Switch auth password hashing to Argon2

tests/test_auth.py

@@ -1,12 +1,7 @@
 import re
 
-import pytest
 from fastapi.testclient import TestClient
 
-pytestmark = pytest.mark.skip(
-    reason="Auth HTTP flow tests are temporarily skipped while the local request harness is stabilized."
-)
-
 
 def _extract_csrf_token(html: str) -> str:
     match = re.search(r'name="csrf_token" value="([^"]+)"', html)
@@ -44,8 +39,10 @@ def test_login_success_sets_session_cookie_and_allows_admin_access(client: TestC
 
     admin_response = client.get("/admin")
     assert admin_response.status_code == 200
-    assert "当前用户" in admin_response.text
-    assert "admin" in admin_response.text
+    assert "首次登录后需要先修改密码" in admin_response.text
+    assert "Current Password" in admin_response.text
+    assert "New Password" in admin_response.text
+    assert "当前用户" not in admin_response.text
 
 
 def test_login_failure_returns_generic_error(client: TestClient) -> None: