From a1dc3cfdecf5a91c505e707a7f1b1327b3901494 Mon Sep 17 00:00:00 2001
From: GareArc <chen4851@purdue.edu>
Date: Fri, 11 Apr 2025 02:45:46 -0400
Subject: [PATCH] fix: update  code for access denied error

---
 api/controllers/web/error.py        | 4 ++--
 api/controllers/web/wraps.py        | 5 +++--
 api/services/webapp_auth_service.py | 4 ++--
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/api/controllers/web/error.py b/api/controllers/web/error.py
index 45ab93d324..4371e679db 100644
--- a/api/controllers/web/error.py
+++ b/api/controllers/web/error.py
@@ -127,8 +127,8 @@ class WebAppAuthRequiredError(BaseHTTPException):
     code = 401
 
 
-class WebAppAuthFailedError(BaseHTTPException):
-    error_code = "web_app_auth_failed"
+class WebAppAuthAccessDeniedError(BaseHTTPException):
+    error_code = "web_app_access_denied"
     description = "You do not have permission to access this web app."
     code = 401
 
diff --git a/api/controllers/web/wraps.py b/api/controllers/web/wraps.py
index a009cd3288..5a74296b82 100644
--- a/api/controllers/web/wraps.py
+++ b/api/controllers/web/wraps.py
@@ -4,7 +4,8 @@ from flask import request
 from flask_restful import Resource  # type: ignore
 from werkzeug.exceptions import BadRequest, NotFound, Unauthorized
 
-from controllers.web.error import WebAppAuthFailedError, WebAppAuthRequiredError
+from controllers.web.error import (WebAppAuthAccessDeniedError,
+                                   WebAppAuthRequiredError)
 from extensions.ext_database import db
 from libs.passport import PassportService
 from models.model import App, EndUser, Site
@@ -103,7 +104,7 @@ def _validate_user_accessibility(decoded, app_code, app_web_auth_enabled: bool,
             raise WebAppAuthRequiredError()
 
         if not EnterpriseService.is_user_allowed_to_access_webapp(user_id, app_code=app_code):
-            raise WebAppAuthFailedError()
+            raise WebAppAuthAccessDeniedError()
 
 
 class WebApiResource(Resource):
diff --git a/api/services/webapp_auth_service.py b/api/services/webapp_auth_service.py
index f9dd80a729..6a4a9c795e 100644
--- a/api/services/webapp_auth_service.py
+++ b/api/services/webapp_auth_service.py
@@ -5,7 +5,7 @@ from typing import Any, Optional, cast
 from werkzeug.exceptions import NotFound, Unauthorized
 
 from configs import dify_config
-from controllers.web.error import WebAppAuthFailedError
+from controllers.web.error import WebAppAuthAccessDeniedError
 from extensions.ext_database import db
 from libs.helper import TokenManager
 from libs.passport import PassportService
@@ -115,7 +115,7 @@ class WebAppAuthService:
             if app_settings.access_mode != "public" and not EnterpriseService.is_user_allowed_to_access_webapp(
                 account.id, app_code=app_code
             ):
-                raise WebAppAuthFailedError()
+                raise WebAppAuthAccessDeniedError()
 
     @classmethod
     def _get_account_jwt_token(cls, account: Account, site: Site, end_user_id: str) -> str: