fix: remove app code retrival in web app login

12 months ago · 2b9b852c31
parent e9ae79d398
commit 2b9b852c31
2 changed files with 12 additions and 27 deletions
--- a/api/controllers/web/login.py
+++ b/api/controllers/web/login.py
@ -1,11 +1,11 @@
 from flask import request
 from flask_restful import Resource, reqparse
 from jwt import InvalidTokenError  # type: ignore
 from web import api
 from werkzeug.exceptions import BadRequest
 import services
-from controllers.console.auth.error import EmailCodeError, EmailOrPasswordMismatchError, InvalidEmailError
+from controllers.console.auth.error import (EmailCodeError,
                                            EmailOrPasswordMismatchError,
                                            InvalidEmailError)
 from controllers.console.error import AccountBannedError, AccountNotFound
 from controllers.console.wraps import only_edition_enterprise, setup_required
 from controllers.web import api
@ -27,10 +27,6 @@ class LoginApi(Resource):
        parser.add_argument("password", type=valid_password, required=True, location="json")
        args = parser.parse_args()
        app_code = request.headers.get("X-App-Code")
        if app_code is None:
            raise BadRequest("X-App-Code header is missing.")
        try:
            account = WebAppAuthService.authenticate(args["email"], args["password"])
        except services.errors.account.AccountLoginError:
@ -40,9 +36,7 @@ class LoginApi(Resource):
        except services.errors.account.AccountNotFoundError:
            raise AccountNotFound()
-        end_user = WebAppAuthService.create_end_user(email=args["email"], app_code=app_code)
+        token = WebAppAuthService.login(account=account)
        token = WebAppAuthService.login(account=account, app_code=app_code, end_user_id=end_user.id)
        return {"result": "success", "token": token}
@ -90,9 +84,6 @@ class EmailCodeLoginApi(Resource):
        args = parser.parse_args()
        user_email = args["email"]
        app_code = request.headers.get("X-App-Code")
        if app_code is None:
            raise BadRequest("X-App-Code header is missing.")
        token_data = WebAppAuthService.get_email_code_login_data(args["token"])
        if token_data is None:
@ -109,9 +100,7 @@ class EmailCodeLoginApi(Resource):
        if not account:
            raise AccountNotFound()
-        end_user = WebAppAuthService.create_end_user(email=user_email, app_code=app_code)
+        token = WebAppAuthService.login(account=account)
        token = WebAppAuthService.login(account=account, app_code=app_code, end_user_id=end_user.id)
        AccountService.reset_login_error_rate_limit(args["email"])
        return {"result": "success", "token": token}
--- a/api/services/webapp_auth_service.py
+++ b/api/services/webapp_auth_service.py
@ -2,7 +2,7 @@ import random
 from datetime import UTC, datetime, timedelta
 from typing import Any, Optional, cast
-from werkzeug.exceptions import NotFound, Unauthorized
+from werkzeug.exceptions import Unauthorized
 from configs import dify_config
 from extensions.ext_database import db
@ -11,7 +11,8 @@ from libs.passport import PassportService
 from libs.password import compare_password
 from models.account import Account, AccountStatus
 from models.model import App, EndUser, Site
-from services.errors.account import AccountLoginError, AccountNotFoundError, AccountPasswordError
+from services.errors.account import (AccountLoginError, AccountNotFoundError,
                                     AccountPasswordError)
 from tasks.mail_email_code_login import send_email_code_login_mail_task
@ -34,12 +35,8 @@ class WebAppAuthService:
        return cast(Account, account)
    @classmethod
-    def login(cls, account: Account, app_code: str, end_user_id: str) -> str:
+    def login(cls, account: Account) -> str:
-        site = db.session.query(Site).filter(Site.code == app_code).first()
+        access_token = cls._get_account_jwt_token(account=account)
        if not site:
            raise NotFound("Site not found.")
        access_token = cls._get_account_jwt_token(account=account, site=site, end_user_id=end_user_id)
        return access_token
@ -101,14 +98,13 @@ class WebAppAuthService:
        return end_user
    @classmethod
-    def _get_account_jwt_token(cls, account: Account, site: Site, end_user_id: str) -> str:
+    def _get_account_jwt_token(cls, account: Account) -> str:
-        exp_dt = datetime.now(UTC) + timedelta(hours=dify_config.WebAppSessionTimeoutInHours * 24)
+        exp_dt = datetime.now(UTC) + timedelta(hours=dify_config.ACCESS_TOKEN_EXPIRE_MINUTES * 24)
        exp = int(exp_dt.timestamp())
        payload = {
            "sub": "Web API Passport",
            "user_id": account.id,
            "end_user_id": end_user_id,
            "token_source": "webapp_login_token",
            "exp": exp,
        }