修复手机号 OAuth 恢复误走邮箱登录

This commit is contained in:
QLHazyCoder
2026-05-22 07:04:46 +08:00
parent dcae231b52
commit e22a34b2e4
4 changed files with 258 additions and 8 deletions
+79
View File
@@ -58,6 +58,85 @@ test('background auth chain set does not include Plus session import nodes', ()
assert.doesNotMatch(authChainBlock, /cpa-session-import/);
});
test('step 8 recovery rebuilds primary phone login identity before rerunning oauth-login', async () => {
const events = {
executePayloads: [],
logs: [],
statuses: [],
};
let state = {
signupMethod: 'phone',
resolvedSignupMethod: 'phone',
phoneVerificationEnabled: true,
email: 'bound.step8@example.com',
forceLoginIdentifierType: 'email',
forceEmailLogin: true,
accountIdentifierType: 'email',
accountIdentifier: 'bound.step8@example.com',
signupPhoneNumber: '+447780579093',
signupPhoneCompletedActivation: {
activationId: 'signup-done',
phoneNumber: '+447780579093',
},
};
const api = new Function('events', 'state', `
const SIGNUP_METHOD_PHONE = 'phone';
const FINAL_OAUTH_CHAIN_START_STEP = 7;
function getNodeIdByStepForState(step) {
return Number(step) === 7 ? 'oauth-login' : '';
}
function getErrorMessage(error) {
return error?.message || String(error || '');
}
function isStopError() {
return false;
}
function isTerminalSecurityBlockedError() {
return false;
}
async function getState() {
return { ...state };
}
async function addLog(message, level, options) {
events.logs.push({ message, level, options });
}
async function setNodeStatus(nodeId, status) {
events.statuses.push({ nodeId, status });
}
async function appendManualAccountRunRecordIfNeeded() {}
async function sleepWithStop() {}
function throwIfStopped() {}
const step7Executor = {
async executeStep7(payload) {
events.executePayloads.push(payload);
},
};
${extractFunction('normalizeAuthRecoveryIdentifierType')}
${extractFunction('isPhoneSignupAuthRecoveryState')}
${extractFunction('getPhoneSignupAuthRecoveryIdentity')}
${extractFunction('isBoundEmailReloginAuthRecoveryNode')}
${extractFunction('buildAuthLoginRecoveryState')}
${extractFunction('rerunStep7ForStep8Recovery')}
return { rerunStep7ForStep8Recovery };
`)(events, state);
await api.rerunStep7ForStep8Recovery({
logMessage: 'retry primary login',
logStep: 8,
});
assert.equal(events.executePayloads.length, 1);
assert.equal(events.executePayloads[0].nodeId, 'oauth-login');
assert.equal(events.executePayloads[0].visibleStep, 7);
assert.equal(events.executePayloads[0].authLoginPhase, 'primary-login');
assert.equal(events.executePayloads[0].forceLoginIdentifierType, 'phone');
assert.equal(events.executePayloads[0].forceEmailLogin, false);
assert.equal(events.executePayloads[0].accountIdentifierType, 'phone');
assert.equal(events.executePayloads[0].accountIdentifier, '+447780579093');
assert.equal(events.executePayloads[0].signupPhoneNumber, '+447780579093');
});
const NODE_EXECUTE_COMPAT_HELPERS = `
const AUTH_CHAIN_NODE_IDS = new Set(['oauth-login', 'fetch-login-code', 'confirm-oauth', 'platform-verify']);
const STEP_NODE_IDS = {
@@ -710,6 +710,66 @@ test('step 7 keeps phone login after step 8 stores an unbound email for phone si
assert.equal(events.payloads[0].accountIdentifier, '66959916439');
});
test('step 7 ignores stale email force flags outside bound-email relogin', async () => {
const source = fs.readFileSync('flows/openai/background/steps/oauth-login.js', 'utf8');
const globalScope = {};
const api = new Function('self', `${source}; return self.MultiPageBackgroundStep7;`)(globalScope);
const events = {
payloads: [],
};
const pollutedPhoneSignupState = {
nodeId: 'oauth-login',
authLoginPhase: 'primary-login',
phoneVerificationEnabled: true,
signupMethod: 'phone',
resolvedSignupMethod: 'phone',
forceLoginIdentifierType: 'email',
forceEmailLogin: true,
email: 'bound.step8@example.com',
accountIdentifierType: 'phone',
accountIdentifier: '66959916439',
signupPhoneNumber: '66959916439',
signupPhoneCompletedActivation: {
activationId: 'signup-done',
phoneNumber: '66959916439',
countryId: 52,
countryLabel: 'Thailand',
},
password: 'secret',
};
const executor = api.createStep7Executor({
addLog: async () => {},
completeNodeFromBackground: async () => {},
getErrorMessage: (error) => error?.message || String(error || ''),
getLoginAuthStateLabel: (state) => state || 'unknown',
getState: async () => ({ ...pollutedPhoneSignupState }),
isStep6RecoverableResult: (result) => result?.step6Outcome === 'recoverable',
isStep6SuccessResult: (result) => result?.step6Outcome === 'success',
refreshOAuthUrlBeforeStep6: async () => 'https://oauth.example/latest',
reuseOrCreateTab: async () => {},
sendToContentScriptResilient: async (_sourceName, message) => {
events.payloads.push(message.payload);
return {
step6Outcome: 'success',
state: 'phone_verification_page',
loginVerificationRequestedAt: 123456,
};
},
STEP6_MAX_ATTEMPTS: 3,
throwIfStopped: () => {},
});
await executor.executeStep7(pollutedPhoneSignupState);
assert.equal(events.payloads[0].loginIdentifierType, 'phone');
assert.equal(events.payloads[0].phoneNumber, '66959916439');
assert.equal(events.payloads[0].email, '');
assert.equal(events.payloads[0].accountIdentifier, '66959916439');
});
test('step 7 can infer phone login from an available phone signup configuration before step 2 finishes', async () => {
const source = fs.readFileSync('flows/openai/background/steps/oauth-login.js', 'utf8');
const globalScope = {};