OpenWebUI/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui synced 2025-06-26 18:26:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix google cloud identity query string

Browse Source
This commit is contained in:
Brice Ruth 2025-06-16 17:49:42 -05:00
parent 8d6cf357aa
commit 30f4950c5c
No known key found for this signature in database
GPG Key ID: 5DFD569B02D44E21
1 changed files with 24 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
backend/open_webui/utils/oauth.py
View File

@ -4,6 +4,7 @@ import mimetypes
import sys import sys
import uuid import uuid
import json import json
from urllib.parse import quote
import aiohttp import aiohttp
from authlib.integrations.starlette_client import OAuth from authlib.integrations.starlette_client import OAuth
@ -194,7 +195,11 @@ class OAuthManager:
List of group email addresses the user belongs to List of group email addresses the user belongs to
""" """
groups = [] groups = []
url = f"https://cloudidentity.googleapis.com/v1/groups/-/memberships:searchTransitiveGroups?query=member_key_id=='{user_email}'" base_url = "https://content-cloudidentity.googleapis.com/v1/groups/-/memberships:searchTransitiveGroups"
# Create the query string with proper URL encoding
query_string = f"member_key_id == '{user_email}' && 'cloudidentity.googleapis.com/groups.security' in labels"
encoded_query = quote(query_string)
headers = { headers = {
"Authorization": f"Bearer {access_token}", "Authorization": f"Bearer {access_token}",
@ -206,26 +211,27 @@ class OAuthManager:
try: try:
async with aiohttp.ClientSession(trust_env=True) as session: async with aiohttp.ClientSession(trust_env=True) as session:
while True: while True:
# Build URL with query parameter
url = f"{base_url}?query={encoded_query}"
# Add page token to URL if present # Add page token to URL if present
current_url = url
if page_token: if page_token:
current_url += f"&pageToken={page_token}" url += f"&pageToken={quote(page_token)}"
log.debug(f"Fetching Google groups from: {current_url}") log.debug("Fetching Google groups via Cloud Identity API")
async with session.get( async with session.get(
current_url, headers=headers, ssl=AIOHTTP_CLIENT_SESSION_SSL url, headers=headers, ssl=AIOHTTP_CLIENT_SESSION_SSL
) as resp: ) as resp:
if resp.status == 200: if resp.status == 200:
data = await resp.json() data = await resp.json()
# Extract group emails from memberships # Extract group emails from memberships
memberships = data.get("memberships", []) memberships = data.get("memberships", [])
log.debug(f"Found {len(memberships)} memberships")
for membership in memberships: for membership in memberships:
group_info = membership.get("group", {}) group_key = membership.get("groupKey", {})
group_email = group_info.get("groupKey", {}).get( group_email = group_key.get("id", "")
"id", ""
)
if group_email: if group_email:
groups.append(group_email) groups.append(group_email)
log.debug(f"Found group membership: {group_email}") log.debug(f"Found group membership: {group_email}")
@ -236,9 +242,16 @@ class OAuthManager:
break break
else: else:
error_text = await resp.text() error_text = await resp.text()
log.warning( log.error(
f"Failed to fetch Google groups (status {resp.status}): {error_text}" f"Failed to fetch Google groups (status {resp.status})"
) )
# Log error details without sensitive information
try:
error_json = json.loads(error_text)
if "error" in error_json:
log.error(f"API error: {error_json['error'].get('message', 'Unknown error')}")
except json.JSONDecodeError:
log.error("Error response contains non-JSON data")
break break
except Exception as e: except Exception as e: