fix: remove app code retrival in web app login

10 months ago · 20ca9c6a3e
parent 6c3804ca49
commit 20ca9c6a3e
3 changed files with 16 additions and 34 deletions
--- a/api/controllers/web/login.py
+++ b/api/controllers/web/login.py
@ -1,13 +1,12 @@
-from flask import request
-from flask_restful import Resource, reqparse
-from jwt import InvalidTokenError  # type: ignore
-from werkzeug.exceptions import BadRequest
-
 import services
-from controllers.console.auth.error import EmailCodeError, EmailOrPasswordMismatchError, InvalidEmailError
+from controllers.console.auth.error import (EmailCodeError,
+                                            EmailOrPasswordMismatchError,
+                                            InvalidEmailError)
 from controllers.console.error import AccountBannedError, AccountNotFound
 from controllers.console.wraps import only_edition_enterprise, setup_required
 from controllers.web import api
+from flask_restful import Resource, reqparse
+from jwt import InvalidTokenError  # type: ignore
 from libs.helper import email
 from libs.password import valid_password
 from services.account_service import AccountService
@ -26,10 +25,6 @@ class LoginApi(Resource):
        parser.add_argument("password", type=valid_password, required=True, location="json")
        args = parser.parse_args()

-        app_code = request.headers.get("X-App-Code")
-        if app_code is None:
-            raise BadRequest("X-App-Code header is missing.")
-
        try:
            account = WebAppAuthService.authenticate(args["email"], args["password"])
        except services.errors.account.AccountLoginError:
@ -39,9 +34,7 @@ class LoginApi(Resource):
        except services.errors.account.AccountNotFoundError:
            raise AccountNotFound()

-        end_user = WebAppAuthService.create_end_user(email=args["email"], app_code=app_code)
-
-        token = WebAppAuthService.login(account=account, app_code=app_code, end_user_id=end_user.id)
+        token = WebAppAuthService.login(account=account)
        return {"result": "success", "token": token}


@ -89,9 +82,6 @@ class EmailCodeLoginApi(Resource):
        args = parser.parse_args()

        user_email = args["email"]
-        app_code = request.headers.get("X-App-Code")
-        if app_code is None:
-            raise BadRequest("X-App-Code header is missing.")

        token_data = WebAppAuthService.get_email_code_login_data(args["token"])
        if token_data is None:
@ -108,9 +98,7 @@ class EmailCodeLoginApi(Resource):
        if not account:
            raise AccountNotFound()

-        end_user = WebAppAuthService.create_end_user(email=user_email, app_code=app_code)
-
-        token = WebAppAuthService.login(account=account, app_code=app_code, end_user_id=end_user.id)
+        token = WebAppAuthService.login(account=account)
        AccountService.reset_login_error_rate_limit(args["email"])
        return {"result": "success", "token": token}

--- a/api/controllers/web/passport.py
+++ b/api/controllers/web/passport.py
@ -1,18 +1,17 @@
 import uuid
 from datetime import UTC, datetime, timedelta

-from flask import request
-from flask_restful import Resource
-from werkzeug.exceptions import NotFound, Unauthorized
-
 from configs import dify_config
 from controllers.web import api
 from controllers.web.error import WebAppAuthRequiredError
 from extensions.ext_database import db
+from flask import request
+from flask_restful import Resource
 from libs.passport import PassportService
 from models.model import App, EndUser, Site
 from services.enterprise.enterprise_service import EnterpriseService
 from services.feature_service import FeatureService
+from werkzeug.exceptions import NotFound, Unauthorized


 class PassportResource(Resource):
--- a/api/services/webapp_auth_service.py
+++ b/api/services/webapp_auth_service.py
@ -2,8 +2,6 @@ import random
 from datetime import UTC, datetime, timedelta
 from typing import Any, Optional, cast

-from werkzeug.exceptions import NotFound, Unauthorized
-
 from configs import dify_config
 from extensions.ext_database import db
 from libs.helper import TokenManager
@ -11,8 +9,10 @@ from libs.passport import PassportService
 from libs.password import compare_password
 from models.account import Account, AccountStatus
 from models.model import App, EndUser, Site
-from services.errors.account import AccountLoginError, AccountNotFoundError, AccountPasswordError
+from services.errors.account import (AccountLoginError, AccountNotFoundError,
+                                     AccountPasswordError)
 from tasks.mail_email_code_login import send_email_code_login_mail_task
+from werkzeug.exceptions import NotFound, Unauthorized


 class WebAppAuthService:
@ -34,12 +34,8 @@ class WebAppAuthService:
        return cast(Account, account)

    @classmethod
-    def login(cls, account: Account, app_code: str, end_user_id: str) -> str:
-        site = db.session.query(Site).filter(Site.code == app_code).first()
-        if not site:
-            raise NotFound("Site not found.")
-
-        access_token = cls._get_account_jwt_token(account=account, site=site, end_user_id=end_user_id)
+    def login(cls, account: Account) -> str:
+        access_token = cls._get_account_jwt_token(account=account)

        return access_token

@ -105,14 +101,13 @@ class WebAppAuthService:
        return end_user

    @classmethod
-    def _get_account_jwt_token(cls, account: Account, site: Site, end_user_id: str) -> str:
+    def _get_account_jwt_token(cls, account: Account) -> str:
        exp_dt = datetime.now(UTC) + timedelta(hours=dify_config.ACCESS_TOKEN_EXPIRE_MINUTES * 24)
        exp = int(exp_dt.timestamp())

        payload = {
            "sub": "Web API Passport",
            "user_id": account.id,
-            "end_user_id": end_user_id,
            "token_source": "webapp_login_token",
            "exp": exp,
        }