fix: verify /users/ajax/login success in auto login flow

2026-04-17 15:31:02 +08:00
parent 5f0c1866a6
commit 0c9fdd53c9
1 changed files with 31 additions and 0 deletions
--- a/app/auto_login.py
+++ b/app/auto_login.py
@@ -129,6 +129,37 @@ class AutoLoginManager:
                        f"debug={debug_file}"
                    )

+                # Wait and validate the core login API response.
+                login_resp = None
+                try:
+                    login_resp = await page.wait_for_response(
+                        lambda r: "/users/ajax/login" in r.url and r.request.method == "POST",
+                        timeout=20000,
+                    )
+                except PlaywrightTimeoutError:
+                    login_resp = None
+
+                if login_resp is None:
+                    debug_file = await self._dump_debug_page(page)
+                    raise RuntimeError(f"login API not captured, debug={debug_file}")
+
+                try:
+                    payload = await login_resp.json()
+                except Exception:
+                    payload = None
+
+                api_ok = bool(
+                    login_resp.status == 200
+                    and isinstance(payload, dict)
+                    and payload.get("need_login") is False
+                )
+                if not api_ok:
+                    debug_file = await self._dump_debug_page(page)
+                    raise RuntimeError(
+                        "login API did not return success "
+                        f"(status={login_resp.status}, payload={payload}), debug={debug_file}"
+                    )
+
                # Wait for redirect / callback activity.
                while time.time() < deadline:
                    url = page.url