fix(auth): fix invalid password use in auth

2025-06-26 18:26:48 +00:00 · 2025-05-22 11:03:43 +08:00 · 2025-05-22 11:03:43 +08:00 · dd6124a84f
commit dd6124a84f
parent 65a44a3900
3 changed files with 12 additions and 4 deletions
--- a/backend/open_webui/models/auths.py
+++ b/backend/open_webui/models/auths.py
@ -129,12 +129,16 @@ class AuthsTable:

    def authenticate_user(self, email: str, password: str) -> Optional[UserModel]:
        log.info(f"authenticate_user: {email}")
+
+        user = Users.get_user_by_email(email)
+        if not user:
+            return None
+
        try:
            with get_db() as db:
-                auth = db.query(Auth).filter_by(email=email, active=True).first()
+                auth = db.query(Auth).filter_by(id=user.id, active=True).first()
                if auth:
                    if verify_password(password, auth.password):
-                        user = Users.get_user_by_id(auth.id)
                        return user
                    else:
                        return None
--- a/backend/open_webui/retrieval/web/searchapi.py
+++ b/backend/open_webui/retrieval/web/searchapi.py
@ -42,7 +42,9 @@ def search_searchapi(
        results = get_filtered_results(results, filter_list)
    return [
        SearchResult(
-            link=result["link"], title=result.get("title"), snippet=result.get("snippet")
+            link=result["link"],
+            title=result.get("title"),
+            snippet=result.get("snippet"),
        )
        for result in results[:count]
    ]
--- a/backend/open_webui/retrieval/web/serpapi.py
+++ b/backend/open_webui/retrieval/web/serpapi.py
@ -42,7 +42,9 @@ def search_serpapi(
        results = get_filtered_results(results, filter_list)
    return [
        SearchResult(
-            link=result["link"], title=result.get("title"), snippet=result.get("snippet")
+            link=result["link"],
+            title=result.get("title"),
+            snippet=result.get("snippet"),
        )
        for result in results[:count]
    ]