/auth/login
使用用户名、邮箱或手机号加密码进行登录,支持渐进式延迟反暴力破解、CAPTCHA人机验证和风险评估。登录成功后返回JWT令牌。参考:NIST SP 800-63B §5.1.1.2、OWASP ASVS V2.1。
Request Body
Schema: dto.LoginRequest
| Field | Type | Required | Example | Constraints | Description |
|---|---|---|---|---|---|
identity |
string |
Yes | Username/Email/Phone | ||
password |
string |
Yes | Password or hash/ciphertext (取决于 password_transmission) | ||
captcha_challenge_id |
string |
No | CAPTCHA challenge ID | ||
captcha_provider |
string |
No | CAPTCHA provider (pow/turnstile) | ||
captcha_token |
string |
No | CAPTCHA verification token (PoW/Turnstile) | ||
client_nonce |
string |
No | hash 模式: 客户端随机 nonce | ||
client_pub_key |
string |
No | symmetric 模式: 客户端 ECDH 临时公钥 | ||
key_exchange_id |
string |
No | symmetric 模式: ECDH 密钥交换 ID | ||
key_id |
string |
No | asymmetric 模式: 服务端公钥 ID | ||
password_transmission |
string |
No | plain|hash|symmetric|asymmetric | ||
tenant_id |
string |
No | Tenant ID |
Responses
| Status | Description | Schema |
|---|---|---|
| 200 | 登录成功,返回访问令牌和刷新令牌 | dto.LoginResponse |
| 400 | 请求参数无效或凭据错误 | gitee_com_linmes_authms_base_dto.SimpleResponse |
| 500 | 服务器内部错误 | gitee_com_linmes_authms_base_dto.SimpleResponse |
Referenced Schemas
dto.LoginResponse
用户登录结果
| Field | Type | Required | Example | Constraints | Description |
|---|---|---|---|---|---|
access_token |
string |
No | Access token | ||
challenge_token |
string |
No | MFA challenge token (short-lived, requires MFA verification) | ||
expires_in |
integer |
No | Expiration time | ||
mfa_check_reason |
string |
No | MFA触发原因描述 | ||
must_change_password |
boolean |
No | Password must be changed | ||
password_expires_in |
integer |
No | Days until password expires | ||
password_warning |
string |
No | Password warning: expiring/expired_grace/expired | ||
refresh_token |
string |
No | Refresh token | ||
required_mfa_methods |
array of string |
No | MFA推荐方法列表 | ||
requires_mfa |
boolean |
No | 自适应MFA: 需要额外MFA验证 | ||
risk_assessment |
object |
No | Risk assessment | ||
risk_level |
string |
No | 风险等级: low/medium/high | ||
token_type |
string |
No | Token type | ||
user |
object |
No | User info |
dto.RiskAssessmentInfo
| Field | Type | Required | Example | Constraints | Description |
|---|---|---|---|---|---|
level |
string |
No | |||
recommended_mfa_methods |
array of string |
No | |||
require_mfa |
boolean |
No | |||
score |
integer |
No |
dto.UserInfo
用户基本信息
| Field | Type | Required | Example | Constraints | Description |
|---|---|---|---|---|---|
created_at |
string |
No | Account creation time | ||
email |
string |
No | |||
id |
string |
No | User ID | ||
must_change_password |
boolean |
No | Password must be changed | ||
password_expires_in |
integer |
No | Days until password expires | ||
password_warning |
string |
No | Password warning: expiring/expired_grace/expired | ||
phone |
string |
No | Phone | ||
status |
string |
No | Status | ||
username |
string |
No | Username |
gitee_com_linmes_authms_base_dto.SimpleResponse
| Field | Type | Required | Example | Constraints | Description |
|---|---|---|---|---|---|
code |
integer |
No | |||
message |
string |
No | |||
timestamp |
string |
No |