diff --git a/apps/common/auth/authenticate.py b/apps/common/auth/authenticate.py index a27cdb144..3d54d47e8 100644 --- a/apps/common/auth/authenticate.py +++ b/apps/common/auth/authenticate.py @@ -14,7 +14,8 @@ from django.core import cache from django.core import signing from rest_framework.authentication import TokenAuthentication -from common.exception.app_exception import AppAuthenticationFailed, AppEmbedIdentityFailed, AppChatNumOutOfBoundsFailed +from common.exception.app_exception import AppAuthenticationFailed, AppEmbedIdentityFailed, AppChatNumOutOfBoundsFailed, \ + ChatException, AppApiException token_cache = cache.caches['token_cache'] @@ -67,7 +68,8 @@ class OpenAIKeyAuth(TokenAuthentication): raise AppAuthenticationFailed(1002, "身份验证信息不正确!非法用户") except Exception as e: traceback.format_exc() - if isinstance(e, AppEmbedIdentityFailed) or isinstance(e, AppChatNumOutOfBoundsFailed): + if isinstance(e, AppEmbedIdentityFailed) or isinstance(e, AppChatNumOutOfBoundsFailed) or isinstance(e, + AppApiException): raise e raise AppAuthenticationFailed(1002, "身份验证信息不正确!非法用户") @@ -87,6 +89,7 @@ class TokenAuth(TokenAuthentication): raise AppAuthenticationFailed(1002, "身份验证信息不正确!非法用户") except Exception as e: traceback.format_exc() - if isinstance(e, AppEmbedIdentityFailed) or isinstance(e, AppChatNumOutOfBoundsFailed): + if isinstance(e, AppEmbedIdentityFailed) or isinstance(e, AppChatNumOutOfBoundsFailed) or isinstance(e, + AppApiException): raise e raise AppAuthenticationFailed(1002, "身份验证信息不正确!非法用户") diff --git a/apps/common/auth/handle/impl/public_access_token.py b/apps/common/auth/handle/impl/public_access_token.py index 250f05efb..2b44a9ac9 100644 --- a/apps/common/auth/handle/impl/public_access_token.py +++ b/apps/common/auth/handle/impl/public_access_token.py @@ -31,20 +31,21 @@ class PublicAccessToken(AuthBaseHandle): auth_details = get_token_details() application_access_token = QuerySet(ApplicationAccessToken).filter( application_id=auth_details.get('application_id')).first() - application_setting_model = DBModelManage.get_model('application_setting') - xpack_cache = DBModelManage.get_model('xpack_cache') - X_PACK_LICENSE_IS_VALID = False if xpack_cache is None else xpack_cache.get('XPACK_LICENSE_IS_VALID', False) - if application_setting_model is not None and X_PACK_LICENSE_IS_VALID: - application_setting = QuerySet(application_setting_model).filter(application_id=str( - application_access_token.application_id)).first() - if application_setting.authentication: - authentication = auth_details.get('authentication', {}) - if authentication is None: - authentication = {} - if application_setting.authentication_value.get('type') != authentication.get( - 'type') or password_encrypt( - application_setting.authentication_value.get('value')) != authentication.get('value'): - raise ChatException(1002, "身份验证信息不正确") + if request.path != '/api/application/profile': + application_setting_model = DBModelManage.get_model('application_setting') + xpack_cache = DBModelManage.get_model('xpack_cache') + X_PACK_LICENSE_IS_VALID = False if xpack_cache is None else xpack_cache.get('XPACK_LICENSE_IS_VALID', False) + if application_setting_model is not None and X_PACK_LICENSE_IS_VALID: + application_setting = QuerySet(application_setting_model).filter(application_id=str( + application_access_token.application_id)).first() + if application_setting.authentication: + authentication = auth_details.get('authentication', {}) + if authentication is None: + authentication = {} + if application_setting.authentication_value.get('type') != authentication.get( + 'type') or password_encrypt( + application_setting.authentication_value.get('value')) != authentication.get('value'): + raise ChatException(1002, "身份验证信息不正确") if application_access_token is None: raise AppAuthenticationFailed(1002, "身份验证信息不正确") if not application_access_token.is_active: