fix: remove app code retrival in web app login

2025-08-08 20:19:03 +08:00 · 2025-05-29 11:04:05 +08:00 · 2025-05-29 11:04:05 +08:00 · 2b9b852c31
commit 2b9b852c31
parent e9ae79d398
2 changed files with 12 additions and 27 deletions
--- a/api/controllers/web/login.py
+++ b/api/controllers/web/login.py
@ -1,11 +1,11 @@
-from flask import request
 from flask_restful import Resource, reqparse
 from jwt import InvalidTokenError  # type: ignore
 from web import api
-from werkzeug.exceptions import BadRequest

 import services
-from controllers.console.auth.error import EmailCodeError, EmailOrPasswordMismatchError, InvalidEmailError
+from controllers.console.auth.error import (EmailCodeError,
+                                            EmailOrPasswordMismatchError,
+                                            InvalidEmailError)
 from controllers.console.error import AccountBannedError, AccountNotFound
 from controllers.console.wraps import only_edition_enterprise, setup_required
 from controllers.web import api
@ -27,10 +27,6 @@ class LoginApi(Resource):
        parser.add_argument("password", type=valid_password, required=True, location="json")
        args = parser.parse_args()

-        app_code = request.headers.get("X-App-Code")
-        if app_code is None:
-            raise BadRequest("X-App-Code header is missing.")
-
        try:
            account = WebAppAuthService.authenticate(args["email"], args["password"])
        except services.errors.account.AccountLoginError:
@ -40,9 +36,7 @@ class LoginApi(Resource):
        except services.errors.account.AccountNotFoundError:
            raise AccountNotFound()

-        end_user = WebAppAuthService.create_end_user(email=args["email"], app_code=app_code)
-
-        token = WebAppAuthService.login(account=account, app_code=app_code, end_user_id=end_user.id)
+        token = WebAppAuthService.login(account=account)
        return {"result": "success", "token": token}


@ -90,9 +84,6 @@ class EmailCodeLoginApi(Resource):
        args = parser.parse_args()

        user_email = args["email"]
-        app_code = request.headers.get("X-App-Code")
-        if app_code is None:
-            raise BadRequest("X-App-Code header is missing.")

        token_data = WebAppAuthService.get_email_code_login_data(args["token"])
        if token_data is None:
@ -109,9 +100,7 @@ class EmailCodeLoginApi(Resource):
        if not account:
            raise AccountNotFound()

-        end_user = WebAppAuthService.create_end_user(email=user_email, app_code=app_code)
-
-        token = WebAppAuthService.login(account=account, app_code=app_code, end_user_id=end_user.id)
+        token = WebAppAuthService.login(account=account)
        AccountService.reset_login_error_rate_limit(args["email"])
        return {"result": "success", "token": token}

--- a/api/services/webapp_auth_service.py
+++ b/api/services/webapp_auth_service.py
@ -2,7 +2,7 @@ import random
 from datetime import UTC, datetime, timedelta
 from typing import Any, Optional, cast

-from werkzeug.exceptions import NotFound, Unauthorized
+from werkzeug.exceptions import Unauthorized

 from configs import dify_config
 from extensions.ext_database import db
@ -11,7 +11,8 @@ from libs.passport import PassportService
 from libs.password import compare_password
 from models.account import Account, AccountStatus
 from models.model import App, EndUser, Site
-from services.errors.account import AccountLoginError, AccountNotFoundError, AccountPasswordError
+from services.errors.account import (AccountLoginError, AccountNotFoundError,
+                                     AccountPasswordError)
 from tasks.mail_email_code_login import send_email_code_login_mail_task


@ -34,12 +35,8 @@ class WebAppAuthService:
        return cast(Account, account)

    @classmethod
-    def login(cls, account: Account, app_code: str, end_user_id: str) -> str:
-        site = db.session.query(Site).filter(Site.code == app_code).first()
-        if not site:
-            raise NotFound("Site not found.")
-
-        access_token = cls._get_account_jwt_token(account=account, site=site, end_user_id=end_user_id)
+    def login(cls, account: Account) -> str:
+        access_token = cls._get_account_jwt_token(account=account)

        return access_token

@ -101,14 +98,13 @@ class WebAppAuthService:
        return end_user

    @classmethod
-    def _get_account_jwt_token(cls, account: Account, site: Site, end_user_id: str) -> str:
-        exp_dt = datetime.now(UTC) + timedelta(hours=dify_config.WebAppSessionTimeoutInHours * 24)
+    def _get_account_jwt_token(cls, account: Account) -> str:
+        exp_dt = datetime.now(UTC) + timedelta(hours=dify_config.ACCESS_TOKEN_EXPIRE_MINUTES * 24)
        exp = int(exp_dt.timestamp())

        payload = {
            "sub": "Web API Passport",
            "user_id": account.id,
-            "end_user_id": end_user_id,
            "token_source": "webapp_login_token",
            "exp": exp,
        }