Hz_ d2f0a18f42 fix: persist logout access token invalidation (#15397) ...

### What this PR fixes

This PR fixes an issue in the Python backend where user logout did not
reliably persist the invalidated access_token to the database.
Although the logout endpoint returned success and logged that the token
had been invalidated, the user.access_token value could remain
unchanged in the database, which meant the previous login token could
stay valid longer than expected.

  ### What changed

  - Resolve the real user object before updating the token
  - Persist the invalidated access_token before calling logout_user()
- Return a server error if the token update is not written successfully

  ### Impact

- Logging out now correctly replaces the stored access_token with an
INVALID_... value
  - The previous login session is properly invalidated
- The change is limited to the logout flow and is intentionally small in
scope

2026-05-29 19:31:45 +08:00

..

apps

fix: persist logout access token invalidation (#15397)

2026-05-29 19:31:45 +08:00

common

Feat：admin api (#10642)

2025-10-18 16:09:48 +08:00

db

Feat: tenant llm provider (#14595)

2026-05-29 17:39:41 +08:00

utils

Feat: tenant llm provider (#14595)

2026-05-29 17:39:41 +08:00

__init__.py

Fix: incorrect async chat streamly output (#11679)

2025-12-03 11:15:45 +08:00

constants.py

Feat/memory (#11812)

2025-12-10 13:34:08 +08:00

ragflow_server.py

Speed up ragflow server (#14894)

2026-05-13 18:01:33 +08:00

settings.py

Move api.settings to common.settings (#11036)

2025-11-06 09:36:38 +08:00

validation.py

Fix errors detected by Ruff (#3918)

2024-12-08 14:21:12 +08:00