From 88d5e27fe8f2211ef2b4222b4e4f4d13ee7f445b Mon Sep 17 00:00:00 2001
From: Garfield Dai <dai.hai@foxmail.com>
Date: Mon, 15 Sep 2025 14:49:23 +0800
Subject: [PATCH] Release/e-1.8.1 (#25613)

Co-authored-by: zxhlyh <jasonapring2015@outlook.com>
Co-authored-by: GareArc <chen4851@purdue.edu>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: hjlarry <hjlarry@163.com>
---
 ...dd_credential_status_for_provider_table.py | 33 +++++++++++++++
 .../enterprise/plugin_manager_service.py      |  6 +--
 .../model-auth/authorized/credential-item.tsx |  6 +--
 .../switch-credential-in-load-balancing.tsx   | 41 +++++++++++--------
 .../model-provider-page/model-modal/index.tsx |  8 ++--
 .../plugin-auth/authorized-in-node.tsx        | 20 ++++++++-
 .../plugins/plugin-auth/authorized/index.tsx  |  3 +-
 web/hooks/use-document-title.ts               | 20 +++++++++
 web/i18n/en-US/plugin.ts                      |  1 +
 web/i18n/zh-Hans/plugin.ts                    |  1 +
 10 files changed, 109 insertions(+), 30 deletions(-)
 create mode 100644 api/migrations/versions/2025_09_11_1537-cf7c38a32b2d_add_credential_status_for_provider_table.py

diff --git a/api/migrations/versions/2025_09_11_1537-cf7c38a32b2d_add_credential_status_for_provider_table.py b/api/migrations/versions/2025_09_11_1537-cf7c38a32b2d_add_credential_status_for_provider_table.py
new file mode 100644
index 0000000000..17467e6495
--- /dev/null
+++ b/api/migrations/versions/2025_09_11_1537-cf7c38a32b2d_add_credential_status_for_provider_table.py
@@ -0,0 +1,33 @@
+"""Add credential status for provider table
+
+Revision ID: cf7c38a32b2d
+Revises: c20211f18133
+Create Date: 2025-09-11 15:37:17.771298
+
+"""
+from alembic import op
+import models as models
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = 'cf7c38a32b2d'
+down_revision = 'c20211f18133'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    with op.batch_alter_table('providers', schema=None) as batch_op:
+        batch_op.add_column(sa.Column('credential_status', sa.String(length=20), server_default=sa.text("'active'::character varying"), nullable=True))
+
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    with op.batch_alter_table('providers', schema=None) as batch_op:
+        batch_op.drop_column('credential_status')
+
+    # ### end Alembic commands ###
\ No newline at end of file
diff --git a/api/services/enterprise/plugin_manager_service.py b/api/services/enterprise/plugin_manager_service.py
index ee8a932ded..1065d3842a 100644
--- a/api/services/enterprise/plugin_manager_service.py
+++ b/api/services/enterprise/plugin_manager_service.py
@@ -9,9 +9,9 @@ from services.errors.base import BaseServiceError
 logger = logging.getLogger(__name__)
 
 
-class PluginCredentialType(enum.IntEnum):
-    MODEL = enum.auto()
-    TOOL = enum.auto()
+class PluginCredentialType(enum.Enum):
+    MODEL = 0  # must be 0 for API contract compatibility
+    TOOL = 1  # must be 1 for API contract compatibility
 
     def to_number(self):
         return self.value
diff --git a/web/app/components/header/account-setting/model-provider-page/model-auth/authorized/credential-item.tsx b/web/app/components/header/account-setting/model-provider-page/model-auth/authorized/credential-item.tsx
index 2d792d1705..0aa4ac6fbc 100644
--- a/web/app/components/header/account-setting/model-provider-page/model-auth/authorized/credential-item.tsx
+++ b/web/app/components/header/account-setting/model-provider-page/model-auth/authorized/credential-item.tsx
@@ -92,10 +92,10 @@ const CredentialItem = ({
         )
       }
       {
-        showAction && (
+        showAction && !credential.from_enterprise && (
           <div className='ml-2 hidden shrink-0 items-center group-hover:flex'>
             {
-              !disableEdit && !credential.not_allowed_to_use && !credential.from_enterprise && (
+              !disableEdit && !credential.not_allowed_to_use && (
                 <Tooltip popupContent={t('common.operation.edit')}>
                   <ActionButton
                     disabled={disabled}
@@ -110,7 +110,7 @@ const CredentialItem = ({
               )
             }
             {
-              !disableDelete && !credential.from_enterprise && (
+              !disableDelete && (
                 <Tooltip popupContent={disableDeleteWhenSelected ? disableDeleteTip : t('common.operation.delete')}>
                   <ActionButton
                     className='hover:bg-transparent'
diff --git a/web/app/components/header/account-setting/model-provider-page/model-auth/switch-credential-in-load-balancing.tsx b/web/app/components/header/account-setting/model-provider-page/model-auth/switch-credential-in-load-balancing.tsx
index 6ca120aea6..5d2da57adb 100644
--- a/web/app/components/header/account-setting/model-provider-page/model-auth/switch-credential-in-load-balancing.tsx
+++ b/web/app/components/header/account-setting/model-provider-page/model-auth/switch-credential-in-load-balancing.tsx
@@ -37,51 +37,57 @@ const SwitchCredentialInLoadBalancing = ({
   onRemove,
 }: SwitchCredentialInLoadBalancingProps) => {
   const { t } = useTranslation()
-
+  const notAllowCustomCredential = provider.allow_custom_token === false
   const handleItemClick = useCallback((credential: Credential) => {
     setCustomModelCredential(credential)
   }, [setCustomModelCredential])
 
   const renderTrigger = useCallback(() => {
     const selectedCredentialId = customModelCredential?.credential_id
-    const authRemoved = !selectedCredentialId && !!credentials?.length
+    const currentCredential = credentials?.find(c => c.credential_id === selectedCredentialId)
+    const empty = !credentials?.length
+    const authRemoved = selectedCredentialId && !currentCredential && !empty
+    const unavailable = currentCredential?.not_allowed_to_use
+
     let color = 'green'
-    if (authRemoved && !customModelCredential?.not_allowed_to_use)
+    if (authRemoved || unavailable)
       color = 'red'
-    if (customModelCredential?.not_allowed_to_use)
-      color = 'gray'
 
     const Item = (
       <Button
         variant='secondary'
         className={cn(
           'shrink-0 space-x-1',
-          authRemoved && 'text-components-button-destructive-secondary-text',
-          customModelCredential?.not_allowed_to_use && 'cursor-not-allowed opacity-50',
+          (authRemoved || unavailable) && 'text-components-button-destructive-secondary-text',
+          empty && 'cursor-not-allowed opacity-50',
         )}
       >
-        <Indicator
-          className='mr-2'
-          color={color as any}
-        />
         {
-          authRemoved && !customModelCredential?.not_allowed_to_use && t('common.modelProvider.auth.authRemoved')
+          !empty && (
+            <Indicator
+              className='mr-2'
+              color={color as any}
+            />
+          )
         }
         {
-          !authRemoved && customModelCredential?.not_allowed_to_use && t('plugin.auth.credentialUnavailable')
+          authRemoved && t('common.modelProvider.auth.authRemoved')
         }
         {
-          !authRemoved && !customModelCredential?.not_allowed_to_use && customModelCredential?.credential_name
+          (unavailable || empty) && t('plugin.auth.credentialUnavailableInButton')
         }
         {
-          customModelCredential?.from_enterprise && (
+          !authRemoved && !unavailable && !empty && customModelCredential?.credential_name
+        }
+        {
+          currentCredential?.from_enterprise && (
             <Badge className='ml-2'>Enterprise</Badge>
           )
         }
         <RiArrowDownSLine className='h-4 w-4' />
       </Button>
     )
-    if (customModelCredential?.not_allowed_to_use) {
+    if (empty && notAllowCustomCredential) {
       return (
         <Tooltip
           asChild
@@ -92,7 +98,7 @@ const SwitchCredentialInLoadBalancing = ({
       )
     }
     return Item
-  }, [customModelCredential, t, credentials])
+  }, [customModelCredential, t, credentials, notAllowCustomCredential])
 
   return (
     <Authorized
@@ -123,6 +129,7 @@ const SwitchCredentialInLoadBalancing = ({
       enableAddModelCredential
       showItemSelectedIcon
       popupTitle={t('common.modelProvider.auth.modelCredentials')}
+      triggerOnlyOpenModal={!credentials?.length}
     />
   )
 }
diff --git a/web/app/components/header/account-setting/model-provider-page/model-modal/index.tsx b/web/app/components/header/account-setting/model-provider-page/model-modal/index.tsx
index 4ffbc8f191..9916fbbf04 100644
--- a/web/app/components/header/account-setting/model-provider-page/model-modal/index.tsx
+++ b/web/app/components/header/account-setting/model-provider-page/model-modal/index.tsx
@@ -114,7 +114,7 @@ const ModelModal: FC<ModelModalProps> = ({
   const formRef1 = useRef<FormRefObject>(null)
   const [selectedCredential, setSelectedCredential] = useState<Credential & { addNewCredential?: boolean } | undefined>()
   const formRef2 = useRef<FormRefObject>(null)
-  const isEditMode = !!Object.keys(formValues).filter((key) => {
+  const isEditMode = !!credential && !!Object.keys(formSchemasValue || {}).filter((key) => {
     return key !== '__model_name' && key !== '__model_type' && !!formValues[key]
   }).length && isCurrentWorkspaceManager
 
@@ -376,16 +376,16 @@ const ModelModal: FC<ModelModalProps> = ({
                     <a
                       href={provider.help?.url[language] || provider.help?.url.en_US}
                       target='_blank' rel='noopener noreferrer'
-                      className='system-xs-regular mt-2 inline-flex items-center text-text-accent'
+                      className='system-xs-regular mt-2 inline-block  align-middle text-text-accent'
                       onClick={e => !provider.help.url && e.preventDefault()}
                     >
                       {provider.help.title?.[language] || provider.help.url[language] || provider.help.title?.en_US || provider.help.url.en_US}
-                      <LinkExternal02 className='ml-1 h-3 w-3' />
+                      <LinkExternal02 className='ml-1 mt-[-2px] inline-block h-3 w-3' />
                     </a>
                   )
                   : <div />
               }
-              <div className='flex items-center justify-end space-x-2'>
+              <div className='ml-2 flex items-center justify-end space-x-2'>
                 {
                   isEditMode && (
                     <Button
diff --git a/web/app/components/plugins/plugin-auth/authorized-in-node.tsx b/web/app/components/plugins/plugin-auth/authorized-in-node.tsx
index 79eef66451..60297094c3 100644
--- a/web/app/components/plugins/plugin-auth/authorized-in-node.tsx
+++ b/web/app/components/plugins/plugin-auth/authorized-in-node.tsx
@@ -36,14 +36,22 @@ const AuthorizedInNode = ({
     disabled,
     invalidPluginCredentialInfo,
     notAllowCustomCredential,
-  } = usePluginAuth(pluginPayload, isOpen || !!credentialId)
+  } = usePluginAuth(pluginPayload, true)
   const renderTrigger = useCallback((open?: boolean) => {
     let label = ''
     let removed = false
     let unavailable = false
     let color = 'green'
+    let defaultUnavailable = false
     if (!credentialId) {
       label = t('plugin.auth.workspaceDefault')
+
+      const defaultCredential = credentials.find(c => c.is_default)
+
+      if (defaultCredential?.not_allowed_to_use) {
+        color = 'gray'
+        defaultUnavailable = true
+      }
     }
     else {
       const credential = credentials.find(c => c.id === credentialId)
@@ -63,6 +71,7 @@ const AuthorizedInNode = ({
           open && !removed && 'bg-components-button-ghost-bg-hover',
           removed && 'bg-transparent text-text-destructive',
         )}
+        variant={(defaultUnavailable || unavailable) ? 'ghost' : 'secondary'}
       >
         <Indicator
           className='mr-1.5'
@@ -70,7 +79,12 @@ const AuthorizedInNode = ({
         />
         {label}
         {
-          unavailable && t('plugin.auth.unavailable')
+          (unavailable || defaultUnavailable) && (
+            <>
+              &nbsp;
+              {t('plugin.auth.unavailable')}
+            </>
+          )
         }
         <RiArrowDownSLine
           className={cn(
@@ -81,6 +95,7 @@ const AuthorizedInNode = ({
       </Button>
     )
   }, [credentialId, credentials, t])
+  const defaultUnavailable = credentials.find(c => c.is_default)?.not_allowed_to_use
   const extraAuthorizationItems: Credential[] = [
     {
       id: '__workspace_default__',
@@ -88,6 +103,7 @@ const AuthorizedInNode = ({
       provider: '',
       is_default: !credentialId,
       isWorkspaceDefault: true,
+      not_allowed_to_use: defaultUnavailable,
     },
   ]
   const handleAuthorizationItemClick = useCallback((id: string) => {
diff --git a/web/app/components/plugins/plugin-auth/authorized/index.tsx b/web/app/components/plugins/plugin-auth/authorized/index.tsx
index 13265488c4..ad814b0206 100644
--- a/web/app/components/plugins/plugin-auth/authorized/index.tsx
+++ b/web/app/components/plugins/plugin-auth/authorized/index.tsx
@@ -174,6 +174,7 @@ const Authorized = ({
     }
   }, [updatePluginCredential, notify, t, handleSetDoingAction, onUpdate])
   const unavailableCredentials = credentials.filter(credential => credential.not_allowed_to_use)
+  const unavailableCredential = credentials.find(credential => credential.not_allowed_to_use && credential.is_default)
 
   return (
     <>
@@ -197,7 +198,7 @@ const Authorized = ({
                     'w-full',
                     isOpen && 'bg-components-button-secondary-bg-hover',
                   )}>
-                  <Indicator className='mr-2' />
+                  <Indicator className='mr-2' color={unavailableCredential ? 'gray' : 'green'} />
                   {credentials.length}&nbsp;
                   {
                     credentials.length > 1
diff --git a/web/hooks/use-document-title.ts b/web/hooks/use-document-title.ts
index 23789129d0..10a167a9ea 100644
--- a/web/hooks/use-document-title.ts
+++ b/web/hooks/use-document-title.ts
@@ -2,6 +2,7 @@
 import { useGlobalPublicStore } from '@/context/global-public-context'
 import { useFavicon, useTitle } from 'ahooks'
 import { basePath } from '@/utils/var'
+import { useEffect } from 'react'
 
 export default function useDocumentTitle(title: string) {
   const isPending = useGlobalPublicStore(s => s.isGlobalPending)
@@ -20,5 +21,24 @@ export default function useDocumentTitle(title: string) {
     }
   }
   useTitle(titleStr)
+  useEffect(() => {
+    let apple: HTMLLinkElement | null = null
+    if (systemFeatures.branding.favicon) {
+      document
+        .querySelectorAll(
+          'link[rel=\'icon\'], link[rel=\'shortcut icon\'], link[rel=\'apple-touch-icon\'], link[rel=\'mask-icon\']',
+        )
+        .forEach(n => n.parentNode?.removeChild(n))
+
+      apple = document.createElement('link')
+      apple.rel = 'apple-touch-icon'
+      apple.href = systemFeatures.branding.favicon
+      document.head.appendChild(apple)
+    }
+
+    return () => {
+      apple?.remove()
+    }
+  }, [systemFeatures.branding.favicon])
   useFavicon(favicon)
 }
diff --git a/web/i18n/en-US/plugin.ts b/web/i18n/en-US/plugin.ts
index 85bbd44bd5..9ac1a7baa0 100644
--- a/web/i18n/en-US/plugin.ts
+++ b/web/i18n/en-US/plugin.ts
@@ -298,6 +298,7 @@ const translation = {
     clientInfo: 'As no system client secrets found for this tool provider, setup it manually is required, for redirect_uri, please use',
     oauthClient: 'OAuth Client',
     credentialUnavailable: 'Credentials currently unavailable. Please contact admin.',
+    credentialUnavailableInButton: 'Credential unavailable',
     customCredentialUnavailable: 'Custom credentials currently unavailable',
     unavailable: 'Unavailable',
   },
diff --git a/web/i18n/zh-Hans/plugin.ts b/web/i18n/zh-Hans/plugin.ts
index e37de6d69f..d815eb9fae 100644
--- a/web/i18n/zh-Hans/plugin.ts
+++ b/web/i18n/zh-Hans/plugin.ts
@@ -298,6 +298,7 @@ const translation = {
     clientInfo: '由于未找到此工具提供者的系统客户端密钥，因此需要手动设置，对于 redirect_uri，请使用',
     oauthClient: 'OAuth 客户端',
     credentialUnavailable: '自定义凭据当前不可用，请联系管理员。',
+    credentialUnavailableInButton: '凭据不可用',
     customCredentialUnavailable: '自定义凭据当前不可用',
     unavailable: '不可用',
   },