From 99c4622ccbf5f25946d41b9cc2800dbe44b6ad6f Mon Sep 17 00:00:00 2001
From: jiangweidong <1053570670@qq.com>
Date: Fri, 4 Jul 2025 17:38:45 +0800
Subject: [PATCH] fix: SSO access to web assets with encrypted password
 auto-filling

---
 apps/authentication/middleware.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/apps/authentication/middleware.py b/apps/authentication/middleware.py
index 53b91fbee..4a6ba634a 100644
--- a/apps/authentication/middleware.py
+++ b/apps/authentication/middleware.py
@@ -120,7 +120,10 @@ class SessionCookieMiddleware(MiddlewareMixin):
     USER_LOGIN_ENCRYPTION_KEY_PAIR = 'user_login_encryption_key_pair'
 
     def set_cookie_public_key(self, request, response):
-        if request.path.startswith('/api'):
+        whitelist = [
+            '/api/v1/authentication/sso/login/',
+        ]
+        if request.path.startswith('/api') and request.path not in whitelist:
             return
 
         session_public_key_name = settings.SESSION_RSA_PUBLIC_KEY_NAME