fix(auth): fix invalid password use in auth

2025-06-26 18:26:48 +00:00 · 2025-05-22 11:03:43 +08:00
parent 65a44a3900
commit dd6124a84f
3 changed files with 12 additions and 4 deletions
--- a/backend/open_webui/models/auths.py
+++ b/backend/open_webui/models/auths.py
@@ -129,12 +129,16 @@ class AuthsTable:

    def authenticate_user(self, email: str, password: str) -> Optional[UserModel]:
        log.info(f"authenticate_user: {email}")
+
+        user = Users.get_user_by_email(email)
+        if not user:
+            return None
+
        try:
            with get_db() as db:
-                auth = db.query(Auth).filter_by(email=email, active=True).first()
+                auth = db.query(Auth).filter_by(id=user.id, active=True).first()
                if auth:
                    if verify_password(password, auth.password):
-                        user = Users.get_user_by_id(auth.id)
                        return user
                    else:
                        return None