mfa.py
@@ -207,8 +207,8 @@ def passkey_register_start(
 ) -> Any:
    """开始注册 PassKey - 生成注册选项"""
    try:
-        # 安全检查：必须先启用 OTP
-        if not current_user.is_otp:
+        # 安全检查：默认需要先启用 OTP，除非配置允许在未启用 OTP 时注册
+        if not current_user.is_otp and not settings.PASSKEY_ALLOW_REGISTER_WITHOUT_OTP:
            return schemas.Response(
                success=False,
                message="为了确保在域名配置错误时仍能找回访问权限，请先启用 OTP 验证码再注册通行密钥"
--- a/app/api/endpoints/system.py
+++ b/app/api/endpoints/system.py
@@ -163,7 +163,8 @@ async def get_user_global_setting(_: User = Depends(get_current_active_user_asyn
        include={
            "RECOGNIZE_SOURCE",
            "SEARCH_SOURCE",
-            "AI_RECOMMEND_ENABLED"
+            "AI_RECOMMEND_ENABLED",
+            "PASSKEY_ALLOW_REGISTER_WITHOUT_OTP"
        }
    )
    # 智能助手总开关未开启，智能推荐状态强制返回False