Merge branch 'feat/webapp-verified-sso-main' into deploy/enterprise

2025-08-06 08:26:04 +08:00 · 2025-05-30 16:17:56 +08:00 · 2025-05-30 16:17:56 +08:00 · c7ea48ccc1
commit c7ea48ccc1
parent 72de689079 8c78286e5f
2 changed files with 17 additions and 13 deletions
--- a/api/controllers/web/forgot_password.py
+++ b/api/controllers/web/forgot_password.py
@ -1,29 +1,28 @@
 import base64
 import secrets

-from flask import request
-from flask_restful import Resource, reqparse
-from sqlalchemy import select
-from sqlalchemy.orm import Session
-
-from controllers.console.auth.error import (
-    EmailCodeError,
-    EmailPasswordResetLimitError,
-    InvalidEmailError,
-    InvalidTokenError,
-    PasswordMismatchError,
-)
+from controllers.console.auth.error import (EmailCodeError,
+                                            EmailPasswordResetLimitError,
+                                            InvalidEmailError,
+                                            InvalidTokenError,
+                                            PasswordMismatchError)
 from controllers.console.error import AccountNotFound, EmailSendIpLimitError
-from controllers.console.wraps import email_password_login_enabled, setup_required
+from controllers.console.wraps import (email_password_login_enabled,
+                                       only_edition_enterprise, setup_required)
 from controllers.web import api
 from extensions.ext_database import db
+from flask import request
+from flask_restful import Resource, reqparse
 from libs.helper import email, extract_remote_ip
 from libs.password import hash_password, valid_password
 from models.account import Account
 from services.account_service import AccountService
+from sqlalchemy import select
+from sqlalchemy.orm import Session


 class ForgotPasswordSendEmailApi(Resource):
+    @only_edition_enterprise
    @setup_required
    @email_password_login_enabled
    def post(self):
@ -53,6 +52,7 @@ class ForgotPasswordSendEmailApi(Resource):


 class ForgotPasswordCheckApi(Resource):
+    @only_edition_enterprise
    @setup_required
    @email_password_login_enabled
    def post(self):
@ -92,6 +92,7 @@ class ForgotPasswordCheckApi(Resource):


 class ForgotPasswordResetApi(Resource):
+    @only_edition_enterprise
    @setup_required
    @email_password_login_enabled
    def post(self):
--- a/api/extensions/ext_login.py
+++ b/api/extensions/ext_login.py
@ -37,6 +37,9 @@ def load_user_from_request(request_from_flask_login):
            raise Unauthorized("Invalid Authorization token.")
        decoded = PassportService().verify(auth_token)
        user_id = decoded.get("user_id")
+        source = decoded.get("token_source")
+        if source:
+            raise Unauthorized("Invalid Authorization token.")
        if not user_id:
            raise Unauthorized("Invalid Authorization token.")