From 20ca9c6a3e7b0ee5b84f9291e7c634cd69e24f9d Mon Sep 17 00:00:00 2001 From: GareArc Date: Thu, 29 May 2025 11:04:05 +0800 Subject: [PATCH] fix: remove app code retrival in web app login --- api/controllers/web/login.py | 26 +++++++------------------- api/controllers/web/passport.py | 7 +++---- api/services/webapp_auth_service.py | 17 ++++++----------- 3 files changed, 16 insertions(+), 34 deletions(-) diff --git a/api/controllers/web/login.py b/api/controllers/web/login.py index 7494501e81..3d2a4f83b5 100644 --- a/api/controllers/web/login.py +++ b/api/controllers/web/login.py @@ -1,13 +1,12 @@ -from flask import request -from flask_restful import Resource, reqparse -from jwt import InvalidTokenError # type: ignore -from werkzeug.exceptions import BadRequest - import services -from controllers.console.auth.error import EmailCodeError, EmailOrPasswordMismatchError, InvalidEmailError +from controllers.console.auth.error import (EmailCodeError, + EmailOrPasswordMismatchError, + InvalidEmailError) from controllers.console.error import AccountBannedError, AccountNotFound from controllers.console.wraps import only_edition_enterprise, setup_required from controllers.web import api +from flask_restful import Resource, reqparse +from jwt import InvalidTokenError # type: ignore from libs.helper import email from libs.password import valid_password from services.account_service import AccountService @@ -26,10 +25,6 @@ class LoginApi(Resource): parser.add_argument("password", type=valid_password, required=True, location="json") args = parser.parse_args() - app_code = request.headers.get("X-App-Code") - if app_code is None: - raise BadRequest("X-App-Code header is missing.") - try: account = WebAppAuthService.authenticate(args["email"], args["password"]) except services.errors.account.AccountLoginError: @@ -39,9 +34,7 @@ class LoginApi(Resource): except services.errors.account.AccountNotFoundError: raise AccountNotFound() - end_user = WebAppAuthService.create_end_user(email=args["email"], app_code=app_code) - - token = WebAppAuthService.login(account=account, app_code=app_code, end_user_id=end_user.id) + token = WebAppAuthService.login(account=account) return {"result": "success", "token": token} @@ -89,9 +82,6 @@ class EmailCodeLoginApi(Resource): args = parser.parse_args() user_email = args["email"] - app_code = request.headers.get("X-App-Code") - if app_code is None: - raise BadRequest("X-App-Code header is missing.") token_data = WebAppAuthService.get_email_code_login_data(args["token"]) if token_data is None: @@ -108,9 +98,7 @@ class EmailCodeLoginApi(Resource): if not account: raise AccountNotFound() - end_user = WebAppAuthService.create_end_user(email=user_email, app_code=app_code) - - token = WebAppAuthService.login(account=account, app_code=app_code, end_user_id=end_user.id) + token = WebAppAuthService.login(account=account) AccountService.reset_login_error_rate_limit(args["email"]) return {"result": "success", "token": token} diff --git a/api/controllers/web/passport.py b/api/controllers/web/passport.py index 8f3fd44c1b..4ae178b0bd 100644 --- a/api/controllers/web/passport.py +++ b/api/controllers/web/passport.py @@ -1,18 +1,17 @@ import uuid from datetime import UTC, datetime, timedelta -from flask import request -from flask_restful import Resource -from werkzeug.exceptions import NotFound, Unauthorized - from configs import dify_config from controllers.web import api from controllers.web.error import WebAppAuthRequiredError from extensions.ext_database import db +from flask import request +from flask_restful import Resource from libs.passport import PassportService from models.model import App, EndUser, Site from services.enterprise.enterprise_service import EnterpriseService from services.feature_service import FeatureService +from werkzeug.exceptions import NotFound, Unauthorized class PassportResource(Resource): diff --git a/api/services/webapp_auth_service.py b/api/services/webapp_auth_service.py index 43f19c0142..ea96b9a32c 100644 --- a/api/services/webapp_auth_service.py +++ b/api/services/webapp_auth_service.py @@ -2,8 +2,6 @@ import random from datetime import UTC, datetime, timedelta from typing import Any, Optional, cast -from werkzeug.exceptions import NotFound, Unauthorized - from configs import dify_config from extensions.ext_database import db from libs.helper import TokenManager @@ -11,8 +9,10 @@ from libs.passport import PassportService from libs.password import compare_password from models.account import Account, AccountStatus from models.model import App, EndUser, Site -from services.errors.account import AccountLoginError, AccountNotFoundError, AccountPasswordError +from services.errors.account import (AccountLoginError, AccountNotFoundError, + AccountPasswordError) from tasks.mail_email_code_login import send_email_code_login_mail_task +from werkzeug.exceptions import NotFound, Unauthorized class WebAppAuthService: @@ -34,12 +34,8 @@ class WebAppAuthService: return cast(Account, account) @classmethod - def login(cls, account: Account, app_code: str, end_user_id: str) -> str: - site = db.session.query(Site).filter(Site.code == app_code).first() - if not site: - raise NotFound("Site not found.") - - access_token = cls._get_account_jwt_token(account=account, site=site, end_user_id=end_user_id) + def login(cls, account: Account) -> str: + access_token = cls._get_account_jwt_token(account=account) return access_token @@ -105,14 +101,13 @@ class WebAppAuthService: return end_user @classmethod - def _get_account_jwt_token(cls, account: Account, site: Site, end_user_id: str) -> str: + def _get_account_jwt_token(cls, account: Account) -> str: exp_dt = datetime.now(UTC) + timedelta(hours=dify_config.ACCESS_TOKEN_EXPIRE_MINUTES * 24) exp = int(exp_dt.timestamp()) payload = { "sub": "Web API Passport", "user_id": account.id, - "end_user_id": end_user_id, "token_source": "webapp_login_token", "exp": exp, }