feat: 登录密码试错锁定机制取消对admin用户豁免 TencentBlueKing#810

src/api/bkuser_core/api/login/views.py

@@ -102,9 +102,8 @@ def login(self, request):
 
         time_aware_now = now()
         config_loader = ConfigProvider(category_id=category.id)
-        # Admin 用户只需直接判断 密码是否正确 (只有本地目录有密码配置)
-        if not profile.is_superuser and category.type in [CategoryType.LOCAL.value]:
-
+        # 由于安全检测等原因，取消原先对admin用户的检查豁免
+        if category.type in [CategoryType.LOCAL.value]:
             # 判断账户状态
             if profile.status in [
                 ProfileStatus.DISABLED.value,

src/api/bkuser_core/tests/apis/v2/profiles/test_login.py

@@ -17,7 +17,7 @@
 
 from bkuser_core.api.login.views import ProfileLoginViewSet
 from bkuser_core.categories.constants import CategoryStatus
-from bkuser_core.profiles.constants import ProfileStatus, RoleCodeEnum
+from bkuser_core.profiles.constants import ProfileStatus
 from bkuser_core.tests.apis.utils import get_api_factory
 from bkuser_core.tests.utils import make_simple_category, make_simple_profile
 from bkuser_core.user_settings.models import Setting
@@ -226,19 +226,6 @@ def test_check_error(self, factory, check_view):
         response = check_view(request=request)
         assert response.data["code"] == "PASSWORD_ERROR"
 
-        # 超级用户不判断用户状态
-        p.role = RoleCodeEnum.SUPERUSER.value
-        p.save()
-        request = factory.post(
-            "/api/v1/login/check/",
-            data={"username": "logintest", "password": "testpwd", "domain": "testdomain"},
-        )
-        response = check_view(request=request)
-        assert response.data
-        self._assert_required_keys_exist(response.data)
-        p.role = RoleCodeEnum.STAFF.value
-        p.save()
-
         # 用户密码过期
         p.password_update_time = now() - datetime.timedelta(days=3 * 365)
         p.password_valid_days = 1