fix: query end user by session_id when when exchanging token

2025-08-06 08:36:08 +08:00 · 2025-06-04 00:12:45 +09:00 · 2025-06-04 00:12:45 +09:00 · 28eb95276d
commit 28eb95276d
parent b39bd0325d
1 changed files with 10 additions and 0 deletions
--- a/api/controllers/web/passport.py
+++ b/api/controllers/web/passport.py
@ -127,6 +127,16 @@ def exchange_token_for_existing_web_user(app_code: str, enterprise_user_decoded:
    end_user = None
    if end_user_id:
        end_user = db.session.query(EndUser).filter(EndUser.id == end_user_id).first()
+    if session_id:
+        end_user = (
+            db.session.query(EndUser)
+            .filter(
+                EndUser.session_id == session_id,
+                EndUser.tenant_id == app_model.tenant_id,
+                EndUser.app_id == app_model.id,
+            )
+            .first()
+        )
    if not end_user:
        if not session_id:
            raise NotFound("Missing session_id for existing web user.")