From 63eba34af732956c08e04d05f0233c0cc96daf63 Mon Sep 17 00:00:00 2001
From: "yunlu.wen" <yunlu.wen@dify.ai>
Date: Mon, 20 Oct 2025 14:31:49 +0800
Subject: [PATCH] consistent login status check

---
 api/controllers/console/auth/login.py | 12 +++++++++---
 api/libs/passport.py                  |  4 +++-
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/api/controllers/console/auth/login.py b/api/controllers/console/auth/login.py
index 277f9a60a8..15001d07e2 100644
--- a/api/controllers/console/auth/login.py
+++ b/api/controllers/console/auth/login.py
@@ -25,12 +25,13 @@ from controllers.console.wraps import email_password_login_enabled, setup_requir
 from events.tenant_event import tenant_was_created
 from libs.helper import email, extract_remote_ip
 from libs.login import current_account_with_tenant
+from libs.passport import PassportService
 from libs.token import (
+    check_csrf_token,
     clear_access_token_from_cookie,
     clear_csrf_token_from_cookie,
     clear_refresh_token_from_cookie,
     extract_access_token,
-    extract_csrf_token,
     set_access_token_to_cookie,
     set_csrf_token_to_cookie,
     set_refresh_token_to_cookie,
@@ -294,5 +295,10 @@ class RefreshTokenApi(Resource):
 class LoginStatus(Resource):
     def get(self):
         token = extract_access_token(request)
-        csrf_token = extract_csrf_token(request)
-        return {"logged_in": bool(token) and bool(csrf_token)}
+        res = True
+        try:
+            validated = PassportService().verify(token=token)
+            check_csrf_token(request=request, user_id=validated.get("user_id", ""))
+        except Exception:
+            res = False
+        return {"logged_in": res}
diff --git a/api/libs/passport.py b/api/libs/passport.py
index 22dd20b73b..77f14cf07c 100644
--- a/api/libs/passport.py
+++ b/api/libs/passport.py
@@ -1,3 +1,5 @@
+from typing import Any
+
 import jwt
 from werkzeug.exceptions import Unauthorized
 
@@ -11,7 +13,7 @@ class PassportService:
     def issue(self, payload):
         return jwt.encode(payload, self.sk, algorithm="HS256")
 
-    def verify(self, token):
+    def verify(self, token) -> dict[str, Any]:
         try:
             return jwt.decode(token, self.sk, algorithms=["HS256"])
         except jwt.ExpiredSignatureError: