opensource/dify
2
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-04-28 20:17:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: move sso setting changes in wraps

Browse Source
This commit is contained in:
GareArc 2025-06-05 01:32:56 +09:00
parent 743672f78d
commit 4e17af5326
No known key found for this signature in database
2 changed files with 17 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
api/controllers/web/passport.py
View File

@ -104,23 +104,8 @@ def decode_enterprise_webapp_user_id(jwt_token: str | None):
decoded = PassportService().verify(jwt_token) decoded = PassportService().verify(jwt_token)
source = decoded.get("token_source") source = decoded.get("token_source")
auth_type = decoded.get("auth_type")
granted_at = decoded.get("granted_at")
if not source or source != "webapp_login_token": if not source or source != "webapp_login_token":
raise Unauthorized("Invalid token source. Expected 'webapp_login_token'.") raise Unauthorized("Invalid token source. Expected 'webapp_login_token'.")
if not auth_type:
raise Unauthorized("Missing auth_type in the token.")
if not granted_at:
raise Unauthorized("Missing granted_at in the token.")
# check if sso has been updated
if auth_type == "external":
last_update_time = EnterpriseService.get_app_sso_settings_last_update_time()
if granted_at and datetime.fromtimestamp(granted_at, tz=UTC) < last_update_time:
raise Unauthorized("SSO settings have been updated. Please re-login.")
elif auth_type == "internal":
last_update_time = EnterpriseService.get_workspace_sso_settings_last_update_time()
if granted_at and datetime.fromtimestamp(granted_at, tz=UTC) < last_update_time:
raise Unauthorized("SSO settings have been updated. Please re-login.")
return decoded return decoded

17
api/controllers/web/wraps.py
View File

@ -1,3 +1,4 @@
from datetime import UTC, datetime
from functools import wraps from functools import wraps
from flask import request from flask import request
@ -122,6 +123,22 @@ def _validate_user_accessibility(
if not EnterpriseService.WebAppAuth.is_user_allowed_to_access_webapp(user_id, app_code=app_code): if not EnterpriseService.WebAppAuth.is_user_allowed_to_access_webapp(user_id, app_code=app_code):
raise WebAppAuthAccessDeniedError() raise WebAppAuthAccessDeniedError()
auth_type = decoded.get("auth_type")
granted_at = decoded.get("granted_at")
if not auth_type:
raise WebAppAuthAccessDeniedError("Missing auth_type in the token.")
if not granted_at:
raise WebAppAuthAccessDeniedError("Missing granted_at in the token.")
# check if sso has been updated
if auth_type == "external":
last_update_time = EnterpriseService.get_app_sso_settings_last_update_time()
if granted_at and datetime.fromtimestamp(granted_at, tz=UTC) < last_update_time:
raise WebAppAuthAccessDeniedError("SSO settings have been updated. Please re-login.")
elif auth_type == "internal":
last_update_time = EnterpriseService.get_workspace_sso_settings_last_update_time()
if granted_at and datetime.fromtimestamp(granted_at, tz=UTC) < last_update_time:
raise WebAppAuthAccessDeniedError("SSO settings have been updated. Please re-login.")
class WebApiResource(Resource): class WebApiResource(Resource):
method_decorators = [validate_jwt_token] method_decorators = [validate_jwt_token]