mirror of
https://github.com/infiniflow/ragflow.git
synced 2026-06-29 23:41:12 +08:00
d2f0a18f42
### What this PR fixes This PR fixes an issue in the Python backend where user logout did not reliably persist the invalidated access_token to the database. Although the logout endpoint returned success and logged that the token had been invalidated, the user.access_token value could remain unchanged in the database, which meant the previous login token could stay valid longer than expected. ### What changed - Resolve the real user object before updating the token - Persist the invalidated access_token before calling logout_user() - Return a server error if the token update is not written successfully ### Impact - Logging out now correctly replaces the stored access_token with an INVALID_... value - The previous login session is properly invalidated - The change is limited to the logout flow and is intentionally small in scope