Feat/change user email freezes limit (#22900)

2025-09-08 16:48:40 +00:00 · 2025-07-24 15:36:53 +08:00 · 2025-07-24 15:36:53 +08:00 · 6ac06486e3
commit 6ac06486e3
parent 061d4c8ea0
3 changed files with 19 additions and 3 deletions
--- a/api/controllers/console/auth/error.py
+++ b/api/controllers/console/auth/error.py
@ -113,3 +113,9 @@ class MemberNotInTenantError(BaseHTTPException):
    error_code = "member_not_in_tenant"
    description = "The member is not in the workspace."
    code = 400
+
+
+class AccountInFreezeError(BaseHTTPException):
+    error_code = "account_in_freeze"
+    description = "This email is temporarily unavailable."
+    code = 400
--- a/api/controllers/console/workspace/account.py
+++ b/api/controllers/console/workspace/account.py
@ -9,6 +9,7 @@ from configs import dify_config
 from constants.languages import supported_language
 from controllers.console import api
 from controllers.console.auth.error import (
+    AccountInFreezeError,
    EmailAlreadyInUseError,
    EmailChangeLimitError,
    EmailCodeError,
@ -479,15 +480,18 @@ class ChangeEmailResetApi(Resource):
        parser.add_argument("token", type=str, required=True, nullable=False, location="json")
        args = parser.parse_args()

+        if AccountService.is_account_in_freeze(args["new_email"]):
+            raise AccountInFreezeError()
+
+        if not AccountService.check_email_unique(args["new_email"]):
+            raise EmailAlreadyInUseError()
+
        reset_data = AccountService.get_change_email_data(args["token"])
        if not reset_data:
            raise InvalidTokenError()

        AccountService.revoke_change_email_token(args["token"])

-        if not AccountService.check_email_unique(args["new_email"]):
-            raise EmailAlreadyInUseError()
-
        old_email = reset_data.get("old_email", "")
        if current_user.email != old_email:
            raise AccountNotFound()
--- a/api/services/account_service.py
+++ b/api/services/account_service.py
@ -671,6 +671,12 @@ class AccountService:

        return account

+    @classmethod
+    def is_account_in_freeze(cls, email: str) -> bool:
+        if dify_config.BILLING_ENABLED and BillingService.is_email_in_freeze(email):
+            return True
+        return False
+
    @staticmethod
    @redis_fallback(default_return=None)
    def add_login_error_rate_limit(email: str) -> None: