修正密碼加密問題

2025-09-29 18:20:34 +08:00
parent 9e61eef288
commit 39d468a3f9
11 changed files with 1534 additions and 10 deletions
--- a/scripts/debug-password-verification.js
+++ b/scripts/debug-password-verification.js
@@ -0,0 +1,204 @@
+const https = require('https')
+const http = require('http')
+
+const debugPasswordVerification = async () => {
+  console.log('🔍 調試密碼驗證問題')
+  console.log('=' .repeat(50))
+
+  try {
+    // 1. 創建一個測試用戶
+    console.log('\n📊 1. 創建測試用戶...')
+    const testUser = {
+      name: '密碼調試用戶',
+      email: 'debug.password@company.com',
+      password: 'password123',
+      department: '測試部',
+      role: 'user'
+    }
+
+    const createResponse = await new Promise((resolve, reject) => {
+      const postData = JSON.stringify(testUser)
+      const options = {
+        hostname: 'localhost',
+        port: 3000,
+        path: '/api/admin/users',
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'Content-Length': Buffer.byteLength(postData)
+        }
+      }
+
+      const req = http.request(options, (res) => {
+        let data = ''
+        res.on('data', chunk => data += chunk)
+        res.on('end', () => resolve({ status: res.statusCode, data }))
+      })
+      req.on('error', reject)
+      req.write(postData)
+      req.end()
+    })
+
+    let testUserId = null
+    if (createResponse.status === 200) {
+      const createData = JSON.parse(createResponse.data)
+      if (createData.success) {
+        testUserId = createData.data.id
+        console.log('✅ 測試用戶創建成功')
+      } else {
+        console.log('❌ 創建測試用戶失敗:', createData.error)
+        return
+      }
+    }
+
+    // 2. 直接查詢資料庫中的密碼雜湊
+    console.log('\n📊 2. 檢查資料庫中的密碼雜湊...')
+    
+    // 這裡我們需要直接查詢資料庫來看看密碼是如何儲存的
+    // 由於我們無法直接訪問資料庫，我們可以通過 API 來檢查
+    
+    // 3. 測試不同的密碼組合
+    console.log('\n📊 3. 測試不同的密碼組合...')
+    
+    const testPasswords = [
+      'password123',  // 原始密碼
+      'Password123',  // 大寫開頭
+      'PASSWORD123',  // 全大寫
+      'password',     // 沒有數字
+      '123456',       // 只有數字
+    ]
+
+    for (const testPassword of testPasswords) {
+      console.log(`\n   測試密碼: "${testPassword}"`)
+      
+      const loginData = {
+        email: 'debug.password@company.com',
+        password: testPassword
+      }
+
+      const loginResponse = await new Promise((resolve, reject) => {
+        const postData = JSON.stringify(loginData)
+        const options = {
+          hostname: 'localhost',
+          port: 3000,
+          path: '/api/auth/login',
+          method: 'POST',
+          headers: {
+            'Content-Type': 'application/json',
+            'Content-Length': Buffer.byteLength(postData)
+          }
+        }
+
+        const req = http.request(options, (res) => {
+          let data = ''
+          res.on('data', chunk => data += chunk)
+          res.on('end', () => resolve({ status: res.statusCode, data }))
+        })
+        req.on('error', reject)
+        req.write(postData)
+        req.end()
+      })
+
+      if (loginResponse.status === 200) {
+        const loginResult = JSON.parse(loginResponse.data)
+        if (loginResult.success) {
+          console.log(`   ✅ 登入成功！正確密碼是: "${testPassword}"`)
+          break
+        } else {
+          console.log(`   ❌ 登入失敗: ${loginResult.error}`)
+        }
+      } else {
+        const errorData = JSON.parse(loginResponse.data)
+        console.log(`   ❌ 登入失敗: ${errorData.error}`)
+      }
+    }
+
+    // 4. 檢查現有用戶的登入情況
+    console.log('\n📊 4. 檢查現有用戶的登入情況...')
+    
+    const existingUsers = [
+      { email: 'admin@company.com', password: 'admin123' },
+      { email: 'user@company.com', password: 'user123' },
+      { email: 'test@company.com', password: 'password123' }
+    ]
+
+    for (const user of existingUsers) {
+      console.log(`\n   測試現有用戶: ${user.email}`)
+      
+      const loginData = {
+        email: user.email,
+        password: user.password
+      }
+
+      const loginResponse = await new Promise((resolve, reject) => {
+        const postData = JSON.stringify(loginData)
+        const options = {
+          hostname: 'localhost',
+          port: 3000,
+          path: '/api/auth/login',
+          method: 'POST',
+          headers: {
+            'Content-Type': 'application/json',
+            'Content-Length': Buffer.byteLength(postData)
+          }
+        }
+
+        const req = http.request(options, (res) => {
+          let data = ''
+          res.on('data', chunk => data += chunk)
+          res.on('end', () => resolve({ status: res.statusCode, data }))
+        })
+        req.on('error', reject)
+        req.write(postData)
+        req.end()
+      })
+
+      if (loginResponse.status === 200) {
+        const loginResult = JSON.parse(loginResponse.data)
+        if (loginResult.success) {
+          console.log(`   ✅ 登入成功`)
+        } else {
+          console.log(`   ❌ 登入失敗: ${loginResult.error}`)
+        }
+      } else {
+        const errorData = JSON.parse(loginResponse.data)
+        console.log(`   ❌ 登入失敗: ${errorData.error}`)
+      }
+    }
+
+    // 5. 清理測試用戶
+    console.log('\n📊 5. 清理測試用戶...')
+    if (testUserId) {
+      const deleteResponse = await new Promise((resolve, reject) => {
+        const options = {
+          hostname: 'localhost',
+          port: 3000,
+          path: `/api/admin/users?id=${testUserId}`,
+          method: 'DELETE'
+        }
+
+        const req = http.request(options, (res) => {
+          let data = ''
+          res.on('data', chunk => data += chunk)
+          res.on('end', () => resolve({ status: res.statusCode, data }))
+        })
+        req.on('error', reject)
+        req.end()
+      })
+
+      if (deleteResponse.status === 200) {
+        console.log(`✅ 已刪除測試用戶: ${testUserId}`)
+      }
+    }
+
+    console.log('\n📝 調試總結:')
+    console.log('🔍 請檢查以上測試結果，找出密碼驗證問題的原因')
+
+  } catch (error) {
+    console.error('❌ 調試失敗:', error.message)
+  } finally {
+    console.log('\n✅ 密碼驗證調試完成')
+  }
+}
+
+debugPasswordVerification()