diff --git a/api/.env.example b/api/.env.example
index 099b9f25fa..5a842725c7 100644
--- a/api/.env.example
+++ b/api/.env.example
@@ -492,6 +492,7 @@ ENDPOINT_URL_TEMPLATE=http://localhost:5002/e/{hook_id}
# Reset password token expiry minutes
RESET_PASSWORD_TOKEN_EXPIRY_MINUTES=5
+CHANGE_EMAIL_TOKEN_EXPIRY_MINUTES=5
CREATE_TIDB_SERVICE_JOB_ENABLED=false
diff --git a/api/configs/feature/__init__.py b/api/configs/feature/__init__.py
index 4f5e5b4559..df1ac50408 100644
--- a/api/configs/feature/__init__.py
+++ b/api/configs/feature/__init__.py
@@ -31,6 +31,10 @@ class SecurityConfig(BaseSettings):
description="Duration in minutes for which a password reset token remains valid",
default=5,
)
+ CHANGE_EMAIL_TOKEN_EXPIRY_MINUTES: PositiveInt = Field(
+ description="Duration in minutes for which a change email token remains valid",
+ default=5,
+ )
LOGIN_DISABLED: bool = Field(
description="Whether to disable login checks",
@@ -587,6 +591,11 @@ class AuthConfig(BaseSettings):
default=86400,
)
+ CHANGE_EMAIL_LOCKOUT_DURATION: PositiveInt = Field(
+ description="Time (in seconds) a user must wait before retrying change email after exceeding the rate limit.",
+ default=86400,
+ )
+
class ModerationConfig(BaseSettings):
"""
diff --git a/api/controllers/console/auth/error.py b/api/controllers/console/auth/error.py
index b40934dbf5..7076c850a8 100644
--- a/api/controllers/console/auth/error.py
+++ b/api/controllers/console/auth/error.py
@@ -31,6 +31,12 @@ class PasswordResetRateLimitExceededError(BaseHTTPException):
code = 429
+class EmailChangeRateLimitExceededError(BaseHTTPException):
+ error_code = "email_change_rate_limit_exceeded"
+ description = "Too many email change emails have been sent. Please try again in 1 minutes."
+ code = 429
+
+
class EmailCodeError(BaseHTTPException):
error_code = "email_code_error"
description = "Email code is invalid or expired."
@@ -65,3 +71,15 @@ class EmailPasswordResetLimitError(BaseHTTPException):
error_code = "email_password_reset_limit"
description = "Too many failed password reset attempts. Please try again in 24 hours."
code = 429
+
+
+class EmailChangeLimitError(BaseHTTPException):
+ error_code = "email_change_limit"
+ description = "Too many failed email change attempts. Please try again in 24 hours."
+ code = 429
+
+
+class EmailAlreadyInUseError(BaseHTTPException):
+ error_code = "email_already_in_use"
+ description = "A user with this email already exists."
+ code = 400
diff --git a/api/controllers/console/workspace/account.py b/api/controllers/console/workspace/account.py
index a9dbf44456..cd23b98c0b 100644
--- a/api/controllers/console/workspace/account.py
+++ b/api/controllers/console/workspace/account.py
@@ -4,10 +4,20 @@ import pytz
from flask import request
from flask_login import current_user
from flask_restful import Resource, fields, marshal_with, reqparse
+from sqlalchemy import select
+from sqlalchemy.orm import Session
from configs import dify_config
from constants.languages import supported_language
from controllers.console import api
+from controllers.console.auth.error import (
+ EmailAlreadyInUseError,
+ EmailChangeLimitError,
+ EmailCodeError,
+ InvalidEmailError,
+ InvalidTokenError,
+)
+from controllers.console.error import AccountNotFound, EmailSendIpLimitError
from controllers.console.workspace.error import (
AccountAlreadyInitedError,
CurrentPasswordIncorrectError,
@@ -18,15 +28,17 @@ from controllers.console.workspace.error import (
from controllers.console.wraps import (
account_initialization_required,
cloud_edition_billing_enabled,
+ enable_change_email,
enterprise_license_required,
only_edition_cloud,
setup_required,
)
from extensions.ext_database import db
from fields.member_fields import account_fields
-from libs.helper import TimestampField, timezone
+from libs.helper import TimestampField, email, extract_remote_ip, timezone
from libs.login import login_required
from models import AccountIntegrate, InvitationCode
+from models.account import Account
from services.account_service import AccountService
from services.billing_service import BillingService
from services.errors.account import CurrentPasswordIncorrectError as ServiceCurrentPasswordIncorrectError
@@ -369,6 +381,137 @@ class EducationAutoCompleteApi(Resource):
return BillingService.EducationIdentity.autocomplete(args["keywords"], args["page"], args["limit"])
+class ChangeEmailSendEmailApi(Resource):
+ @enable_change_email
+ @setup_required
+ @login_required
+ @account_initialization_required
+ def post(self):
+ parser = reqparse.RequestParser()
+ parser.add_argument("email", type=email, required=True, location="json")
+ parser.add_argument("language", type=str, required=False, location="json")
+ parser.add_argument("phase", type=str, required=False, location="json")
+ parser.add_argument("token", type=str, required=False, location="json")
+ args = parser.parse_args()
+
+ ip_address = extract_remote_ip(request)
+ if AccountService.is_email_send_ip_limit(ip_address):
+ raise EmailSendIpLimitError()
+
+ if args["language"] is not None and args["language"] == "zh-Hans":
+ language = "zh-Hans"
+ else:
+ language = "en-US"
+ account = None
+ user_email = args["email"]
+ if args["phase"] is not None and args["phase"] == "new_email":
+ if args["token"] is None:
+ raise InvalidTokenError()
+
+ reset_data = AccountService.get_change_email_data(args["token"])
+ if reset_data is None:
+ raise InvalidTokenError()
+ user_email = reset_data.get("email", "")
+
+ if user_email == current_user.email:
+ raise InvalidEmailError()
+ else:
+ with Session(db.engine) as session:
+ account = session.execute(select(Account).filter_by(email=args["email"])).scalar_one_or_none()
+ if account is None:
+ raise AccountNotFound()
+
+ token = AccountService.send_change_email_email(
+ account=account, email=args["email"], old_email=user_email, language=language, phase=args["phase"]
+ )
+ return {"result": "success", "data": token}
+
+
+class ChangeEmailCheckApi(Resource):
+ @enable_change_email
+ @setup_required
+ @login_required
+ @account_initialization_required
+ def post(self):
+ parser = reqparse.RequestParser()
+ parser.add_argument("email", type=email, required=True, location="json")
+ parser.add_argument("code", type=str, required=True, location="json")
+ parser.add_argument("token", type=str, required=True, nullable=False, location="json")
+ args = parser.parse_args()
+
+ user_email = args["email"]
+
+ is_change_email_error_rate_limit = AccountService.is_change_email_error_rate_limit(args["email"])
+ if is_change_email_error_rate_limit:
+ raise EmailChangeLimitError()
+
+ token_data = AccountService.get_change_email_data(args["token"])
+ if token_data is None:
+ raise InvalidTokenError()
+
+ if user_email != token_data.get("email"):
+ raise InvalidEmailError()
+
+ if args["code"] != token_data.get("code"):
+ AccountService.add_change_email_error_rate_limit(args["email"])
+ raise EmailCodeError()
+
+ # Verified, revoke the first token
+ AccountService.revoke_change_email_token(args["token"])
+
+ # Refresh token data by generating a new token
+ _, new_token = AccountService.generate_change_email_token(
+ user_email, code=args["code"], old_email=token_data.get("old_email"), additional_data={}
+ )
+
+ AccountService.reset_change_email_error_rate_limit(args["email"])
+ return {"is_valid": True, "email": token_data.get("email"), "token": new_token}
+
+
+class ChangeEmailResetApi(Resource):
+ @enable_change_email
+ @setup_required
+ @login_required
+ @account_initialization_required
+ @marshal_with(account_fields)
+ def post(self):
+ parser = reqparse.RequestParser()
+ parser.add_argument("new_email", type=email, required=True, location="json")
+ parser.add_argument("token", type=str, required=True, nullable=False, location="json")
+ args = parser.parse_args()
+
+ reset_data = AccountService.get_change_email_data(args["token"])
+ if not reset_data:
+ raise InvalidTokenError()
+ # Must use token in reset phase
+ if reset_data.get("phase", "") != "change_email":
+ raise InvalidTokenError()
+
+ AccountService.revoke_change_email_token(args["token"])
+
+ if not AccountService.check_email_unique(args["new_email"]):
+ raise EmailAlreadyInUseError()
+
+ old_email = reset_data.get("old_email", "")
+ if current_user.email != old_email:
+ raise AccountNotFound()
+
+ updated_account = AccountService.update_account(current_user, email=args["new_email"])
+
+ return updated_account
+
+
+class CheckEmailUnique(Resource):
+ @setup_required
+ def post(self):
+ parser = reqparse.RequestParser()
+ parser.add_argument("email", type=email, required=True, location="json")
+ args = parser.parse_args()
+ if not AccountService.check_email_unique(args["email"]):
+ raise EmailAlreadyInUseError()
+ return {"result": "success"}
+
+
# Register API resources
api.add_resource(AccountInitApi, "/account/init")
api.add_resource(AccountProfileApi, "/account/profile")
@@ -385,5 +528,10 @@ api.add_resource(AccountDeleteUpdateFeedbackApi, "/account/delete/feedback")
api.add_resource(EducationVerifyApi, "/account/education/verify")
api.add_resource(EducationApi, "/account/education")
api.add_resource(EducationAutoCompleteApi, "/account/education/autocomplete")
+# Change email
+api.add_resource(ChangeEmailSendEmailApi, "/account/change-email")
+api.add_resource(ChangeEmailCheckApi, "/account/change-email/validity")
+api.add_resource(ChangeEmailResetApi, "/account/change-email/reset")
+api.add_resource(CheckEmailUnique, "/account/change-email/check-email-unique")
# api.add_resource(AccountEmailApi, '/account/email')
# api.add_resource(AccountEmailVerifyApi, '/account/email-verify')
diff --git a/api/controllers/console/wraps.py b/api/controllers/console/wraps.py
index ca122772de..feb4b2ec39 100644
--- a/api/controllers/console/wraps.py
+++ b/api/controllers/console/wraps.py
@@ -235,3 +235,16 @@ def email_password_login_enabled(view):
abort(403)
return decorated
+
+
+def enable_change_email(view):
+ @wraps(view)
+ def decorated(*args, **kwargs):
+ features = FeatureService.get_system_features()
+ if features.enable_change_email:
+ return view(*args, **kwargs)
+
+ # otherwise, return 403
+ abort(403)
+
+ return decorated
diff --git a/api/services/account_service.py b/api/services/account_service.py
index d9a9c4f280..4e0b821478 100644
--- a/api/services/account_service.py
+++ b/api/services/account_service.py
@@ -53,6 +53,7 @@ from services.errors.workspace import WorkSpaceNotAllowedCreateError, Workspaces
from services.feature_service import FeatureService
from tasks.delete_account_task import delete_account_task
from tasks.mail_account_deletion_task import send_account_deletion_verification_code
+from tasks.mail_change_mail_task import send_change_mail_task
from tasks.mail_email_code_login import send_email_code_login_mail_task
from tasks.mail_invite_member_task import send_invite_member_mail_task
from tasks.mail_reset_password_task import send_reset_password_mail_task
@@ -76,8 +77,10 @@ class AccountService:
email_code_account_deletion_rate_limiter = RateLimiter(
prefix="email_code_account_deletion_rate_limit", max_attempts=1, time_window=60 * 1
)
+ change_email_rate_limiter = RateLimiter(prefix="change_email_rate_limit", max_attempts=1, time_window=60 * 1)
LOGIN_MAX_ERROR_LIMITS = 5
FORGOT_PASSWORD_MAX_ERROR_LIMITS = 5
+ CHANGE_EMAIL_MAX_ERROR_LIMITS = 5
@staticmethod
def _get_refresh_token_key(refresh_token: str) -> str:
@@ -420,6 +423,35 @@ class AccountService:
cls.reset_password_rate_limiter.increment_rate_limit(account_email)
return token
+ @classmethod
+ def send_change_email_email(
+ cls,
+ account: Optional[Account] = None,
+ email: Optional[str] = None,
+ old_email: Optional[str] = None,
+ language: Optional[str] = "en-US",
+ phase: Optional[str] = None,
+ ):
+ account_email = account.email if account else email
+ if account_email is None:
+ raise ValueError("Email must be provided.")
+
+ if cls.change_email_rate_limiter.is_rate_limited(account_email):
+ from controllers.console.auth.error import EmailChangeRateLimitExceededError
+
+ raise EmailChangeRateLimitExceededError()
+
+ code, token = cls.generate_change_email_token(account_email, account, old_email=old_email)
+
+ send_change_mail_task.delay(
+ language=language,
+ to=account_email,
+ code=code,
+ phase=phase,
+ )
+ cls.change_email_rate_limiter.increment_rate_limit(account_email)
+ return token
+
@classmethod
def generate_reset_password_token(
cls,
@@ -436,14 +468,40 @@ class AccountService:
)
return code, token
+ @classmethod
+ def generate_change_email_token(
+ cls,
+ email: str,
+ account: Optional[Account] = None,
+ code: Optional[str] = None,
+ old_email: Optional[str] = None,
+ additional_data: dict[str, Any] = {},
+ ):
+ if not code:
+ code = "".join([str(secrets.randbelow(exclusive_upper_bound=10)) for _ in range(6)])
+ additional_data["code"] = code
+ additional_data["old_email"] = old_email
+ token = TokenManager.generate_token(
+ account=account, email=email, token_type="change_email", additional_data=additional_data
+ )
+ return code, token
+
@classmethod
def revoke_reset_password_token(cls, token: str):
TokenManager.revoke_token(token, "reset_password")
+ @classmethod
+ def revoke_change_email_token(cls, token: str):
+ TokenManager.revoke_token(token, "change_email")
+
@classmethod
def get_reset_password_data(cls, token: str) -> Optional[dict[str, Any]]:
return TokenManager.get_token_data(token, "reset_password")
+ @classmethod
+ def get_change_email_data(cls, token: str) -> Optional[dict[str, Any]]:
+ return TokenManager.get_token_data(token, "change_email")
+
@classmethod
def send_email_code_login_email(
cls, account: Optional[Account] = None, email: Optional[str] = None, language: Optional[str] = "en-US"
@@ -553,6 +611,34 @@ class AccountService:
key = f"forgot_password_error_rate_limit:{email}"
redis_client.delete(key)
+ @staticmethod
+ @redis_fallback(default_return=None)
+ def add_change_email_error_rate_limit(email: str) -> None:
+ key = f"change_email_error_rate_limit:{email}"
+ count = redis_client.get(key)
+ if count is None:
+ count = 0
+ count = int(count) + 1
+ redis_client.setex(key, dify_config.CHANGE_EMAIL_LOCKOUT_DURATION, count)
+
+ @staticmethod
+ @redis_fallback(default_return=False)
+ def is_change_email_error_rate_limit(email: str) -> bool:
+ key = f"change_email_error_rate_limit:{email}"
+ count = redis_client.get(key)
+ if count is None:
+ return False
+ count = int(count)
+ if count > AccountService.CHANGE_EMAIL_MAX_ERROR_LIMITS:
+ return True
+ return False
+
+ @staticmethod
+ @redis_fallback(default_return=None)
+ def reset_change_email_error_rate_limit(email: str):
+ key = f"change_email_error_rate_limit:{email}"
+ redis_client.delete(key)
+
@staticmethod
@redis_fallback(default_return=False)
def is_email_send_ip_limit(ip_address: str):
@@ -594,6 +680,10 @@ class AccountService:
return False
+ @staticmethod
+ def check_email_unique(email: str) -> bool:
+ return db.session.query(Account).filter_by(email=email).first() is None
+
class TenantService:
@staticmethod
diff --git a/api/services/feature_service.py b/api/services/feature_service.py
index 188caf3505..3f164431fb 100644
--- a/api/services/feature_service.py
+++ b/api/services/feature_service.py
@@ -123,7 +123,6 @@ class FeatureModel(BaseModel):
dataset_operator_enabled: bool = False
webapp_copyright_enabled: bool = False
workspace_members: LicenseLimitationModel = LicenseLimitationModel(enabled=False, size=0, limit=0)
-
# pydantic configs
model_config = ConfigDict(protected_namespaces=())
@@ -149,6 +148,7 @@ class SystemFeatureModel(BaseModel):
branding: BrandingModel = BrandingModel()
webapp_auth: WebAppAuthModel = WebAppAuthModel()
plugin_installation_permission: PluginInstallationPermissionModel = PluginInstallationPermissionModel()
+ enable_change_email: bool = True
class FeatureService:
@@ -186,6 +186,7 @@ class FeatureService:
if dify_config.ENTERPRISE_ENABLED:
system_features.branding.enabled = True
system_features.webapp_auth.enabled = True
+ system_features.enable_change_email = False
cls._fulfill_params_from_enterprise(system_features)
if dify_config.MARKETPLACE_ENABLED:
diff --git a/api/tasks/mail_change_mail_task.py b/api/tasks/mail_change_mail_task.py
new file mode 100644
index 0000000000..da44040b7d
--- /dev/null
+++ b/api/tasks/mail_change_mail_task.py
@@ -0,0 +1,78 @@
+import logging
+import time
+
+import click
+from celery import shared_task # type: ignore
+from flask import render_template
+
+from extensions.ext_mail import mail
+from services.feature_service import FeatureService
+
+
+@shared_task(queue="mail")
+def send_change_mail_task(language: str, to: str, code: str, phase: str):
+ """
+ Async Send change email mail
+ :param language: Language in which the email should be sent (e.g., 'en', 'zh')
+ :param to: Recipient email address
+ :param code: Change email code
+ :param phase: Change email phase (new_email, old_email)
+ """
+ if not mail.is_inited():
+ return
+
+ logging.info(click.style("Start change email mail to {}".format(to), fg="green"))
+ start_at = time.perf_counter()
+
+ email_config = {
+ "zh-Hans": {
+ "old_email": {
+ "subject": "检测您现在的邮箱",
+ "template_with_brand": "change_mail_confirm_old_template_zh-CN.html",
+ "template_without_brand": "without-brand/change_mail_confirm_old_template_zh-CN.html",
+ },
+ "new_email": {
+ "subject": "确认您的邮箱地址变更",
+ "template_with_brand": "change_mail_confirm_new_template_zh-CN.html",
+ "template_without_brand": "without-brand/change_mail_confirm_new_template_zh-CN.html",
+ },
+ },
+ "en": {
+ "old_email": {
+ "subject": "Check your current email",
+ "template_with_brand": "change_mail_confirm_old_template_en-US.html",
+ "template_without_brand": "without-brand/change_mail_confirm_old_template_en-US.html",
+ },
+ "new_email": {
+ "subject": "Confirm your new email address",
+ "template_with_brand": "change_mail_confirm_new_template_en-US.html",
+ "template_without_brand": "without-brand/change_mail_confirm_new_template_en-US.html",
+ },
+ },
+ }
+
+ # send change email mail using different languages
+ try:
+ system_features = FeatureService.get_system_features()
+ lang_key = "zh-Hans" if language == "zh-Hans" else "en"
+
+ if phase not in ["old_email", "new_email"]:
+ raise ValueError("Invalid phase")
+
+ config = email_config[lang_key][phase]
+ subject = config["subject"]
+
+ if system_features.branding.enabled:
+ template = config["template_without_brand"]
+ else:
+ template = config["template_with_brand"]
+
+ html_content = render_template(template, to=to, code=code)
+ mail.send(to=to, subject=subject, html=html_content)
+
+ end_at = time.perf_counter()
+ logging.info(
+ click.style("Send change email mail to {} succeeded: latency: {}".format(to, end_at - start_at), fg="green")
+ )
+ except Exception:
+ logging.exception("Send change email mail to {} failed".format(to))
diff --git a/api/templates/change_mail_confirm_new_template_en-US.html b/api/templates/change_mail_confirm_new_template_en-US.html
new file mode 100644
index 0000000000..7e2ccca493
--- /dev/null
+++ b/api/templates/change_mail_confirm_new_template_en-US.html
@@ -0,0 +1,89 @@
+
+
+
+
+
+
+
+
+
+
+
Confirm Your New Email Address
+
You’re updating the email address linked to your Dify account.
+
+ To confirm this action, please use the verification code below.
+ This code will only be valid for the next 5 minutes:
+
+ {{code}}
+
+
If you didn’t make this request, please ignore this email or contact support immediately.
+
+
+
确认您的邮箱地址变更
+
您正在更新与您的 Dify 账户关联的邮箱地址。
+
+ 为了确认此操作,请使用以下验证码。
+ 此验证码仅在接下来的5分钟内有效:
+
+ {{code}}
+
+
如果您没有请求变更邮箱地址,请忽略此邮件或立即联系支持。
+
+
+
Verify Your Request to Change Email
+
We received a request to change the email address associated with your Dify account.
+
+ To confirm this action, please use the verification code below.
+ This code will only be valid for the next 5 minutes:
+
+ {{code}}
+
+
If you didn’t make this request, please ignore this email or contact support immediately.
+
+
+
验证您的邮箱变更请求
+
我们收到了一个变更您 Dify 账户关联邮箱地址的请求。
+
+ 我们收到了一个变更您 Dify 账户关联邮箱地址的请求。
+ 此验证码仅在接下来的5分钟内有效:
+
+ {{code}}
+
+
如果您没有请求变更邮箱地址,请忽略此邮件或立即联系支持。
+
+
Confirm Your New Email Address
+
You’re updating the email address linked to your Dify account.
+
+ To confirm this action, please use the verification code below.
+ This code will only be valid for the next 5 minutes:
+
+ {{code}}
+
+
If you didn’t make this request, please ignore this email or contact support immediately.
+
+
确认您的邮箱地址变更
+
您正在更新与您的 Dify 账户关联的邮箱地址。
+
+ 为了确认此操作,请使用以下验证码。
+ 此验证码仅在接下来的5分钟内有效:
+
+ {{code}}
+
+
如果您没有请求变更邮箱地址,请忽略此邮件或立即联系支持。
+
+
Verify Your Request to Change Email
+
We received a request to change the email address associated with your Dify account.
+
+ To confirm this action, please use the verification code below.
+ This code will only be valid for the next 5 minutes:
+
+ {{code}}
+
+
If you didn’t make this request, please ignore this email or contact support immediately.
+
+
验证您的邮箱变更请求
+
我们收到了一个变更您 Dify 账户关联邮箱地址的请求。
+
+ 为了确认此操作,请使用以下验证码。
+ 此验证码仅在接下来的5分钟内有效:
+
+ {{code}}
+
+
如果您没有请求变更邮箱地址,请忽略此邮件或立即联系支持。
+
+