mirror of
https://github.com/open-webui/open-webui
synced 2025-05-31 11:00:49 +00:00
Added OAUTH_USE_PICTURE_CLAIM env var
Added OAUTH_USE_PICTURE_CLAIM to config.py Added check to oauth.py on OAUTH_USE_PICTURE_CLAIM, to decide whether to user the profile picture in the claim or the default user.png
This commit is contained in:
CityOfBunbury
parent
04799f1f95
commit
548c7f17d7
@ -331,6 +331,12 @@ JWT_EXPIRES_IN = PersistentConfig(
|
|||||||
# OAuth config
|
# OAuth config
|
||||||
####################################
|
####################################
|
||||||
|
|
||||||
|
OAUTH_USE_PICTURE_CLAIM = PersistentConfig(
|
||||||
|
"OAUTH_USE_PICTURE_CLAIM",
|
||||||
|
"oauth.oidc.use_picture_claim",
|
||||||
|
os.environ.get("OAUTH_USE_PICTURE_CLAIM", "True").lower() == "true",
|
||||||
|
)
|
||||||
|
|
||||||
ENABLE_OAUTH_SIGNUP = PersistentConfig(
|
ENABLE_OAUTH_SIGNUP = PersistentConfig(
|
||||||
"ENABLE_OAUTH_SIGNUP",
|
"ENABLE_OAUTH_SIGNUP",
|
||||||
"oauth.enable_signup",
|
"oauth.enable_signup",
|
||||||
|
|||||||
@ -23,6 +23,7 @@ from open_webui.config import (
|
|||||||
OAUTH_PROVIDERS,
|
OAUTH_PROVIDERS,
|
||||||
ENABLE_OAUTH_ROLE_MANAGEMENT,
|
ENABLE_OAUTH_ROLE_MANAGEMENT,
|
||||||
ENABLE_OAUTH_GROUP_MANAGEMENT,
|
ENABLE_OAUTH_GROUP_MANAGEMENT,
|
||||||
|
OAUTH_USE_PICTURE_CLAIM,
|
||||||
OAUTH_ROLES_CLAIM,
|
OAUTH_ROLES_CLAIM,
|
||||||
OAUTH_GROUPS_CLAIM,
|
OAUTH_GROUPS_CLAIM,
|
||||||
OAUTH_EMAIL_CLAIM,
|
OAUTH_EMAIL_CLAIM,
|
||||||
@ -57,6 +58,7 @@ auth_manager_config.ENABLE_OAUTH_SIGNUP = ENABLE_OAUTH_SIGNUP
|
|||||||
auth_manager_config.OAUTH_MERGE_ACCOUNTS_BY_EMAIL = OAUTH_MERGE_ACCOUNTS_BY_EMAIL
|
auth_manager_config.OAUTH_MERGE_ACCOUNTS_BY_EMAIL = OAUTH_MERGE_ACCOUNTS_BY_EMAIL
|
||||||
auth_manager_config.ENABLE_OAUTH_ROLE_MANAGEMENT = ENABLE_OAUTH_ROLE_MANAGEMENT
|
auth_manager_config.ENABLE_OAUTH_ROLE_MANAGEMENT = ENABLE_OAUTH_ROLE_MANAGEMENT
|
||||||
auth_manager_config.ENABLE_OAUTH_GROUP_MANAGEMENT = ENABLE_OAUTH_GROUP_MANAGEMENT
|
auth_manager_config.ENABLE_OAUTH_GROUP_MANAGEMENT = ENABLE_OAUTH_GROUP_MANAGEMENT
|
||||||
|
auth_manager_config.OAUTH_USE_PICTURE_CLAIM = OAUTH_USE_PICTURE_CLAIM
|
||||||
auth_manager_config.OAUTH_ROLES_CLAIM = OAUTH_ROLES_CLAIM
|
auth_manager_config.OAUTH_ROLES_CLAIM = OAUTH_ROLES_CLAIM
|
||||||
auth_manager_config.OAUTH_GROUPS_CLAIM = OAUTH_GROUPS_CLAIM
|
auth_manager_config.OAUTH_GROUPS_CLAIM = OAUTH_GROUPS_CLAIM
|
||||||
auth_manager_config.OAUTH_EMAIL_CLAIM = OAUTH_EMAIL_CLAIM
|
auth_manager_config.OAUTH_EMAIL_CLAIM = OAUTH_EMAIL_CLAIM
|
||||||
@ -325,41 +327,46 @@ class OAuthManager:
|
|||||||
if existing_user:
|
if existing_user:
|
||||||
raise HTTPException(400, detail=ERROR_MESSAGES.EMAIL_TAKEN)
|
raise HTTPException(400, detail=ERROR_MESSAGES.EMAIL_TAKEN)
|
||||||
|
|
||||||
picture_claim = auth_manager_config.OAUTH_PICTURE_CLAIM
|
# Check if we should use the picture claim based on configuration
|
||||||
picture_url = user_data.get(
|
if auth_manager_config.OAUTH_USE_PICTURE_CLAIM:
|
||||||
picture_claim, OAUTH_PROVIDERS[provider].get("picture_url", "")
|
picture_claim = auth_manager_config.OAUTH_PICTURE_CLAIM
|
||||||
)
|
picture_url = user_data.get(
|
||||||
if picture_url:
|
picture_claim, OAUTH_PROVIDERS[provider].get("picture_url", "")
|
||||||
# Download the profile image into a base64 string
|
)
|
||||||
try:
|
if picture_url:
|
||||||
access_token = token.get("access_token")
|
# Download the profile image into a base64 string
|
||||||
get_kwargs = {}
|
try:
|
||||||
if access_token:
|
access_token = token.get("access_token")
|
||||||
get_kwargs["headers"] = {
|
get_kwargs = {}
|
||||||
"Authorization": f"Bearer {access_token}",
|
if access_token:
|
||||||
}
|
get_kwargs["headers"] = {
|
||||||
async with aiohttp.ClientSession() as session:
|
"Authorization": f"Bearer {access_token}",
|
||||||
async with session.get(picture_url, **get_kwargs) as resp:
|
}
|
||||||
if resp.ok:
|
async with aiohttp.ClientSession() as session:
|
||||||
picture = await resp.read()
|
async with session.get(picture_url, **get_kwargs) as resp:
|
||||||
base64_encoded_picture = base64.b64encode(
|
if resp.ok:
|
||||||
picture
|
picture = await resp.read()
|
||||||
).decode("utf-8")
|
base64_encoded_picture = base64.b64encode(
|
||||||
guessed_mime_type = mimetypes.guess_type(
|
picture
|
||||||
picture_url
|
).decode("utf-8")
|
||||||
)[0]
|
guessed_mime_type = mimetypes.guess_type(
|
||||||
if guessed_mime_type is None:
|
picture_url
|
||||||
# assume JPG, browsers are tolerant enough of image formats
|
)[0]
|
||||||
guessed_mime_type = "image/jpeg"
|
if guessed_mime_type is None:
|
||||||
picture_url = f"data:{guessed_mime_type};base64,{base64_encoded_picture}"
|
# assume JPG, browsers are tolerant enough of image formats
|
||||||
else:
|
guessed_mime_type = "image/jpeg"
|
||||||
picture_url = "/user.png"
|
picture_url = f"data:{guessed_mime_type};base64,{base64_encoded_picture}"
|
||||||
except Exception as e:
|
else:
|
||||||
log.error(
|
picture_url = "/user.png"
|
||||||
f"Error downloading profile image '{picture_url}': {e}"
|
except Exception as e:
|
||||||
)
|
log.error(
|
||||||
|
f"Error downloading profile image '{picture_url}': {e}"
|
||||||
|
)
|
||||||
|
picture_url = "/user.png"
|
||||||
|
if not picture_url:
|
||||||
picture_url = "/user.png"
|
picture_url = "/user.png"
|
||||||
if not picture_url:
|
else:
|
||||||
|
# If OAUTH_USE_PICTURE_CLAIM is False, just use the default image
|
||||||
picture_url = "/user.png"
|
picture_url = "/user.png"
|
||||||
|
|
||||||
username_claim = auth_manager_config.OAUTH_USERNAME_CLAIM
|
username_claim = auth_manager_config.OAUTH_USERNAME_CLAIM
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user