feat(oauth): replace HIDDEN_VALUE with UNKNOWN_VALUE for better credential handling

2025-07-13 12:45:56 +08:00 · 2025-07-13 12:45:56 +08:00 · f9c4897ff3
parent 6cb4a6f692
commit f9c4897ff3
3 changed files with 14 additions and 11 deletions
--- a/api/constants/init.py
+++ b/api/constants/init.py
@ -1,6 +1,7 @@
 from configs import dify_config

 HIDDEN_VALUE = "[__HIDDEN__]"
+UNKNOWN_VALUE = "[__UNKNOWN__]"
 UUID_NIL = "00000000-0000-0000-0000-000000000000"

 DEFAULT_FILE_NUMBER_LIMITS = 3
--- a/api/controllers/console/workspace/tool_providers.py
+++ b/api/controllers/console/workspace/tool_providers.py
@ -839,14 +839,6 @@ class ToolBuiltinProviderGetCredentialInfoApi(Resource):
            )
        )

-
-# tool oauth
-api.add_resource(ToolPluginOAuthApi, "/oauth/plugin/<path:provider>/tool/authorization-url")
-api.add_resource(ToolOAuthCallback, "/oauth/plugin/<path:provider>/tool/callback")
-
-api.add_resource(ToolOAuthCustomClient, "/workspaces/current/tool-provider/builtin/<path:provider>/oauth/custom-client")
-
-
 class ToolProviderMCPApi(Resource):
    @setup_required
    @login_required
@ -1010,6 +1002,11 @@ class ToolMCPCallbackApi(Resource):
 # tool provider
 api.add_resource(ToolProviderListApi, "/workspaces/current/tool-providers")

+# tool oauth
+api.add_resource(ToolPluginOAuthApi, "/oauth/plugin/<path:provider>/tool/authorization-url")
+api.add_resource(ToolOAuthCallback, "/oauth/plugin/<path:provider>/tool/callback")
+api.add_resource(ToolOAuthCustomClient, "/workspaces/current/tool-provider/builtin/<path:provider>/oauth/custom-client")
+
 # builtin tool provider
 api.add_resource(ToolBuiltinProviderListToolsApi, "/workspaces/current/tool-provider/builtin/<path:provider>/tools")
 api.add_resource(ToolBuiltinProviderInfoApi, "/workspaces/current/tool-provider/builtin/<path:provider>/info")
--- a/api/services/tools/builtin_tools_manage_service.py
+++ b/api/services/tools/builtin_tools_manage_service.py
@ -7,7 +7,7 @@ from typing import Any, Optional
 from sqlalchemy.orm import Session

 from configs import dify_config
-from constants import HIDDEN_VALUE
+from constants import HIDDEN_VALUE, UNKNOWN_VALUE
 from core.helper.position_helper import is_filtered
 from core.helper.provider_cache import NoOpProviderCredentialCache, ToolProviderCredentialsCache
 from core.plugin.entities.plugin import ToolProviderID
@ -156,7 +156,7 @@ class BuiltinToolManageService:

                    original_credentials = encrypter.decrypt(db_provider.credentials)
                    new_credentials: dict = {
-                        key: value if value != HIDDEN_VALUE else original_credentials.get(key, HIDDEN_VALUE)
+                        key: value if value != HIDDEN_VALUE else original_credentials.get(key, UNKNOWN_VALUE)
                        for key, value in credentials.items()
                    }

@ -683,7 +683,12 @@ class BuiltinToolManageService:
                    config=[x.to_basic_provider_config() for x in provider_controller.get_oauth_client_schema()],
                    cache=NoOpProviderCredentialCache(),
                )
-                custom_client_params.encrypted_oauth_params = json.dumps(encrypter.encrypt(client_params))
+                original_params = encrypter.decrypt(custom_client_params.oauth_params)
+                new_params: dict = {
+                    key: value if value != HIDDEN_VALUE else original_params.get(key, UNKNOWN_VALUE)
+                    for key, value in client_params.items()
+                }
+                custom_client_params.encrypted_oauth_params = json.dumps(encrypter.encrypt(new_params))

            if enable_oauth_custom_client is not None:
                custom_client_params.enabled = enable_oauth_custom_client