refactor: port reqparse to Pydantic model (#28949)

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

api/controllers/console/auth/login.py

@@ -1,6 +1,7 @@
 import flask_login
 from flask import make_response, request
-from flask_restx import Resource, reqparse
+from flask_restx import Resource
+from pydantic import BaseModel, Field
 
 import services
 from configs import dify_config
@@ -23,7 +24,7 @@ from controllers.console.error import (
 )
 from controllers.console.wraps import email_password_login_enabled, setup_required
 from events.tenant_event import tenant_was_created
-from libs.helper import email, extract_remote_ip
+from libs.helper import EmailStr, extract_remote_ip
 from libs.login import current_account_with_tenant
 from libs.token import (
     clear_access_token_from_cookie,
@@ -40,6 +41,36 @@ from services.errors.account import AccountRegisterError
 from services.errors.workspace import WorkSpaceNotAllowedCreateError, WorkspacesLimitExceededError
 from services.feature_service import FeatureService
 
+DEFAULT_REF_TEMPLATE_SWAGGER_2_0 = "#/definitions/{model}"
+
+
+class LoginPayload(BaseModel):
+    email: EmailStr = Field(..., description="Email address")
+    password: str = Field(..., description="Password")
+    remember_me: bool = Field(default=False, description="Remember me flag")
+    invite_token: str | None = Field(default=None, description="Invitation token")
+
+
+class EmailPayload(BaseModel):
+    email: EmailStr = Field(...)
+    language: str | None = Field(default=None)
+
+
+class EmailCodeLoginPayload(BaseModel):
+    email: EmailStr = Field(...)
+    code: str = Field(...)
+    token: str = Field(...)
+    language: str | None = Field(default=None)
+
+
+def reg(cls: type[BaseModel]):
+    console_ns.schema_model(cls.__name__, cls.model_json_schema(ref_template=DEFAULT_REF_TEMPLATE_SWAGGER_2_0))
+
+
+reg(LoginPayload)
+reg(EmailPayload)
+reg(EmailCodeLoginPayload)
+
 
 @console_ns.route("/login")
 class LoginApi(Resource):
@@ -47,41 +78,36 @@ class LoginApi(Resource):
 
     @setup_required
     @email_password_login_enabled
+    @console_ns.expect(console_ns.models[LoginPayload.__name__])
     def post(self):
         """Authenticate user and login."""
-        parser = (
-            reqparse.RequestParser()
-            .add_argument("email", type=email, required=True, location="json")
-            .add_argument("password", type=str, required=True, location="json")
-            .add_argument("remember_me", type=bool, required=False, default=False, location="json")
-            .add_argument("invite_token", type=str, required=False, default=None, location="json")
-        )
-        args = parser.parse_args()
+        args = LoginPayload.model_validate(console_ns.payload)
 
-        if dify_config.BILLING_ENABLED and BillingService.is_email_in_freeze(args["email"]):
+        if dify_config.BILLING_ENABLED and BillingService.is_email_in_freeze(args.email):
             raise AccountInFreezeError()
 
-        is_login_error_rate_limit = AccountService.is_login_error_rate_limit(args["email"])
+        is_login_error_rate_limit = AccountService.is_login_error_rate_limit(args.email)
         if is_login_error_rate_limit:
             raise EmailPasswordLoginLimitError()
 
-        invitation = args["invite_token"]
+        # TODO: why invitation is re-assigned with different type?
+        invitation = args.invite_token  # type: ignore
         if invitation:
-            invitation = RegisterService.get_invitation_if_token_valid(None, args["email"], invitation)
+            invitation = RegisterService.get_invitation_if_token_valid(None, args.email, invitation)  # type: ignore
 
         try:
             if invitation:
-                data = invitation.get("data", {})
+                data = invitation.get("data", {})  # type: ignore
                 invitee_email = data.get("email") if data else None
-                if invitee_email != args["email"]:
+                if invitee_email != args.email:
                     raise InvalidEmailError()
-                account = AccountService.authenticate(args["email"], args["password"], args["invite_token"])
+                account = AccountService.authenticate(args.email, args.password, args.invite_token)
             else:
-                account = AccountService.authenticate(args["email"], args["password"])
+                account = AccountService.authenticate(args.email, args.password)
         except services.errors.account.AccountLoginError:
             raise AccountBannedError()
         except services.errors.account.AccountPasswordError:
-            AccountService.add_login_error_rate_limit(args["email"])
+            AccountService.add_login_error_rate_limit(args.email)
             raise AuthenticationFailedError()
         # SELF_HOSTED only have one workspace
         tenants = TenantService.get_join_tenants(account)
@@ -97,7 +123,7 @@ class LoginApi(Resource):
                 }
 
         token_pair = AccountService.login(account=account, ip_address=extract_remote_ip(request))
-        AccountService.reset_login_error_rate_limit(args["email"])
+        AccountService.reset_login_error_rate_limit(args.email)
 
         # Create response with cookies instead of returning tokens in body
         response = make_response({"result": "success"})
@@ -134,25 +160,21 @@ class LogoutApi(Resource):
 class ResetPasswordSendEmailApi(Resource):
     @setup_required
     @email_password_login_enabled
+    @console_ns.expect(console_ns.models[EmailPayload.__name__])
     def post(self):
-        parser = (
-            reqparse.RequestParser()
-            .add_argument("email", type=email, required=True, location="json")
-            .add_argument("language", type=str, required=False, location="json")
-        )
-        args = parser.parse_args()
+        args = EmailPayload.model_validate(console_ns.payload)
 
-        if args["language"] is not None and args["language"] == "zh-Hans":
+        if args.language is not None and args.language == "zh-Hans":
             language = "zh-Hans"
         else:
             language = "en-US"
         try:
-            account = AccountService.get_user_through_email(args["email"])
+            account = AccountService.get_user_through_email(args.email)
         except AccountRegisterError:
             raise AccountInFreezeError()
 
         token = AccountService.send_reset_password_email(
-            email=args["email"],
+            email=args.email,
             account=account,
             language=language,
             is_allow_register=FeatureService.get_system_features().is_allow_register,
@@ -164,30 +186,26 @@ class ResetPasswordSendEmailApi(Resource):
 @console_ns.route("/email-code-login")
 class EmailCodeLoginSendEmailApi(Resource):
     @setup_required
+    @console_ns.expect(console_ns.models[EmailPayload.__name__])
     def post(self):
-        parser = (
-            reqparse.RequestParser()
-            .add_argument("email", type=email, required=True, location="json")
-            .add_argument("language", type=str, required=False, location="json")
-        )
-        args = parser.parse_args()
+        args = EmailPayload.model_validate(console_ns.payload)
 
         ip_address = extract_remote_ip(request)
         if AccountService.is_email_send_ip_limit(ip_address):
             raise EmailSendIpLimitError()
 
-        if args["language"] is not None and args["language"] == "zh-Hans":
+        if args.language is not None and args.language == "zh-Hans":
             language = "zh-Hans"
         else:
             language = "en-US"
         try:
-            account = AccountService.get_user_through_email(args["email"])
+            account = AccountService.get_user_through_email(args.email)
         except AccountRegisterError:
             raise AccountInFreezeError()
 
         if account is None:
             if FeatureService.get_system_features().is_allow_register:
-                token = AccountService.send_email_code_login_email(email=args["email"], language=language)
+                token = AccountService.send_email_code_login_email(email=args.email, language=language)
             else:
                 raise AccountNotFound()
         else:
@@ -199,30 +217,24 @@ class EmailCodeLoginSendEmailApi(Resource):
 @console_ns.route("/email-code-login/validity")
 class EmailCodeLoginApi(Resource):
     @setup_required
+    @console_ns.expect(console_ns.models[EmailCodeLoginPayload.__name__])
     def post(self):
-        parser = (
-            reqparse.RequestParser()
-            .add_argument("email", type=str, required=True, location="json")
-            .add_argument("code", type=str, required=True, location="json")
-            .add_argument("token", type=str, required=True, location="json")
-            .add_argument("language", type=str, required=False, location="json")
-        )
-        args = parser.parse_args()
+        args = EmailCodeLoginPayload.model_validate(console_ns.payload)
 
-        user_email = args["email"]
-        language = args["language"]
+        user_email = args.email
+        language = args.language
 
-        token_data = AccountService.get_email_code_login_data(args["token"])
+        token_data = AccountService.get_email_code_login_data(args.token)
         if token_data is None:
             raise InvalidTokenError()
 
-        if token_data["email"] != args["email"]:
+        if token_data["email"] != args.email:
             raise InvalidEmailError()
 
-        if token_data["code"] != args["code"]:
+        if token_data["code"] != args.code:
             raise EmailCodeError()
 
-        AccountService.revoke_email_code_login_token(args["token"])
+        AccountService.revoke_email_code_login_token(args.token)
         try:
             account = AccountService.get_user_through_email(user_email)
         except AccountRegisterError:
@@ -255,7 +267,7 @@ class EmailCodeLoginApi(Resource):
             except WorkspacesLimitExceededError:
                 raise WorkspacesLimitExceeded()
         token_pair = AccountService.login(account, ip_address=extract_remote_ip(request))
-        AccountService.reset_login_error_rate_limit(args["email"])
+        AccountService.reset_login_error_rate_limit(args.email)
 
         # Create response with cookies instead of returning tokens in body
         response = make_response({"result": "success"})