user-system/docs/evidence/ops/2026-03-26/e2e/ACCOUNT_BINDING_CLOSURE_20260326-224700.md

ACCOUNT_BINDING_CLOSURE_20260326-224700

Scope

• PRD 1.5 用户信息管理 -> 账号绑定与解绑
• email bind / replace / unbind
• phone bind / replace / unbind
• self-service security page closure

Implemented Closure

• Backend:
  • added protected self-service endpoints:
    • POST /api/v1/users/me/bind-email/code
    • POST /api/v1/users/me/bind-email
    • DELETE /api/v1/users/me/bind-email
    • POST /api/v1/users/me/bind-phone/code
    • POST /api/v1/users/me/bind-phone
    • DELETE /api/v1/users/me/bind-phone
  • bind now requires both target-channel verification code and current-account sensitive verification when password or TOTP is configured.
  • unbind now requires current-account sensitive verification when password or TOTP is configured, and blocks removal if no login method would remain.
  • direct self-update of email / phone through PUT /api/v1/users/:id is now blocked for non-admin self-service usage.
• Frontend:
  • /profile/security now contains a real email/phone binding management section.
  • /profile no longer exposes direct editable email/phone fields; users are redirected to security settings for verified binding flows.

Validation

• go test ./... -count=1
• go build ./cmd/server
• cd D:\project\frontend\admin && npm.cmd run lint
• cd D:\project\frontend\admin && npm.cmd run test:run
• cd D:\project\frontend\admin && npm.cmd run build
• cd D:\project\frontend\admin && powershell -ExecutionPolicy Bypass -File .\scripts\run-playwright-auth-e2e.ps1

Boundary

• Email bind/replace is only available when SMTP-backed email code capability is enabled.
• Phone bind/replace is only available when Aliyun or Tencent SMS capability is enabled.
• This closure is product-complete and regression-verified, but it does not change the previously stated boundary that live third-party OAuth provider proof and external production delivery evidence remain separate gaps.