From bb9ec1a58744ffb20736dddb650966e04759f6ce Mon Sep 17 00:00:00 2001
From: GareArc <chen4851@purdue.edu>
Date: Fri, 30 May 2025 10:24:01 +0800
Subject: [PATCH] fix: make forgort-password web api to enteprise edition only

---
 api/controllers/web/forgot_password.py | 5 ++++-
 api/controllers/web/login.py           | 9 ++++-----
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/api/controllers/web/forgot_password.py b/api/controllers/web/forgot_password.py
index 53941e9978..0da8d65efc 100644
--- a/api/controllers/web/forgot_password.py
+++ b/api/controllers/web/forgot_password.py
@@ -14,7 +14,7 @@ from controllers.console.auth.error import (
     PasswordMismatchError,
 )
 from controllers.console.error import AccountNotFound, EmailSendIpLimitError
-from controllers.console.wraps import email_password_login_enabled, setup_required
+from controllers.console.wraps import email_password_login_enabled, only_edition_enterprise, setup_required
 from controllers.web import api
 from extensions.ext_database import db
 from libs.helper import email, extract_remote_ip
@@ -24,6 +24,7 @@ from services.account_service import AccountService
 
 
 class ForgotPasswordSendEmailApi(Resource):
+    @only_edition_enterprise
     @setup_required
     @email_password_login_enabled
     def post(self):
@@ -53,6 +54,7 @@ class ForgotPasswordSendEmailApi(Resource):
 
 
 class ForgotPasswordCheckApi(Resource):
+    @only_edition_enterprise
     @setup_required
     @email_password_login_enabled
     def post(self):
@@ -92,6 +94,7 @@ class ForgotPasswordCheckApi(Resource):
 
 
 class ForgotPasswordResetApi(Resource):
+    @only_edition_enterprise
     @setup_required
     @email_password_login_enabled
     def post(self):
diff --git a/api/controllers/web/login.py b/api/controllers/web/login.py
index 91c9c3c2ab..01c4f4a262 100644
--- a/api/controllers/web/login.py
+++ b/api/controllers/web/login.py
@@ -1,12 +1,11 @@
+from flask_restful import Resource, reqparse
+from jwt import InvalidTokenError  # type: ignore
+
 import services
-from controllers.console.auth.error import (EmailCodeError,
-                                            EmailOrPasswordMismatchError,
-                                            InvalidEmailError)
+from controllers.console.auth.error import EmailCodeError, EmailOrPasswordMismatchError, InvalidEmailError
 from controllers.console.error import AccountBannedError, AccountNotFound
 from controllers.console.wraps import only_edition_enterprise, setup_required
 from controllers.web import api
-from flask_restful import Resource, reqparse
-from jwt import InvalidTokenError  # type: ignore
 from libs.helper import email
 from libs.password import valid_password
 from services.account_service import AccountService