| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252 |
- from typing import cast
-
- import flask_login
- from flask import request
- from flask_restful import Resource, reqparse
-
- import services
- from configs import dify_config
- from constants.languages import languages
- from controllers.console import api
- from controllers.console.auth.error import (
- EmailCodeError,
- EmailOrPasswordMismatchError,
- EmailPasswordLoginLimitError,
- InvalidEmailError,
- InvalidTokenError,
- )
- from controllers.console.error import (
- AccountBannedError,
- AccountInFreezeError,
- AccountNotFound,
- EmailSendIpLimitError,
- NotAllowedCreateWorkspace,
- WorkspacesLimitExceeded,
- )
- from controllers.console.wraps import email_password_login_enabled, setup_required
- from events.tenant_event import tenant_was_created
- from libs.helper import email, extract_remote_ip
- from libs.password import valid_password
- from models.account import Account
- from services.account_service import AccountService, RegisterService, TenantService
- from services.billing_service import BillingService
- from services.errors.account import AccountRegisterError
- from services.errors.workspace import WorkSpaceNotAllowedCreateError, WorkspacesLimitExceededError
- from services.feature_service import FeatureService
-
-
- class LoginApi(Resource):
- """Resource for user login."""
-
- @setup_required
- @email_password_login_enabled
- def post(self):
- """Authenticate user and login."""
- parser = reqparse.RequestParser()
- parser.add_argument("email", type=email, required=True, location="json")
- parser.add_argument("password", type=valid_password, required=True, location="json")
- parser.add_argument("remember_me", type=bool, required=False, default=False, location="json")
- parser.add_argument("invite_token", type=str, required=False, default=None, location="json")
- parser.add_argument("language", type=str, required=False, default="en-US", location="json")
- args = parser.parse_args()
-
- if dify_config.BILLING_ENABLED and BillingService.is_email_in_freeze(args["email"]):
- raise AccountInFreezeError()
-
- is_login_error_rate_limit = AccountService.is_login_error_rate_limit(args["email"])
- if is_login_error_rate_limit:
- raise EmailPasswordLoginLimitError()
-
- invitation = args["invite_token"]
- if invitation:
- invitation = RegisterService.get_invitation_if_token_valid(None, args["email"], invitation)
-
- if args["language"] is not None and args["language"] == "zh-Hans":
- language = "zh-Hans"
- else:
- language = "en-US"
-
- try:
- if invitation:
- data = invitation.get("data", {})
- invitee_email = data.get("email") if data else None
- if invitee_email != args["email"]:
- raise InvalidEmailError()
- account = AccountService.authenticate(args["email"], args["password"], args["invite_token"])
- else:
- account = AccountService.authenticate(args["email"], args["password"])
- except services.errors.account.AccountLoginError:
- raise AccountBannedError()
- except services.errors.account.AccountPasswordError:
- AccountService.add_login_error_rate_limit(args["email"])
- raise EmailOrPasswordMismatchError()
- except services.errors.account.AccountNotFoundError:
- if FeatureService.get_system_features().is_allow_register:
- token = AccountService.send_reset_password_email(email=args["email"], language=language)
- return {"result": "fail", "data": token, "code": "account_not_found"}
- else:
- raise AccountNotFound()
- # SELF_HOSTED only have one workspace
- tenants = TenantService.get_join_tenants(account)
- if len(tenants) == 0:
- system_features = FeatureService.get_system_features()
-
- if system_features.is_allow_create_workspace and not system_features.license.workspaces.is_available():
- raise WorkspacesLimitExceeded()
- else:
- return {
- "result": "fail",
- "data": "workspace not found, please contact system admin to invite you to join in a workspace",
- }
-
- token_pair = AccountService.login(account=account, ip_address=extract_remote_ip(request))
- AccountService.reset_login_error_rate_limit(args["email"])
- return {"result": "success", "data": token_pair.model_dump()}
-
-
- class LogoutApi(Resource):
- @setup_required
- def get(self):
- account = cast(Account, flask_login.current_user)
- if isinstance(account, flask_login.AnonymousUserMixin):
- return {"result": "success"}
- AccountService.logout(account=account)
- flask_login.logout_user()
- return {"result": "success"}
-
-
- class ResetPasswordSendEmailApi(Resource):
- @setup_required
- @email_password_login_enabled
- def post(self):
- parser = reqparse.RequestParser()
- parser.add_argument("email", type=email, required=True, location="json")
- parser.add_argument("language", type=str, required=False, location="json")
- args = parser.parse_args()
-
- if args["language"] is not None and args["language"] == "zh-Hans":
- language = "zh-Hans"
- else:
- language = "en-US"
- try:
- account = AccountService.get_user_through_email(args["email"])
- except AccountRegisterError as are:
- raise AccountInFreezeError()
- if account is None:
- if FeatureService.get_system_features().is_allow_register:
- token = AccountService.send_reset_password_email(email=args["email"], language=language)
- else:
- raise AccountNotFound()
- else:
- token = AccountService.send_reset_password_email(account=account, language=language)
-
- return {"result": "success", "data": token}
-
-
- class EmailCodeLoginSendEmailApi(Resource):
- @setup_required
- def post(self):
- parser = reqparse.RequestParser()
- parser.add_argument("email", type=email, required=True, location="json")
- parser.add_argument("language", type=str, required=False, location="json")
- args = parser.parse_args()
-
- ip_address = extract_remote_ip(request)
- if AccountService.is_email_send_ip_limit(ip_address):
- raise EmailSendIpLimitError()
-
- if args["language"] is not None and args["language"] == "zh-Hans":
- language = "zh-Hans"
- else:
- language = "en-US"
- try:
- account = AccountService.get_user_through_email(args["email"])
- except AccountRegisterError as are:
- raise AccountInFreezeError()
-
- if account is None:
- if FeatureService.get_system_features().is_allow_register:
- token = AccountService.send_email_code_login_email(email=args["email"], language=language)
- else:
- raise AccountNotFound()
- else:
- token = AccountService.send_email_code_login_email(account=account, language=language)
-
- return {"result": "success", "data": token}
-
-
- class EmailCodeLoginApi(Resource):
- @setup_required
- def post(self):
- parser = reqparse.RequestParser()
- parser.add_argument("email", type=str, required=True, location="json")
- parser.add_argument("code", type=str, required=True, location="json")
- parser.add_argument("token", type=str, required=True, location="json")
- args = parser.parse_args()
-
- user_email = args["email"]
-
- token_data = AccountService.get_email_code_login_data(args["token"])
- if token_data is None:
- raise InvalidTokenError()
-
- if token_data["email"] != args["email"]:
- raise InvalidEmailError()
-
- if token_data["code"] != args["code"]:
- raise EmailCodeError()
-
- AccountService.revoke_email_code_login_token(args["token"])
- try:
- account = AccountService.get_user_through_email(user_email)
- except AccountRegisterError as are:
- raise AccountInFreezeError()
- if account:
- tenant = TenantService.get_join_tenants(account)
- if not tenant:
- workspaces = FeatureService.get_system_features().license.workspaces
- if not workspaces.is_available():
- raise WorkspacesLimitExceeded()
- if not FeatureService.get_system_features().is_allow_create_workspace:
- raise NotAllowedCreateWorkspace()
- else:
- tenant = TenantService.create_tenant(f"{account.name}'s Workspace")
- TenantService.create_tenant_member(tenant, account, role="owner")
- account.current_tenant = tenant
- tenant_was_created.send(tenant)
-
- if account is None:
- try:
- account = AccountService.create_account_and_tenant(
- email=user_email, name=user_email, interface_language=languages[0]
- )
- except WorkSpaceNotAllowedCreateError:
- return NotAllowedCreateWorkspace()
- except AccountRegisterError as are:
- raise AccountInFreezeError()
- except WorkspacesLimitExceededError:
- raise WorkspacesLimitExceeded()
- token_pair = AccountService.login(account, ip_address=extract_remote_ip(request))
- AccountService.reset_login_error_rate_limit(args["email"])
- return {"result": "success", "data": token_pair.model_dump()}
-
-
- class RefreshTokenApi(Resource):
- def post(self):
- parser = reqparse.RequestParser()
- parser.add_argument("refresh_token", type=str, required=True, location="json")
- args = parser.parse_args()
-
- try:
- new_token_pair = AccountService.refresh_token(args["refresh_token"])
- return {"result": "success", "data": new_token_pair.model_dump()}
- except Exception as e:
- return {"result": "fail", "data": str(e)}, 401
-
-
- api.add_resource(LoginApi, "/login")
- api.add_resource(LogoutApi, "/logout")
- api.add_resource(EmailCodeLoginSendEmailApi, "/email-code-login")
- api.add_resource(EmailCodeLoginApi, "/email-code-login/validity")
- api.add_resource(ResetPasswordSendEmailApi, "/reset-password")
- api.add_resource(RefreshTokenApi, "/refresh-token")
|
