Merge remote-tracking branch 'origin/main' into feat/support-agent-sandbox

# Conflicts:
#	api/services/workflow_service.py

api/services/account_service.py

@@ -8,7 +8,7 @@ from hashlib import sha256
 from typing import Any, cast
 
 from pydantic import BaseModel
-from sqlalchemy import func
+from sqlalchemy import func, select
 from sqlalchemy.orm import Session
 from werkzeug.exceptions import Unauthorized
 
@@ -748,6 +748,21 @@ class AccountService:
         cls.email_code_login_rate_limiter.increment_rate_limit(email)
         return token
 
+    @staticmethod
+    def get_account_by_email_with_case_fallback(email: str, session: Session | None = None) -> Account | None:
+        """
+        Retrieve an account by email and fall back to the lowercase email if the original lookup fails.
+
+        This keeps backward compatibility for older records that stored uppercase emails while the
+        rest of the system gradually normalizes new inputs.
+        """
+        query_session = session or db.session
+        account = query_session.execute(select(Account).filter_by(email=email)).scalar_one_or_none()
+        if account or email == email.lower():
+            return account
+
+        return query_session.execute(select(Account).filter_by(email=email.lower())).scalar_one_or_none()
+
     @classmethod
     def get_email_code_login_data(cls, token: str) -> dict[str, Any] | None:
         return TokenManager.get_token_data(token, "email_code_login")
@@ -1363,16 +1378,22 @@ class RegisterService:
         if not inviter:
             raise ValueError("Inviter is required")
 
+        normalized_email = email.lower()
+
         """Invite new member"""
         with Session(db.engine) as session:
-            account = session.query(Account).filter_by(email=email).first()
+            account = AccountService.get_account_by_email_with_case_fallback(email, session=session)
 
         if not account:
             TenantService.check_member_permission(tenant, inviter, None, "add")
-            name = email.split("@")[0]
+            name = normalized_email.split("@")[0]
 
             account = cls.register(
-                email=email, name=name, language=language, status=AccountStatus.PENDING, is_setup=True
+                email=normalized_email,
+                name=name,
+                language=language,
+                status=AccountStatus.PENDING,
+                is_setup=True,
             )
             # Create new tenant member for invited tenant
             TenantService.create_tenant_member(tenant, account, role)
@@ -1394,7 +1415,7 @@ class RegisterService:
         # send email
         send_invite_member_mail_task.delay(
             language=language,
-            to=email,
+            to=account.email,
             token=token,
             inviter_name=inviter.name if inviter else "Dify",
             workspace_name=tenant.name,
@@ -1493,6 +1514,16 @@ class RegisterService:
             invitation: dict = json.loads(data)
             return invitation
 
+    @classmethod
+    def get_invitation_with_case_fallback(
+        cls, workspace_id: str | None, email: str | None, token: str
+    ) -> dict[str, Any] | None:
+        invitation = cls.get_invitation_if_token_valid(workspace_id, email, token)
+        if invitation or not email or email == email.lower():
+            return invitation
+        normalized_email = email.lower()
+        return cls.get_invitation_if_token_valid(workspace_id, normalized_email, token)
+
 
 def _generate_refresh_token(length: int = 64):
     token = secrets.token_hex(length)

api/services/conversation_variable_updater.py

@@ -1,7 +1,7 @@
 from sqlalchemy import select
 from sqlalchemy.orm import Session, sessionmaker
 
-from core.variables.variables import Variable
+from core.variables.variables import VariableBase
 from models import ConversationVariable
 
 
@@ -13,7 +13,7 @@ class ConversationVariableUpdater:
     def __init__(self, session_maker: sessionmaker[Session]) -> None:
         self._session_maker: sessionmaker[Session] = session_maker
 
-    def update(self, conversation_id: str, variable: Variable) -> None:
+    def update(self, conversation_id: str, variable: VariableBase) -> None:
         stmt = select(ConversationVariable).where(
             ConversationVariable.id == variable.id, ConversationVariable.conversation_id == conversation_id
         )

api/services/enterprise/base.py

@@ -1,9 +1,14 @@
+import logging
 import os
 from collections.abc import Mapping
 from typing import Any
 
 import httpx
 
+from core.helper.trace_id_helper import generate_traceparent_header
+
+logger = logging.getLogger(__name__)
+
 
 class BaseRequest:
     proxies: Mapping[str, str] | None = {
@@ -38,6 +43,15 @@ class BaseRequest:
         headers = {"Content-Type": "application/json", cls.secret_key_header: cls.secret_key}
         url = f"{cls.base_url}{endpoint}"
         mounts = cls._build_mounts()
+
+        try:
+            # ensure traceparent even when OTEL is disabled
+            traceparent = generate_traceparent_header()
+            if traceparent:
+                headers["traceparent"] = traceparent
+        except Exception:
+            logger.debug("Failed to generate traceparent header", exc_info=True)
+
         with httpx.Client(mounts=mounts) as client:
             response = client.request(method, url, json=json, params=params, headers=headers)
         return response.json()

api/services/rag_pipeline/rag_pipeline.py

@@ -36,7 +36,7 @@ from core.rag.entities.event import (
 )
 from core.repositories.factory import DifyCoreRepositoryFactory
 from core.repositories.sqlalchemy_workflow_node_execution_repository import SQLAlchemyWorkflowNodeExecutionRepository
-from core.variables.variables import Variable
+from core.variables.variables import VariableBase
 from core.workflow.entities.workflow_node_execution import (
     WorkflowNodeExecution,
     WorkflowNodeExecutionStatus,
@@ -270,8 +270,8 @@ class RagPipelineService:
         graph: dict,
         unique_hash: str | None,
         account: Account,
-        environment_variables: Sequence[Variable],
-        conversation_variables: Sequence[Variable],
+        environment_variables: Sequence[VariableBase],
+        conversation_variables: Sequence[VariableBase],
         rag_pipeline_variables: list,
     ) -> Workflow:
         """

api/services/webapp_auth_service.py

@@ -12,6 +12,7 @@ from libs.passport import PassportService
 from libs.password import compare_password
 from models import Account, AccountStatus
 from models.model import App, EndUser, Site
+from services.account_service import AccountService
 from services.app_service import AppService
 from services.enterprise.enterprise_service import EnterpriseService
 from services.errors.account import AccountLoginError, AccountNotFoundError, AccountPasswordError
@@ -32,7 +33,7 @@ class WebAppAuthService:
     @staticmethod
     def authenticate(email: str, password: str) -> Account:
         """authenticate account with email and password"""
-        account = db.session.query(Account).filter_by(email=email).first()
+        account = AccountService.get_account_by_email_with_case_fallback(email)
         if not account:
             raise AccountNotFoundError()
 
@@ -52,7 +53,7 @@ class WebAppAuthService:
 
     @classmethod
     def get_user_through_email(cls, email: str):
-        account = db.session.query(Account).where(Account.email == email).first()
+        account = AccountService.get_account_by_email_with_case_fallback(email)
         if not account:
             return None
 

api/services/workflow_draft_variable_service.py

@@ -15,7 +15,7 @@ from sqlalchemy.sql.expression import and_, or_
 from configs import dify_config
 from core.app.entities.app_invoke_entities import InvokeFrom
 from core.file.models import File
-from core.variables import Segment, StringSegment, Variable
+from core.variables import Segment, StringSegment, VariableBase
 from core.variables.consts import SELECTORS_LENGTH
 from core.variables.segments import (
     ArrayFileSegment,
@@ -77,14 +77,14 @@ class DraftVarLoader(VariableLoader):
     # Application ID for which variables are being loaded.
     _app_id: str
     _tenant_id: str
-    _fallback_variables: Sequence[Variable]
+    _fallback_variables: Sequence[VariableBase]
 
     def __init__(
         self,
         engine: Engine,
         app_id: str,
         tenant_id: str,
-        fallback_variables: Sequence[Variable] | None = None,
+        fallback_variables: Sequence[VariableBase] | None = None,
     ):
         self._engine = engine
         self._app_id = app_id
@@ -94,12 +94,12 @@ class DraftVarLoader(VariableLoader):
     def _selector_to_tuple(self, selector: Sequence[str]) -> tuple[str, str]:
         return (selector[0], selector[1])
 
-    def load_variables(self, selectors: list[list[str]]) -> list[Variable]:
+    def load_variables(self, selectors: list[list[str]]) -> list[VariableBase]:
         if not selectors:
             return []
 
-        # Map each selector (as a tuple via `_selector_to_tuple`) to its corresponding Variable instance.
-        variable_by_selector: dict[tuple[str, str], Variable] = {}
+        # Map each selector (as a tuple via `_selector_to_tuple`) to its corresponding variable instance.
+        variable_by_selector: dict[tuple[str, str], VariableBase] = {}
 
         with Session(bind=self._engine, expire_on_commit=False) as session:
             srv = WorkflowDraftVariableService(session)
@@ -145,7 +145,7 @@ class DraftVarLoader(VariableLoader):
 
         return list(variable_by_selector.values())
 
-    def _load_offloaded_variable(self, draft_var: WorkflowDraftVariable) -> tuple[tuple[str, str], Variable]:
+    def _load_offloaded_variable(self, draft_var: WorkflowDraftVariable) -> tuple[tuple[str, str], VariableBase]:
         # This logic is closely tied to `WorkflowDraftVaribleService._try_offload_large_variable`
         # and must remain synchronized with it.
         # Ideally, these should be co-located for better maintainability.

api/services/workflow_service.py

@@ -15,8 +15,7 @@ from core.app.apps.workflow.app_config_manager import WorkflowAppConfigManager
 from core.file import File
 from core.repositories import DifyCoreRepositoryFactory
 from core.sandbox.manager import SandboxManager
-from core.variables import Variable
-from core.variables.variables import VariableUnion
+from core.variables import Variable, VariableBase
 from core.workflow.entities import WorkflowNodeExecution
 from core.workflow.enums import ErrorStrategy, WorkflowNodeExecutionMetadataKey, WorkflowNodeExecutionStatus
 from core.workflow.errors import WorkflowNodeRunFailedError
@@ -204,8 +203,8 @@ class WorkflowService:
         features: dict,
         unique_hash: str | None,
         account: Account,
-        environment_variables: Sequence[Variable],
-        conversation_variables: Sequence[Variable],
+        environment_variables: Sequence[VariableBase],
+        conversation_variables: Sequence[VariableBase],
     ) -> Workflow:
         """
         Sync draft workflow
@@ -1068,7 +1067,7 @@ def _setup_variable_pool(
     workflow: Workflow,
     node_type: NodeType,
     conversation_id: str,
-    conversation_variables: list[Variable],
+    conversation_variables: list[VariableBase],
 ):
     # Only inject system variables for START node type.
     if node_type == NodeType.START or node_type.is_trigger_node:
@@ -1094,9 +1093,9 @@ def _setup_variable_pool(
         system_variables=system_variable,
         user_inputs=user_inputs,
         environment_variables=workflow.environment_variables,
-        # Based on the definition of `VariableUnion`,
-        # `list[Variable]` can be safely used as `list[VariableUnion]` since they are compatible.
-        conversation_variables=cast(list[VariableUnion], conversation_variables),  #
+        # Based on the definition of `Variable`,
+        # `VariableBase` instances can be safely used as `Variable` since they are compatible.
+        conversation_variables=cast(list[Variable], conversation_variables),  #
     )
 
     return variable_pool