From 96d7127d9c0e3214f947d78c4ef94884f5b3a61e Mon Sep 17 00:00:00 2001
From: "yunlu.wen" <yunlu.wen@dify.ai>
Date: Mon, 20 Oct 2025 14:49:09 +0800
Subject: [PATCH] early stop for missing token

---
 api/controllers/console/auth/login.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/api/controllers/console/auth/login.py b/api/controllers/console/auth/login.py
index 15001d07e2..c218b29b67 100644
--- a/api/controllers/console/auth/login.py
+++ b/api/controllers/console/auth/login.py
@@ -32,6 +32,7 @@ from libs.token import (
     clear_csrf_token_from_cookie,
     clear_refresh_token_from_cookie,
     extract_access_token,
+    extract_csrf_token,
     set_access_token_to_cookie,
     set_csrf_token_to_cookie,
     set_refresh_token_to_cookie,
@@ -295,6 +296,9 @@ class RefreshTokenApi(Resource):
 class LoginStatus(Resource):
     def get(self):
         token = extract_access_token(request)
+        csrf_token = extract_csrf_token(request)
+        if not token or not csrf_token:
+            return {"logged_in": False}
         res = True
         try:
             validated = PassportService().verify(token=token)