Revert "feat: email register refactor" (#25367)

2026-01-08 07:14:14 +00:00 · 2025-09-08 19:20:09 +08:00
parent 598ec07c91
commit ea61420441
34 changed files with 79 additions and 1916 deletions
--- a/api/controllers/console/init.py
+++ b/api/controllers/console/init.py
@@ -70,16 +70,7 @@ from .app import (
 )

 # Import auth controllers
-from .auth import (
-    activate,
-    data_source_bearer_auth,
-    data_source_oauth,
-    email_register,
-    forgot_password,
-    login,
-    oauth,
-    oauth_server,
-)
+from .auth import activate, data_source_bearer_auth, data_source_oauth, forgot_password, login, oauth, oauth_server

 # Import billing controllers
 from .billing import billing, compliance
--- a/api/controllers/console/auth/email_register.py
+++ b/api/controllers/console/auth/email_register.py
@@ -1,154 +0,0 @@
-from flask import request
-from flask_restx import Resource, reqparse
-from sqlalchemy import select
-from sqlalchemy.orm import Session
-
-from constants.languages import languages
-from controllers.console import api
-from controllers.console.auth.error import (
-    EmailAlreadyInUseError,
-    EmailCodeError,
-    EmailRegisterLimitError,
-    InvalidEmailError,
-    InvalidTokenError,
-    PasswordMismatchError,
-)
-from controllers.console.error import AccountInFreezeError, EmailSendIpLimitError
-from controllers.console.wraps import email_password_login_enabled, email_register_enabled, setup_required
-from extensions.ext_database import db
-from libs.helper import email, extract_remote_ip
-from libs.password import valid_password
-from models.account import Account
-from services.account_service import AccountService
-from services.errors.account import AccountRegisterError
-from services.errors.workspace import WorkSpaceNotAllowedCreateError, WorkspacesLimitExceededError
-
-
-class EmailRegisterSendEmailApi(Resource):
-    @setup_required
-    @email_password_login_enabled
-    @email_register_enabled
-    def post(self):
-        parser = reqparse.RequestParser()
-        parser.add_argument("email", type=email, required=True, location="json")
-        parser.add_argument("language", type=str, required=False, location="json")
-        args = parser.parse_args()
-
-        ip_address = extract_remote_ip(request)
-        if AccountService.is_email_send_ip_limit(ip_address):
-            raise EmailSendIpLimitError()
-
-        if args["language"] is not None and args["language"] == "zh-Hans":
-            language = "zh-Hans"
-        else:
-            language = "en-US"
-
-        with Session(db.engine) as session:
-            account = session.execute(select(Account).filter_by(email=args["email"])).scalar_one_or_none()
-        token = None
-        token = AccountService.send_email_register_email(email=args["email"], account=account, language=language)
-        return {"result": "success", "data": token}
-
-
-class EmailRegisterCheckApi(Resource):
-    @setup_required
-    @email_password_login_enabled
-    @email_register_enabled
-    def post(self):
-        parser = reqparse.RequestParser()
-        parser.add_argument("email", type=str, required=True, location="json")
-        parser.add_argument("code", type=str, required=True, location="json")
-        parser.add_argument("token", type=str, required=True, nullable=False, location="json")
-        args = parser.parse_args()
-
-        user_email = args["email"]
-
-        is_email_register_error_rate_limit = AccountService.is_email_register_error_rate_limit(args["email"])
-        if is_email_register_error_rate_limit:
-            raise EmailRegisterLimitError()
-
-        token_data = AccountService.get_email_register_data(args["token"])
-        if token_data is None:
-            raise InvalidTokenError()
-
-        if user_email != token_data.get("email"):
-            raise InvalidEmailError()
-
-        if args["code"] != token_data.get("code"):
-            AccountService.add_email_register_error_rate_limit(args["email"])
-            raise EmailCodeError()
-
-        # Verified, revoke the first token
-        AccountService.revoke_email_register_token(args["token"])
-
-        # Refresh token data by generating a new token
-        _, new_token = AccountService.generate_email_register_token(
-            user_email, code=args["code"], additional_data={"phase": "register"}
-        )
-
-        AccountService.reset_email_register_error_rate_limit(args["email"])
-        return {"is_valid": True, "email": token_data.get("email"), "token": new_token}
-
-
-class EmailRegisterResetApi(Resource):
-    @setup_required
-    @email_password_login_enabled
-    @email_register_enabled
-    def post(self):
-        parser = reqparse.RequestParser()
-        parser.add_argument("token", type=str, required=True, nullable=False, location="json")
-        parser.add_argument("new_password", type=valid_password, required=True, nullable=False, location="json")
-        parser.add_argument("password_confirm", type=valid_password, required=True, nullable=False, location="json")
-        args = parser.parse_args()
-
-        # Validate passwords match
-        if args["new_password"] != args["password_confirm"]:
-            raise PasswordMismatchError()
-
-        # Validate token and get register data
-        register_data = AccountService.get_email_register_data(args["token"])
-        if not register_data:
-            raise InvalidTokenError()
-        # Must use token in reset phase
-        if register_data.get("phase", "") != "register":
-            raise InvalidTokenError()
-
-        # Revoke token to prevent reuse
-        AccountService.revoke_email_register_token(args["token"])
-
-        email = register_data.get("email", "")
-
-        with Session(db.engine) as session:
-            account = session.execute(select(Account).filter_by(email=email)).scalar_one_or_none()
-
-            if account:
-                raise EmailAlreadyInUseError()
-            else:
-                account = self._create_new_account(email, args["password_confirm"])
-                token_pair = AccountService.login(account=account, ip_address=extract_remote_ip(request))
-                AccountService.reset_login_error_rate_limit(email)
-
-        return {"result": "success", "data": token_pair.model_dump()}
-
-    def _create_new_account(self, email, password):
-        # Create new account if allowed
-        try:
-            account = AccountService.create_account_and_tenant(
-                email=email,
-                name=email,
-                password=password,
-                interface_language=languages[0],
-            )
-        except WorkSpaceNotAllowedCreateError:
-            pass
-        except WorkspacesLimitExceededError:
-            pass
-        except AccountRegisterError:
-            raise AccountInFreezeError()
-
-        return account
-
-
-api.add_resource(EmailRegisterSendEmailApi, "/email-register/send-email")
-api.add_resource(EmailRegisterCheckApi, "/email-register/validity")
-api.add_resource(EmailRegisterResetApi, "/email-register")
--- a/api/controllers/console/auth/error.py
+++ b/api/controllers/console/auth/error.py
@@ -31,12 +31,6 @@ class PasswordResetRateLimitExceededError(BaseHTTPException):
    code = 429


-class EmailRegisterRateLimitExceededError(BaseHTTPException):
-    error_code = "email_register_rate_limit_exceeded"
-    description = "Too many email register emails have been sent. Please try again in 1 minute."
-    code = 429
-
-
 class EmailChangeRateLimitExceededError(BaseHTTPException):
    error_code = "email_change_rate_limit_exceeded"
    description = "Too many email change emails have been sent. Please try again in 1 minute."
@@ -91,12 +85,6 @@ class EmailPasswordResetLimitError(BaseHTTPException):
    code = 429


-class EmailRegisterLimitError(BaseHTTPException):
-    error_code = "email_register_limit"
-    description = "Too many failed email register attempts. Please try again in 24 hours."
-    code = 429
-
-
 class EmailChangeLimitError(BaseHTTPException):
    error_code = "email_change_limit"
    description = "Too many failed email change attempts. Please try again in 24 hours."
--- a/api/controllers/console/auth/forgot_password.py
+++ b/api/controllers/console/auth/forgot_password.py
@@ -6,6 +6,7 @@ from flask_restx import Resource, reqparse
 from sqlalchemy import select
 from sqlalchemy.orm import Session

+from constants.languages import languages
 from controllers.console import api
 from controllers.console.auth.error import (
    EmailCodeError,
@@ -14,7 +15,7 @@ from controllers.console.auth.error import (
    InvalidTokenError,
    PasswordMismatchError,
 )
-from controllers.console.error import AccountNotFound, EmailSendIpLimitError
+from controllers.console.error import AccountInFreezeError, AccountNotFound, EmailSendIpLimitError
 from controllers.console.wraps import email_password_login_enabled, setup_required
 from events.tenant_event import tenant_was_created
 from extensions.ext_database import db
@@ -22,6 +23,8 @@ from libs.helper import email, extract_remote_ip
 from libs.password import hash_password, valid_password
 from models.account import Account
 from services.account_service import AccountService, TenantService
+from services.errors.account import AccountRegisterError
+from services.errors.workspace import WorkSpaceNotAllowedCreateError, WorkspacesLimitExceededError
 from services.feature_service import FeatureService


@@ -45,13 +48,15 @@ class ForgotPasswordSendEmailApi(Resource):

        with Session(db.engine) as session:
            account = session.execute(select(Account).filter_by(email=args["email"])).scalar_one_or_none()
-
-        token = AccountService.send_reset_password_email(
-            account=account,
-            email=args["email"],
-            language=language,
-            is_allow_register=FeatureService.get_system_features().is_allow_register,
-        )
+        token = None
+        if account is None:
+            if FeatureService.get_system_features().is_allow_register:
+                token = AccountService.send_reset_password_email(email=args["email"], language=language)
+                return {"result": "fail", "data": token, "code": "account_not_found"}
+            else:
+                raise AccountNotFound()
+        else:
+            token = AccountService.send_reset_password_email(account=account, email=args["email"], language=language)

        return {"result": "success", "data": token}

@@ -132,7 +137,7 @@ class ForgotPasswordResetApi(Resource):
            if account:
                self._update_existing_account(account, password_hashed, salt, session)
            else:
-                raise AccountNotFound()
+                self._create_new_account(email, args["password_confirm"])

        return {"result": "success"}

@@ -152,6 +157,22 @@ class ForgotPasswordResetApi(Resource):
            account.current_tenant = tenant
            tenant_was_created.send(tenant)

+    def _create_new_account(self, email, password):
+        # Create new account if allowed
+        try:
+            AccountService.create_account_and_tenant(
+                email=email,
+                name=email,
+                password=password,
+                interface_language=languages[0],
+            )
+        except WorkSpaceNotAllowedCreateError:
+            pass
+        except WorkspacesLimitExceededError:
+            pass
+        except AccountRegisterError:
+            raise AccountInFreezeError()
+

 api.add_resource(ForgotPasswordSendEmailApi, "/forgot-password")
 api.add_resource(ForgotPasswordCheckApi, "/forgot-password/validity")
--- a/api/controllers/console/auth/login.py
+++ b/api/controllers/console/auth/login.py
@@ -26,6 +26,7 @@ from controllers.console.error import (
 from controllers.console.wraps import email_password_login_enabled, setup_required
 from events.tenant_event import tenant_was_created
 from libs.helper import email, extract_remote_ip
+from libs.password import valid_password
 from models.account import Account
 from services.account_service import AccountService, RegisterService, TenantService
 from services.billing_service import BillingService
@@ -43,9 +44,10 @@ class LoginApi(Resource):
        """Authenticate user and login."""
        parser = reqparse.RequestParser()
        parser.add_argument("email", type=email, required=True, location="json")
-        parser.add_argument("password", type=str, required=True, location="json")
+        parser.add_argument("password", type=valid_password, required=True, location="json")
        parser.add_argument("remember_me", type=bool, required=False, default=False, location="json")
        parser.add_argument("invite_token", type=str, required=False, default=None, location="json")
+        parser.add_argument("language", type=str, required=False, default="en-US", location="json")
        args = parser.parse_args()

        if dify_config.BILLING_ENABLED and BillingService.is_email_in_freeze(args["email"]):
@@ -59,6 +61,11 @@ class LoginApi(Resource):
        if invitation:
            invitation = RegisterService.get_invitation_if_token_valid(None, args["email"], invitation)

+        if args["language"] is not None and args["language"] == "zh-Hans":
+            language = "zh-Hans"
+        else:
+            language = "en-US"
+
        try:
            if invitation:
                data = invitation.get("data", {})
@@ -73,6 +80,12 @@ class LoginApi(Resource):
        except services.errors.account.AccountPasswordError:
            AccountService.add_login_error_rate_limit(args["email"])
            raise AuthenticationFailedError()
+        except services.errors.account.AccountNotFoundError:
+            if FeatureService.get_system_features().is_allow_register:
+                token = AccountService.send_reset_password_email(email=args["email"], language=language)
+                return {"result": "fail", "data": token, "code": "account_not_found"}
+            else:
+                raise AccountNotFound()
        # SELF_HOSTED only have one workspace
        tenants = TenantService.get_join_tenants(account)
        if len(tenants) == 0:
@@ -120,12 +133,13 @@ class ResetPasswordSendEmailApi(Resource):
        except AccountRegisterError:
            raise AccountInFreezeError()

-        token = AccountService.send_reset_password_email(
-            email=args["email"],
-            account=account,
-            language=language,
-            is_allow_register=FeatureService.get_system_features().is_allow_register,
-        )
+        if account is None:
+            if FeatureService.get_system_features().is_allow_register:
+                token = AccountService.send_reset_password_email(email=args["email"], language=language)
+            else:
+                raise AccountNotFound()
+        else:
+            token = AccountService.send_reset_password_email(account=account, language=language)

        return {"result": "success", "data": token}

--- a/api/controllers/console/wraps.py
+++ b/api/controllers/console/wraps.py
@@ -242,19 +242,6 @@ def email_password_login_enabled(view: Callable[P, R]):
    return decorated


-def email_register_enabled(view):
-    @wraps(view)
-    def decorated(*args, **kwargs):
-        features = FeatureService.get_system_features()
-        if features.is_allow_register:
-            return view(*args, **kwargs)
-
-        # otherwise, return 403
-        abort(403)
-
-    return decorated
-
-
 def enable_change_email(view: Callable[P, R]):
    @wraps(view)
    def decorated(*args: P.args, **kwargs: P.kwargs):