mirror of
https://github.com/open-webui/open-webui
synced 2025-06-26 18:26:48 +00:00
refac
Some checks are pending
Deploy to HuggingFace Spaces / check-secret (push) Waiting to run
Deploy to HuggingFace Spaces / deploy (push) Blocked by required conditions
Create and publish Docker images with specific build args / build-main-image (linux/amd64, ubuntu-latest) (push) Waiting to run
Create and publish Docker images with specific build args / build-main-image (linux/arm64, ubuntu-24.04-arm) (push) Waiting to run
Create and publish Docker images with specific build args / build-cuda-image (linux/amd64, ubuntu-latest) (push) Waiting to run
Create and publish Docker images with specific build args / build-cuda-image (linux/arm64, ubuntu-24.04-arm) (push) Waiting to run
Create and publish Docker images with specific build args / build-cuda126-image (linux/amd64, ubuntu-latest) (push) Waiting to run
Create and publish Docker images with specific build args / build-cuda126-image (linux/arm64, ubuntu-24.04-arm) (push) Waiting to run
Create and publish Docker images with specific build args / build-ollama-image (linux/amd64, ubuntu-latest) (push) Waiting to run
Create and publish Docker images with specific build args / build-ollama-image (linux/arm64, ubuntu-24.04-arm) (push) Waiting to run
Create and publish Docker images with specific build args / merge-main-images (push) Blocked by required conditions
Create and publish Docker images with specific build args / merge-cuda-images (push) Blocked by required conditions
Create and publish Docker images with specific build args / merge-cuda126-images (push) Blocked by required conditions
Create and publish Docker images with specific build args / merge-ollama-images (push) Blocked by required conditions
Python CI / Format Backend (3.11.x) (push) Waiting to run
Python CI / Format Backend (3.12.x) (push) Waiting to run
Frontend Build / Format & Build Frontend (push) Waiting to run
Frontend Build / Frontend Unit Tests (push) Waiting to run
Some checks are pending
Deploy to HuggingFace Spaces / check-secret (push) Waiting to run
Deploy to HuggingFace Spaces / deploy (push) Blocked by required conditions
Create and publish Docker images with specific build args / build-main-image (linux/amd64, ubuntu-latest) (push) Waiting to run
Create and publish Docker images with specific build args / build-main-image (linux/arm64, ubuntu-24.04-arm) (push) Waiting to run
Create and publish Docker images with specific build args / build-cuda-image (linux/amd64, ubuntu-latest) (push) Waiting to run
Create and publish Docker images with specific build args / build-cuda-image (linux/arm64, ubuntu-24.04-arm) (push) Waiting to run
Create and publish Docker images with specific build args / build-cuda126-image (linux/amd64, ubuntu-latest) (push) Waiting to run
Create and publish Docker images with specific build args / build-cuda126-image (linux/arm64, ubuntu-24.04-arm) (push) Waiting to run
Create and publish Docker images with specific build args / build-ollama-image (linux/amd64, ubuntu-latest) (push) Waiting to run
Create and publish Docker images with specific build args / build-ollama-image (linux/arm64, ubuntu-24.04-arm) (push) Waiting to run
Create and publish Docker images with specific build args / merge-main-images (push) Blocked by required conditions
Create and publish Docker images with specific build args / merge-cuda-images (push) Blocked by required conditions
Create and publish Docker images with specific build args / merge-cuda126-images (push) Blocked by required conditions
Create and publish Docker images with specific build args / merge-ollama-images (push) Blocked by required conditions
Python CI / Format Backend (3.11.x) (push) Waiting to run
Python CI / Format Backend (3.12.x) (push) Waiting to run
Frontend Build / Format & Build Frontend (push) Waiting to run
Frontend Build / Frontend Unit Tests (push) Waiting to run
This commit is contained in:
Timothy Jaeryang Baek
parent
0d00971dad
commit
371bdd7afa
@ -207,9 +207,39 @@ class GroupTable:
|
||||
except Exception:
|
||||
return False
|
||||
|
||||
def sync_user_groups_by_group_names(
|
||||
def create_groups_by_group_names(
|
||||
self, user_id: str, group_names: list[str]
|
||||
) -> bool:
|
||||
) -> list[GroupModel]:
|
||||
|
||||
# check for existing groups
|
||||
existing_groups = self.get_groups()
|
||||
existing_group_names = {group.name for group in existing_groups}
|
||||
|
||||
new_groups = []
|
||||
|
||||
with get_db() as db:
|
||||
for group_name in group_names:
|
||||
if group_name not in existing_group_names:
|
||||
new_group = GroupModel(
|
||||
id=str(uuid.uuid4()),
|
||||
user_id=user_id,
|
||||
name=group_name,
|
||||
description="",
|
||||
created_at=int(time.time()),
|
||||
updated_at=int(time.time()),
|
||||
)
|
||||
try:
|
||||
result = Group(**new_group.model_dump())
|
||||
db.add(result)
|
||||
db.commit()
|
||||
db.refresh(result)
|
||||
new_groups.append(GroupModel.model_validate(result))
|
||||
except Exception as e:
|
||||
log.exception(e)
|
||||
continue
|
||||
return new_groups
|
||||
|
||||
def sync_groups_by_group_names(self, user_id: str, group_names: list[str]) -> bool:
|
||||
with get_db() as db:
|
||||
try:
|
||||
groups = db.query(Group).filter(Group.name.in_(group_names)).all()
|
||||
|
||||
@ -228,18 +228,23 @@ async def ldap_auth(request: Request, response: Response, form_data: LdapForm):
|
||||
if not connection_app.bind():
|
||||
raise HTTPException(400, detail="Application account bind failed")
|
||||
|
||||
ENABLE_LDAP_GROUP_MANAGEMENT = request.app.state.config.ENABLE_LDAP_GROUP_MANAGEMENT
|
||||
ENABLE_LDAP_GROUP_MANAGEMENT = (
|
||||
request.app.state.config.ENABLE_LDAP_GROUP_MANAGEMENT
|
||||
)
|
||||
ENABLE_LDAP_GROUP_CREATION = request.app.state.config.ENABLE_LDAP_GROUP_CREATION
|
||||
LDAP_ATTRIBUTE_FOR_GROUPS = request.app.state.config.LDAP_ATTRIBUTE_FOR_GROUPS
|
||||
|
||||
|
||||
search_attributes = [
|
||||
f"{LDAP_ATTRIBUTE_FOR_USERNAME}",
|
||||
f"{LDAP_ATTRIBUTE_FOR_MAIL}",
|
||||
"cn",
|
||||
]
|
||||
|
||||
|
||||
if ENABLE_LDAP_GROUP_MANAGEMENT:
|
||||
search_attributes.append(f"{LDAP_ATTRIBUTE_FOR_GROUPS}")
|
||||
log.info(f"LDAP Group Management enabled. Adding {LDAP_ATTRIBUTE_FOR_GROUPS} to search attributes")
|
||||
log.info(
|
||||
f"LDAP Group Management enabled. Adding {LDAP_ATTRIBUTE_FOR_GROUPS} to search attributes"
|
||||
)
|
||||
|
||||
log.info(f"LDAP search attributes: {search_attributes}")
|
||||
|
||||
@ -273,55 +278,64 @@ async def ldap_auth(request: Request, response: Response, form_data: LdapForm):
|
||||
if ENABLE_LDAP_GROUP_MANAGEMENT and LDAP_ATTRIBUTE_FOR_GROUPS in entry:
|
||||
group_dns = entry[LDAP_ATTRIBUTE_FOR_GROUPS]
|
||||
log.info(f"LDAP raw group DNs for user {username}: {group_dns}")
|
||||
|
||||
|
||||
if group_dns:
|
||||
log.info(f"LDAP group_dns original: {group_dns}")
|
||||
log.info(f"LDAP group_dns type: {type(group_dns)}")
|
||||
log.info(f"LDAP group_dns length: {len(group_dns)}")
|
||||
|
||||
if hasattr(group_dns, 'value'):
|
||||
|
||||
if hasattr(group_dns, "value"):
|
||||
group_dns = group_dns.value
|
||||
log.info(f"Extracted .value property: {group_dns}")
|
||||
elif hasattr(group_dns, '__iter__') and not isinstance(group_dns, (str, bytes)):
|
||||
elif hasattr(group_dns, "__iter__") and not isinstance(
|
||||
group_dns, (str, bytes)
|
||||
):
|
||||
group_dns = list(group_dns)
|
||||
log.info(f"Converted to list: {group_dns}")
|
||||
elif not isinstance(group_dns, list):
|
||||
group_dns = [group_dns]
|
||||
|
||||
|
||||
if isinstance(group_dns, list):
|
||||
group_dns = [str(item) for item in group_dns]
|
||||
else:
|
||||
group_dns = [str(group_dns)]
|
||||
|
||||
log.info(f"LDAP group_dns after processing - type: {type(group_dns)}, length: {len(group_dns)}")
|
||||
|
||||
for i, group_dn in enumerate(group_dns):
|
||||
group_dn_str = str(group_dn)
|
||||
log.info(f"Processing group DN #{i+1}: {group_dn_str}")
|
||||
|
||||
|
||||
log.info(
|
||||
f"LDAP group_dns after processing - type: {type(group_dns)}, length: {len(group_dns)}"
|
||||
)
|
||||
|
||||
for group_idx, group_dn in enumerate(group_dns):
|
||||
group_dn = str(group_dn)
|
||||
log.info(f"Processing group DN #{group_idx + 1}: {group_dn}")
|
||||
|
||||
try:
|
||||
cn_part = None
|
||||
dn_parts = group_dn_str.split(',')
|
||||
log.debug(f"DN parts: {dn_parts}")
|
||||
|
||||
for part in dn_parts:
|
||||
part = part.strip()
|
||||
if part.upper().startswith('CN='):
|
||||
cn_part = part[3:]
|
||||
group_cn = None
|
||||
|
||||
for item in group_dn.split(","):
|
||||
item = item.strip()
|
||||
if item.upper().startswith("CN="):
|
||||
group_cn = item[3:]
|
||||
break
|
||||
|
||||
if cn_part:
|
||||
user_groups.append(cn_part)
|
||||
|
||||
if group_cn:
|
||||
user_groups.append(group_cn)
|
||||
|
||||
else:
|
||||
log.warning(f"Could not extract CN from group DN: {group_dn_str}")
|
||||
log.warning(
|
||||
f"Could not extract CN from group DN: {group_dn}"
|
||||
)
|
||||
except Exception as e:
|
||||
log.warning(f"Failed to extract group name from DN {group_dn_str}: {e}")
|
||||
|
||||
log.info(f"LDAP groups for user {username}: {user_groups} (total: {len(user_groups)})")
|
||||
log.warning(
|
||||
f"Failed to extract group name from DN {group_dn}: {e}"
|
||||
)
|
||||
|
||||
log.info(
|
||||
f"LDAP groups for user {username}: {user_groups} (total: {len(user_groups)})"
|
||||
)
|
||||
else:
|
||||
log.info(f"No groups found for user {username}")
|
||||
elif ENABLE_LDAP_GROUP_MANAGEMENT:
|
||||
log.warning(f"LDAP Group Management enabled but {LDAP_ATTRIBUTE_FOR_GROUPS} attribute not found in user entry")
|
||||
log.warning(
|
||||
f"LDAP Group Management enabled but {LDAP_ATTRIBUTE_FOR_GROUPS} attribute not found in user entry"
|
||||
)
|
||||
|
||||
if username == form_data.user.lower():
|
||||
connection_user = Connection(
|
||||
@ -398,26 +412,19 @@ async def ldap_auth(request: Request, response: Response, form_data: LdapForm):
|
||||
user.id, request.app.state.config.USER_PERMISSIONS
|
||||
)
|
||||
|
||||
if ENABLE_LDAP_GROUP_MANAGEMENT and user_groups and request.app.state.config.ENABLE_LDAP_GROUP_CREATION:
|
||||
from open_webui.models.groups import GroupForm
|
||||
existing_groups = Groups.get_groups()
|
||||
existing_group_names = [grp.name for grp in existing_groups]
|
||||
log.info(f"Existing groups: {existing_group_names}")
|
||||
|
||||
for i, g in enumerate(user_groups):
|
||||
if not any(grp.name == g for grp in existing_groups):
|
||||
try:
|
||||
Groups.insert_new_group(user.id, GroupForm(name=g, description=f"{LDAP_SERVER_LABEL}"))
|
||||
log.info(f"Successfully created group '{g}'")
|
||||
except Exception as e:
|
||||
log.error(f"Failed to create group '{g}': {e}")
|
||||
else:
|
||||
log.info(f"Group {g} already exists")
|
||||
if (
|
||||
user.role != "admin"
|
||||
and ENABLE_LDAP_GROUP_MANAGEMENT
|
||||
and user_groups
|
||||
):
|
||||
if ENABLE_LDAP_GROUP_CREATION:
|
||||
Groups.create_groups_by_group_names(user.id, user_groups)
|
||||
|
||||
if ENABLE_LDAP_GROUP_MANAGEMENT and user_groups and user.role != "admin":
|
||||
try:
|
||||
Groups.sync_user_groups_by_group_names(user.id, user_groups)
|
||||
log.info(f"Successfully synced groups for user {user.id}: {user_groups}")
|
||||
Groups.sync_groups_by_group_names(user.id, user_groups)
|
||||
log.info(
|
||||
f"Successfully synced groups for user {user.id}: {user_groups}"
|
||||
)
|
||||
except Exception as e:
|
||||
log.error(f"Failed to sync groups for user {user.id}: {e}")
|
||||
|
||||
@ -473,7 +480,7 @@ async def signin(request: Request, response: Response, form_data: SigninForm):
|
||||
group_names = [name.strip() for name in group_names if name.strip()]
|
||||
|
||||
if group_names:
|
||||
Groups.sync_user_groups_by_group_names(user.id, group_names)
|
||||
Groups.sync_groups_by_group_names(user.id, group_names)
|
||||
|
||||
elif WEBUI_AUTH == False:
|
||||
admin_email = "admin@localhost"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user