fix catch statement

api/controllers/console/auth/login.py

@@ -1,6 +1,7 @@
 import flask_login
 from flask import make_response, request
 from flask_restx import Resource, reqparse
+from werkzeug.exceptions import Unauthorized
 
 import services
 from configs import dify_config
@@ -25,7 +26,9 @@ from controllers.console.wraps import email_password_login_enabled, setup_requir
 from events.tenant_event import tenant_was_created
 from libs.helper import email, extract_remote_ip
 from libs.login import current_account_with_tenant
+from libs.passport import PassportService
 from libs.token import (
+    check_csrf_token,
     clear_access_token_from_cookie,
     clear_csrf_token_from_cookie,
     clear_refresh_token_from_cookie,
@@ -295,4 +298,12 @@ class LoginStatus(Resource):
     def get(self):
         token = extract_access_token(request)
         csrf_token = extract_csrf_token(request)
-        return {"logged_in": bool(token) and bool(csrf_token)}
+        if not token or not csrf_token:
+            return {"logged_in": False}
+        res = True
+        try:
+            validated = PassportService().verify(token=token)
+            check_csrf_token(request=request, user_id=validated.get("user_id", ""))
+        except Unauthorized:
+            res = False
+        return {"logged_in": res}

api/libs/passport.py

@@ -1,3 +1,5 @@
+from typing import Any
+
 import jwt
 from werkzeug.exceptions import Unauthorized
 
@@ -11,7 +13,7 @@ class PassportService:
     def issue(self, payload):
         return jwt.encode(payload, self.sk, algorithm="HS256")
 
-    def verify(self, token):
+    def verify(self, token) -> dict[str, Any]:
         try:
             return jwt.decode(token, self.sk, algorithms=["HS256"])
         except jwt.ExpiredSignatureError: