From 512c1938c108f05728d8939c7fb1794073e01957 Mon Sep 17 00:00:00 2001 From: Xiyuan Chen <52963600+GareArc@users.noreply.github.com> Date: Fri, 6 Jun 2025 16:52:15 +0900 Subject: [PATCH 1/2] Feat/webapp verified sso 260: fetch previous app session in public token exchange (#20740) --- api/controllers/web/passport.py | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/api/controllers/web/passport.py b/api/controllers/web/passport.py index 931a33b136..983921fae1 100644 --- a/api/controllers/web/passport.py +++ b/api/controllers/web/passport.py @@ -113,7 +113,7 @@ def exchange_token_for_existing_web_user(app_code: str, enterprise_user_decoded: app_auth_type = WebAppAuthService.get_app_auth_type(app_code=app_code) if app_auth_type == WebAppAuthType.PUBLIC: - return _exchange_for_public_app_token(app_model, site) + return _exchange_for_public_app_token(app_model, site, enterprise_user_decoded) elif app_auth_type == WebAppAuthType.EXTERNAL and user_auth_type != "external": raise WebAppAuthRequiredError("Please login as external user.") elif app_auth_type == WebAppAuthType.INTERNAL and user_auth_type != "internal": @@ -164,17 +164,25 @@ def exchange_token_for_existing_web_user(app_code: str, enterprise_user_decoded: } -def _exchange_for_public_app_token(app_model, site): - end_user = EndUser( - tenant_id=app_model.tenant_id, - app_id=app_model.id, - type="browser", - is_anonymous=True, - session_id=generate_session_id(), - ) +def _exchange_for_public_app_token(app_model, site, token_decoded): + user_id = token_decoded.get("user_id") + end_user = None + if user_id: + end_user = db.session.query(EndUser).filter( + EndUser.app_id == app_model.id, EndUser.session_id == user_id + ).first() + + if not end_user: + end_user = EndUser( + tenant_id=app_model.tenant_id, + app_id=app_model.id, + type="browser", + is_anonymous=True, + session_id=generate_session_id(), + ) - db.session.add(end_user) - db.session.commit() + db.session.add(end_user) + db.session.commit() payload = { "iss": site.app_id, From c7d40268004caccecbaa32fa96ea84daf48d3e9d Mon Sep 17 00:00:00 2001 From: NFish Date: Fri, 6 Jun 2025 15:53:40 +0800 Subject: [PATCH 2/2] fix: remove all app token when logout --- web/app/components/base/app-unavailable.tsx | 2 +- web/app/components/share/utils.ts | 16 +--------------- 2 files changed, 2 insertions(+), 16 deletions(-) diff --git a/web/app/components/base/app-unavailable.tsx b/web/app/components/base/app-unavailable.tsx index a4b1f257e3..c4a38d9608 100644 --- a/web/app/components/base/app-unavailable.tsx +++ b/web/app/components/base/app-unavailable.tsx @@ -21,7 +21,7 @@ const AppUnavailable: FC = ({ return (
-

{code}

diff --git a/web/app/components/share/utils.ts b/web/app/components/share/utils.ts index 0b99f36f5e..a7bc4e0cb0 100644 --- a/web/app/components/share/utils.ts +++ b/web/app/components/share/utils.ts @@ -37,20 +37,6 @@ export const setAccessToken = async (sharedToken: string, token: string) => { } export const removeAccessToken = () => { - const sharedToken = globalThis.location.pathname.split('/').slice(-1)[0] - - const accessToken = localStorage.getItem('token') || JSON.stringify({ [sharedToken]: '' }) - let accessTokenJson = { [sharedToken]: '' } - try { - accessTokenJson = JSON.parse(accessToken) - } - catch (e) { - - } - - localStorage.removeItem(CONVERSATION_ID_INFO) + localStorage.removeItem('token') localStorage.removeItem('webapp_access_token') - - delete accessTokenJson[sharedToken] - localStorage.setItem('token', JSON.stringify(accessTokenJson)) }