From 4e0d3c224f95c301f14f98c129e6bf5bddab8301 Mon Sep 17 00:00:00 2001
From: NFish <douxc512@gmail.com>
Date: Thu, 8 Jan 2026 10:04:42 +0800
Subject: [PATCH] fix: web app login code encrypt (#30705)

---
 web/app/(shareLayout)/webapp-signin/check-code/page.tsx        | 3 ++-
 .../webapp-signin/components/mail-and-password-auth.tsx        | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/web/app/(shareLayout)/webapp-signin/check-code/page.tsx b/web/app/(shareLayout)/webapp-signin/check-code/page.tsx
index ee7fc22bea..6a078f8eb6 100644
--- a/web/app/(shareLayout)/webapp-signin/check-code/page.tsx
+++ b/web/app/(shareLayout)/webapp-signin/check-code/page.tsx
@@ -14,6 +14,7 @@ import { useWebAppStore } from '@/context/web-app-context'
 import { sendWebAppEMailLoginCode, webAppEmailLoginWithCode } from '@/service/common'
 import { fetchAccessToken } from '@/service/share'
 import { setWebAppAccessToken, setWebAppPassport } from '@/service/webapp-auth'
+import { encryptVerificationCode } from '@/utils/encryption'
 
 export default function CheckCode() {
   const { t } = useTranslation()
@@ -64,7 +65,7 @@ export default function CheckCode() {
         return
       }
       setIsLoading(true)
-      const ret = await webAppEmailLoginWithCode({ email, code, token })
+      const ret = await webAppEmailLoginWithCode({ email, code: encryptVerificationCode(code), token })
       if (ret.result === 'success') {
         setWebAppAccessToken(ret.data.access_token)
         const { access_token } = await fetchAccessToken({
diff --git a/web/app/(shareLayout)/webapp-signin/components/mail-and-password-auth.tsx b/web/app/(shareLayout)/webapp-signin/components/mail-and-password-auth.tsx
index 46645ed68c..ea45ce7589 100644
--- a/web/app/(shareLayout)/webapp-signin/components/mail-and-password-auth.tsx
+++ b/web/app/(shareLayout)/webapp-signin/components/mail-and-password-auth.tsx
@@ -14,6 +14,7 @@ import { useWebAppStore } from '@/context/web-app-context'
 import { webAppLogin } from '@/service/common'
 import { fetchAccessToken } from '@/service/share'
 import { setWebAppAccessToken, setWebAppPassport } from '@/service/webapp-auth'
+import { encryptPassword } from '@/utils/encryption'
 
 type MailAndPasswordAuthProps = {
   isEmailSetup: boolean
@@ -72,7 +73,7 @@ export default function MailAndPasswordAuth({ isEmailSetup }: MailAndPasswordAut
       setIsLoading(true)
       const loginData: Record<string, any> = {
         email,
-        password,
+        password: encryptPassword(password),
         language: locale,
         remember_me: true,
       }