diff --git a/api/controllers/console/auth/login.py b/api/controllers/console/auth/login.py index cc00793711..75c9bf6a60 100644 --- a/api/controllers/console/auth/login.py +++ b/api/controllers/console/auth/login.py @@ -12,7 +12,9 @@ from controllers.console.auth.error import ( EmailCodeError, InvalidEmailError, InvalidTokenError, + PasswordMismatchError, ) +from controllers.console.error import NotAllowedCreateWorkspace, NotAllowedRegister from controllers.console.setup import setup_required from libs.helper import email, get_remote_ip from libs.password import valid_password @@ -34,11 +36,13 @@ class LoginApi(Resource): try: account = AccountService.authenticate(args["email"], args["password"]) - except services.errors.account.AccountLoginError as e: - return {"code": "unauthorized", "message": str(e)}, 401 - except services.errors.account.AccountNotFound as e: + except services.errors.account.AccountLoginError: + raise NotAllowedRegister() + except services.errors.account.AccountPasswordError: + raise PasswordMismatchError() + except services.errors.account.AccountNotFound: if not dify_config.ALLOW_REGISTER: - return {"code": "unauthorized", "message": str(e)}, 401 + raise NotAllowedCreateWorkspace() token = AccountService.send_reset_password_email(email=args["email"]) return redirect(f"{dify_config.CONSOLE_WEB_URL}/reset-password?token={token}") @@ -78,7 +82,7 @@ class ResetPasswordSendEmailApi(Resource): if dify_config.ALLOW_REGISTER: token = AccountService.send_reset_password_email(email=args["email"]) else: - raise InvalidEmailError() + raise NotAllowedRegister() else: token = AccountService.send_reset_password_email(account=account) @@ -94,7 +98,10 @@ class EmailCodeLoginSendEmailApi(Resource): account = AccountService.get_user_through_email(args["email"]) if account is None: - token = AccountService.send_email_code_login_email(email=args["email"]) + if dify_config.ALLOW_REGISTER: + token = AccountService.send_email_code_login_email(email=args["email"]) + else: + raise NotAllowedRegister() else: token = AccountService.send_email_code_login_email(account=account) diff --git a/api/services/account_service.py b/api/services/account_service.py index de596e929d..cead5e9c9a 100644 --- a/api/services/account_service.py +++ b/api/services/account_service.py @@ -25,6 +25,7 @@ from services.errors.account import ( AccountLoginError, AccountNotFound, AccountNotLinkTenantError, + AccountPasswordError, AccountRegisterError, CannotOperateSelfError, CurrentPasswordIncorrectError, @@ -98,13 +99,14 @@ class AccountService: if account.status == AccountStatus.BANNED.value or account.status == AccountStatus.CLOSED.value: raise AccountLoginError("Account is banned or closed.") + if account.password is None or not compare_password(password, account.password, account.password_salt): + raise AccountPasswordError("Invalid email or password.") + if account.status == AccountStatus.PENDING.value: account.status = AccountStatus.ACTIVE.value account.initialized_at = datetime.now(timezone.utc).replace(tzinfo=None) db.session.commit() - if account.password is None or not compare_password(password, account.password, account.password_salt): - raise AccountLoginError("Invalid email or password.") return account @staticmethod @@ -134,7 +136,9 @@ class AccountService: ) -> Account: """create account""" if not dify_config.ALLOW_REGISTER: - raise Unauthorized("Register is not allowed.") + from controllers.console.error import NotAllowedRegister + + raise NotAllowedRegister() account = Account() account.email = email account.name = name @@ -316,7 +320,9 @@ class TenantService: def create_tenant(name: str) -> Tenant: """Create tenant""" if not dify_config.ALLOW_CREATE_WORKSPACE: - raise Unauthorized("Create workspace is not allowed.") + from controllers.console.error import NotAllowedCreateWorkspace + + raise NotAllowedCreateWorkspace() tenant = Tenant(name=name) db.session.add(tenant)