From 7baa67dfe8539fba8b036eefedb18fb2a336acc3 Mon Sep 17 00:00:00 2001
From: Magicbook1108 <newyorkupperbay@gmail.com>
Date: Wed, 17 Dec 2025 16:29:20 +0800
Subject: [PATCH] Feat: Reject default admin account log in to normal services
 (#11994)

### What problem does this PR solve?

Feat: Reject default admin account log in to normal services
#11854
#11673

### Type of change

- [x] New Feature (non-breaking change which adds functionality)
---
 api/apps/user_app.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/api/apps/user_app.py b/api/apps/user_app.py
index 53876826c..50c0b4d76 100644
--- a/api/apps/user_app.py
+++ b/api/apps/user_app.py
@@ -98,6 +98,9 @@ async def login():
         return get_json_result(data=False, code=RetCode.AUTHENTICATION_ERROR, message="Unauthorized!")
 
     email = json_body.get("email", "")
+    if email == "admin@ragflow.io":
+        return get_json_result(data=False, code=RetCode.AUTHENTICATION_ERROR, message="Default admin account cannot be used to login normal services!")
+    
     users = UserService.query(email=email)
     if not users:
         return get_json_result(