refactor: 精简 JWT 载荷字段

Author: JiayuXu

src/api/v1/base/base.py

@@ -79,9 +79,7 @@ async def login_access_token(request: Request, credentials: CredentialsSchema):
     await user_repository.update_last_login(user.id)
 
     # 创建访问令牌和刷新令牌
-    access_token, refresh_token = create_token_pair(
-        user_id=user.id, username=user.username, is_superuser=user.is_superuser
-    )
+    access_token, refresh_token = create_token_pair(user_id=user.id)
 
     data = JWTOut(
         access_token=access_token,
@@ -108,9 +106,7 @@ async def refresh_access_token(request: Request, refresh_request: RefreshTokenRe
             return Fail(code=401, msg="用户不存在或已被禁用")
 
         # 创建新的令牌对
-        access_token, refresh_token = create_token_pair(
-            user_id=user.id, username=user.username, is_superuser=user.is_superuser
-        )
+        access_token, refresh_token = create_token_pair(user_id=user.id)
 
         data = TokenRefreshOut(
             access_token=access_token,

src/schemas/login.py

@@ -18,8 +18,6 @@ class JWTOut(BaseModel):
 
 class JWTPayload(BaseModel):
     user_id: int
-    username: str
-    is_superuser: bool
     exp: datetime
     token_type: str = "access"  # access 或 refresh
 

src/utils/jwt.py

@@ -17,14 +17,12 @@ def create_access_token(*, data: JWTPayload):
     return encoded_jwt
 
 
-def create_refresh_token(user_id: int, username: str, is_superuser: bool) -> str:
+def create_refresh_token(user_id: int) -> str:
     """创建刷新令牌"""
     expire = datetime.now(UTC) + timedelta(days=settings.JWT_REFRESH_TOKEN_EXPIRE_DAYS)
 
     payload = JWTPayload(
         user_id=user_id,
-        username=username,
-        is_superuser=is_superuser,
         exp=expire,
         token_type="refresh",
     )
@@ -57,24 +55,20 @@ def verify_token(token: str, token_type: str = "access") -> JWTPayload:
         raise jwt.InvalidTokenError("Invalid token") from e
 
 
-def create_token_pair(
-    user_id: int, username: str, is_superuser: bool
-) -> tuple[str, str]:
+def create_token_pair(user_id: int) -> tuple[str, str]:
     """创建访问令牌和刷新令牌对"""
     # 创建访问令牌
     access_expire = datetime.now(UTC) + timedelta(
         minutes=settings.JWT_ACCESS_TOKEN_EXPIRE_MINUTES
     )
     access_payload = JWTPayload(
         user_id=user_id,
-        username=username,
-        is_superuser=is_superuser,
         exp=access_expire,
         token_type="access",
     )
     access_token = create_access_token(data=access_payload)
 
     # 创建刷新令牌
-    refresh_token = create_refresh_token(user_id, username, is_superuser)
+    refresh_token = create_refresh_token(user_id)
 
     return access_token, refresh_token

tests/conftest_simple.py

@@ -65,9 +65,7 @@ def sample_jwt_token():
     """样例JWT令牌"""
     from utils.jwt import create_token_pair
 
-    access_token, refresh_token = create_token_pair(
-        user_id=1, username="test_user", is_superuser=True
-    )
+    access_token, refresh_token = create_token_pair(user_id=1)
 
     return {
         "access_token": access_token,

tests/test_core_functionality.py

@@ -19,25 +19,21 @@ class TestJWTCore:
     def test_token_creation_and_verification(self):
         """测试令牌创建和验证"""
         # 创建令牌对
-        access_token, refresh_token = create_token_pair(
-            user_id=1, username="test_user", is_superuser=False
-        )
+        access_token, refresh_token = create_token_pair(user_id=1)
 
         # 验证访问令牌
         access_payload = verify_token(access_token, "access")
         assert access_payload.user_id == 1
-        assert access_payload.username == "test_user"
         assert access_payload.token_type == "access"
 
         # 验证刷新令牌
         refresh_payload = verify_token(refresh_token, "refresh")
         assert refresh_payload.user_id == 1
-        assert refresh_payload.username == "test_user"
         assert refresh_payload.token_type == "refresh"
 
     def test_token_type_security(self):
         """测试令牌类型安全"""
-        access_token, refresh_token = create_token_pair(1, "test", False)
+        access_token, refresh_token = create_token_pair(1)
 
         # 用错误类型验证应该失败
         with pytest.raises(Exception):  # noqa: B017
@@ -53,8 +49,6 @@ def test_expired_token_rejection(self):
         # 创建过期令牌
         expired_payload = JWTPayload(
             user_id=1,
-            username="test",
-            is_superuser=False,
             exp=datetime.now(UTC) - timedelta(minutes=1),
             token_type="access",
         )
@@ -80,15 +74,11 @@ def test_jwt_payload_validation(self):
         """测试JWT载荷验证"""
         payload = JWTPayload(
             user_id=123,
-            username="test_user",
-            is_superuser=True,
             exp=datetime.now(UTC) + timedelta(hours=1),
             token_type="access",
         )
 
         assert payload.user_id == 123
-        assert payload.username == "test_user"
-        assert payload.is_superuser is True
         assert payload.token_type == "access"
 
 

tests/test_jwt_auth.py

@@ -14,12 +14,8 @@ class TestJWTAuthentication:
     def test_create_token_pair(self):
         """测试创建Token对"""
         user_id = 1
-        username = "test_user"
-        is_superuser = False
 
-        access_token, refresh_token = create_token_pair(
-            user_id=user_id, username=username, is_superuser=is_superuser
-        )
+        access_token, refresh_token = create_token_pair(user_id=user_id)
 
         assert isinstance(access_token, str)
         assert isinstance(refresh_token, str)
@@ -30,42 +26,32 @@ def test_create_token_pair(self):
     def test_verify_access_token(self):
         """测试验证访问令牌"""
         user_id = 1
-        username = "test_user"
-        is_superuser = True
 
-        access_token, _ = create_token_pair(user_id, username, is_superuser)
+        access_token, _ = create_token_pair(user_id)
 
         # 验证访问令牌
         payload = verify_token(access_token, token_type="access")
 
         assert payload.user_id == user_id
-        assert payload.username == username
-        assert payload.is_superuser == is_superuser
         assert payload.token_type == "access"
 
     def test_verify_refresh_token(self):
         """测试验证刷新令牌"""
         user_id = 2
-        username = "refresh_user"
-        is_superuser = False
 
-        _, refresh_token = create_token_pair(user_id, username, is_superuser)
+        _, refresh_token = create_token_pair(user_id)
 
         # 验证刷新令牌
         payload = verify_token(refresh_token, token_type="refresh")
 
         assert payload.user_id == user_id
-        assert payload.username == username
-        assert payload.is_superuser == is_superuser
         assert payload.token_type == "refresh"
 
     def test_token_type_validation(self):
         """测试令牌类型验证"""
         user_id = 3
-        username = "type_test_user"
-        is_superuser = False
 
-        access_token, refresh_token = create_token_pair(user_id, username, is_superuser)
+        access_token, refresh_token = create_token_pair(user_id)
 
         # 用访问令牌验证刷新令牌类型应该失败
         with pytest.raises(Exception):  # noqa: B017
@@ -82,8 +68,6 @@ def test_expired_token(self):
 
         payload = JWTPayload(
             user_id=4,
-            username="expired_user",
-            is_superuser=False,
             exp=expire,
             token_type="access",
         )
@@ -104,10 +88,8 @@ def test_invalid_token(self):
     def test_token_expiration_times(self):
         """测试令牌过期时间设置"""
         user_id = 5
-        username = "expiry_test_user"
-        is_superuser = False
 
-        access_token, refresh_token = create_token_pair(user_id, username, is_superuser)
+        access_token, refresh_token = create_token_pair(user_id)
 
         access_payload = verify_token(access_token, token_type="access")
         refresh_payload = verify_token(refresh_token, token_type="refresh")

tests/test_simple_jwt.py

@@ -19,12 +19,8 @@ class TestSimpleJWT:
     def test_create_token_pair(self):
         """测试创建Token对"""
         user_id = 1
-        username = "test_user"
-        is_superuser = False
 
-        access_token, refresh_token = create_token_pair(
-            user_id=user_id, username=username, is_superuser=is_superuser
-        )
+        access_token, refresh_token = create_token_pair(user_id=user_id)
 
         assert isinstance(access_token, str)
         assert isinstance(refresh_token, str)
@@ -35,42 +31,32 @@ def test_create_token_pair(self):
     def test_verify_access_token(self):
         """测试验证访问令牌"""
         user_id = 1
-        username = "test_user"
-        is_superuser = True
 
-        access_token, _ = create_token_pair(user_id, username, is_superuser)
+        access_token, _ = create_token_pair(user_id)
 
         # 验证访问令牌
         payload = verify_token(access_token, token_type="access")
 
         assert payload.user_id == user_id
-        assert payload.username == username
-        assert payload.is_superuser == is_superuser
         assert payload.token_type == "access"
 
     def test_verify_refresh_token(self):
         """测试验证刷新令牌"""
         user_id = 2
-        username = "refresh_user"
-        is_superuser = False
 
-        _, refresh_token = create_token_pair(user_id, username, is_superuser)
+        _, refresh_token = create_token_pair(user_id)
 
         # 验证刷新令牌
         payload = verify_token(refresh_token, token_type="refresh")
 
         assert payload.user_id == user_id
-        assert payload.username == username
-        assert payload.is_superuser == is_superuser
         assert payload.token_type == "refresh"
 
     def test_token_type_validation(self):
         """测试令牌类型验证"""
         user_id = 3
-        username = "type_test_user"
-        is_superuser = False
 
-        access_token, refresh_token = create_token_pair(user_id, username, is_superuser)
+        access_token, refresh_token = create_token_pair(user_id)
 
         # 用访问令牌验证刷新令牌类型应该失败
         with pytest.raises(Exception):  # noqa: B017
@@ -87,8 +73,6 @@ def test_expired_token(self):
 
         payload = JWTPayload(
             user_id=4,
-            username="expired_user",
-            is_superuser=False,
             exp=expire,
             token_type="access",
         )