fix: rename cookie for webapp (#27264)

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-05-06 02:18:08 +08:00 · 2025-10-23 11:03:48 +08:00
parent b198c9474a
commit e843fe8aa6
5 changed files with 34 additions and 15 deletions
--- a/api/controllers/web/login.py
+++ b/api/controllers/web/login.py
@ -17,8 +17,8 @@ from libs.helper import email
 from libs.passport import PassportService
 from libs.password import valid_password
 from libs.token import (
-    clear_access_token_from_cookie,
-    extract_access_token,
+    clear_webapp_access_token_from_cookie,
+    extract_webapp_access_token,
 )
 from services.account_service import AccountService
 from services.app_service import AppService
@ -81,7 +81,7 @@ class LoginStatusApi(Resource):
    )
    def get(self):
        app_code = request.args.get("app_code")
-        token = extract_access_token(request)
+        token = extract_webapp_access_token(request)
        if not app_code:
            return {
                "logged_in": bool(token),
@ -128,7 +128,7 @@ class LogoutApi(Resource):
        response = make_response({"result": "success"})
        # enterprise SSO sets same site to None in https deployment
        # so we need to logout by calling api
-        clear_access_token_from_cookie(response, samesite="None")
+        clear_webapp_access_token_from_cookie(response, samesite="None")
        return response


--- a/api/controllers/web/passport.py
+++ b/api/controllers/web/passport.py
@ -12,7 +12,7 @@ from controllers.web import web_ns
 from controllers.web.error import WebAppAuthRequiredError
 from extensions.ext_database import db
 from libs.passport import PassportService
-from libs.token import extract_access_token
+from libs.token import extract_webapp_access_token
 from models.model import App, EndUser, Site
 from services.feature_service import FeatureService
 from services.webapp_auth_service import WebAppAuthService, WebAppAuthType
@ -35,7 +35,7 @@ class PassportResource(Resource):
        system_features = FeatureService.get_system_features()
        app_code = request.headers.get(HEADER_NAME_APP_CODE)
        user_id = request.args.get("user_id")
-        access_token = extract_access_token(request)
+        access_token = extract_webapp_access_token(request)
        if app_code is None:
            raise Unauthorized("X-App-Code header is missing.")
        if system_features.webapp_auth.enabled: