estel/dify
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix: Fix login error handling by raising exception instead of returning (#24452)

Browse Source
This commit is contained in:
-LAN-
2025-08-25 13:54:25 +08:00
committed by GitHub
parent 044ad5100e
commit a9e106b17e
2 changed files with 49 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
api/controllers/console/auth/login.py
View File

@@ -221,7 +221,7 @@ class EmailCodeLoginApi(Resource):
email=user_email, name=user_email, interface_language=languages[0] email=user_email, name=user_email, interface_language=languages[0]
) )
except WorkSpaceNotAllowedCreateError: except WorkSpaceNotAllowedCreateError:
return NotAllowedCreateWorkspace() raise NotAllowedCreateWorkspace()
except AccountRegisterError as are: except AccountRegisterError as are:
raise AccountInFreezeError() raise AccountInFreezeError()
except WorkspacesLimitExceededError: except WorkspacesLimitExceededError:

122
api/libs/external_api.py
View File

@@ -1,10 +1,10 @@
import re import re
import sys import sys
from collections.abc import Mapping
from typing import Any from typing import Any
from flask import current_app, got_request_exception from flask import current_app, got_request_exception
from flask_restx import Api from flask_restx import Api
from werkzeug.datastructures import Headers
from werkzeug.exceptions import HTTPException from werkzeug.exceptions import HTTPException
from werkzeug.http import HTTP_STATUS_CODES from werkzeug.http import HTTP_STATUS_CODES
@@ -12,125 +12,97 @@ from core.errors.error import AppInvokeQuotaExceededError
def http_status_message(code): def http_status_message(code):
"""Maps an HTTP status code to the textual status"""
return HTTP_STATUS_CODES.get(code, "") return HTTP_STATUS_CODES.get(code, "")
def register_external_error_handlers(api: Api) -> None: def register_external_error_handlers(api: Api) -> None:
"""Register error handlers for the API using decorators.
:param api: The Flask-RestX Api instance
"""
@api.errorhandler(HTTPException) @api.errorhandler(HTTPException)
def handle_http_exception(e: HTTPException): def handle_http_exception(e: HTTPException):
"""Handle HTTP exceptions."""
got_request_exception.send(current_app, exception=e) got_request_exception.send(current_app, exception=e)
if e.response is not None: # If Werkzeug already prepared a Response, just use it.
return e.get_response() if getattr(e, "response", None) is not None:
return e.response
headers = Headers() status_code = getattr(e, "code", 500) or 500
status_code = e.code
# Build a safe, dict-like payload
default_data = { default_data = {
"code": re.sub(r"(?<!^)(?=[A-Z])", "_", type(e).__name__).lower(), "code": re.sub(r"(?<!^)(?=[A-Z])", "_", type(e).__name__).lower(),
"message": getattr(e, "description", http_status_message(status_code)), "message": getattr(e, "description", http_status_message(status_code)),
"status": status_code, "status": status_code,
} }
if default_data["message"] == "Failed to decode JSON object: Expecting value: line 1 column 1 (char 0)":
if (
default_data["message"]
and default_data["message"] == "Failed to decode JSON object: Expecting value: line 1 column 1 (char 0)"
):
default_data["message"] = "Invalid JSON payload received or JSON payload is empty." default_data["message"] = "Invalid JSON payload received or JSON payload is empty."
headers = e.get_response().headers # Use headers on the exception if present; otherwise none.
headers = {}
exc_headers = getattr(e, "headers", None)
if exc_headers:
headers.update(exc_headers)
# Handle specific status codes # Payload per status
if status_code == 406 and api.default_mediatype is None: if status_code == 406 and api.default_mediatype is None:
supported_mediatypes = list(api.representations.keys()) data = {"code": "not_acceptable", "message": default_data["message"], "status": status_code}
fallback_mediatype = supported_mediatypes[0] if supported_mediatypes else "text/plain" return data, status_code, headers
data = {"code": "not_acceptable", "message": default_data.get("message")}
resp = api.make_response(data, status_code, headers, fallback_mediatype=fallback_mediatype)
elif status_code == 400: elif status_code == 400:
if isinstance(default_data.get("message"), dict): msg = default_data["message"]
param_key, param_value = list(default_data.get("message", {}).items())[0] if isinstance(msg, Mapping) and msg:
data = {"code": "invalid_param", "message": param_value, "params": param_key} # Convert param errors like {"field": "reason"} into a friendly shape
param_key, param_value = next(iter(msg.items()))
data = {
"code": "invalid_param",
"message": str(param_value),
"params": param_key,
"status": status_code,
}
else: else:
data = default_data data = {**default_data}
if "code" not in data: data.setdefault("code", "unknown")
data["code"] = "unknown" return data, status_code, headers
resp = api.make_response(data, status_code, headers)
else: else:
data = default_data data = {**default_data}
if "code" not in data: data.setdefault("code", "unknown")
data["code"] = "unknown" # If you need WWW-Authenticate for 401, add it to headers
resp = api.make_response(data, status_code, headers)
if status_code == 401: if status_code == 401:
resp = api.unauthorized(resp) headers["WWW-Authenticate"] = 'Bearer realm="api"'
return data, status_code, headers
# Remove duplicate Content-Length header
remove_headers = ("Content-Length",)
for header in remove_headers:
headers.pop(header, None)
return resp
@api.errorhandler(ValueError) @api.errorhandler(ValueError)
def handle_value_error(e: ValueError): def handle_value_error(e: ValueError):
"""Handle ValueError exceptions."""
got_request_exception.send(current_app, exception=e) got_request_exception.send(current_app, exception=e)
status_code = 400 status_code = 400
data = { data = {"code": "invalid_param", "message": str(e), "status": status_code}
"code": "invalid_param", return data, status_code
"message": str(e),
"status": status_code,
}
return api.make_response(data, status_code)
@api.errorhandler(AppInvokeQuotaExceededError) @api.errorhandler(AppInvokeQuotaExceededError)
def handle_quota_exceeded(e: AppInvokeQuotaExceededError): def handle_quota_exceeded(e: AppInvokeQuotaExceededError):
"""Handle AppInvokeQuotaExceededError exceptions."""
got_request_exception.send(current_app, exception=e) got_request_exception.send(current_app, exception=e)
status_code = 429 status_code = 429
data = { data = {"code": "too_many_requests", "message": str(e), "status": status_code}
"code": "too_many_requests", return data, status_code
"message": str(e),
"status": status_code,
}
return api.make_response(data, status_code)
@api.errorhandler(Exception) @api.errorhandler(Exception)
def handle_general_exception(e: Exception): def handle_general_exception(e: Exception):
"""Handle general exceptions."""
got_request_exception.send(current_app, exception=e) got_request_exception.send(current_app, exception=e)
headers = Headers()
status_code = 500 status_code = 500
default_data = { data: dict[str, Any] = getattr(e, "data", {"message": http_status_message(status_code)})
"message": http_status_message(status_code),
}
data = getattr(e, "data", default_data) # 🔒 Normalize non-mapping data (e.g., if someone set e.data = Response)
if not isinstance(data, Mapping):
data = {"message": str(e)}
# Log server errors data.setdefault("code", "unknown")
data.setdefault("status", status_code)
# Log stack
exc_info: Any = sys.exc_info() exc_info: Any = sys.exc_info()
if exc_info[1] is None: if exc_info[1] is None:
exc_info = None exc_info = None
current_app.log_exception(exc_info) current_app.log_exception(exc_info)
if "code" not in data: return data, status_code
data["code"] = "unknown"
# Remove duplicate Content-Length header
remove_headers = ("Content-Length",)
for header in remove_headers:
headers.pop(header, None)
return api.make_response(data, status_code, headers)
class ExternalApi(Api): class ExternalApi(Api):