OpenWebUI/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui synced 2025-06-12 17:33:11 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity
11,284 Commits 2 Branches 111 Tags 614 MiB
dev
Commit Graph

27 Commits

Author SHA1 Message Date
Timothy Jaeryang Baek
9b9d5d84f4 fix: trusted header email case sensitive issue 2025-06-12 12:22:15 +04:00
sasidhar
6860dec08f fix: properly sign out user on trusted email mismatch 
When using trusted email header authentication, properly sign out the user
when the logged-in user's email doesn't match the trusted email header value.
This ensures proper session cleanup when the OAuth server changes the
authenticated user.

- Add response parameter to get_current_user function
- Delete JWT token cookie on email mismatch
- Delete OAuth token cookie if present
- Force re-authentication with 401 error
 2025-06-08 14:26:55 +05:30
sasidhar
61f49ff580 fix: ensure trusted email header matches logged-in user 
When using trusted email header authentication, verify that the logged-in user's
email matches the value in the header. This prevents session conflicts when the
OAuth server changes the authenticated user.

- Move trusted email verification after user existence check
- Raise 401 if email mismatch is detected
- Only perform verification when WEBUI_AUTH_TRUSTED_EMAIL_HEADER is enabled
 2025-06-08 14:16:10 +05:30
Jarrod Lowe
df853246f3 Add user details to otel span 2025-05-17 09:11:26 +12:00
Timothy Jaeryang Baek
0c0505e1cd refac 2025-04-05 04:05:52 -06:00
Timothy Jaeryang Baek
4ad10f0c6e chore: format 2025-04-05 01:31:45 -06:00
Juan Calderon-Perez
1c57e3e02c
Fix API_KEY_ALLOWED_ENDPOINTS 2025-04-03 23:52:10 -04:00
Silentoplayz
d65471c420 fix 
my dev environment works again!
 2025-04-02 11:28:45 -04:00
Timothy Jaeryang Baek
23bb0d927f chore: format 2025-03-05 18:10:24 -08:00
Timothy Jaeryang Baek
36ffa9824b refac 2025-03-04 01:16:25 -08:00
Timothy Jaeryang Baek
a4747c88e0 refac 2025-03-04 00:33:19 -08:00
Timothy Jaeryang Baek
39ea59edc8 chore: format 2025-03-04 00:32:27 -08:00
Timothy Jaeryang Baek
fcbdfbd744 refac 2025-02-26 23:35:09 -08:00
Timothy Jaeryang Baek
ddb30589e3 chore: format 
HIDE MODELS
 2025-02-26 22:18:18 -08:00
Timothy Jaeryang Baek
674d6e08fc
Merge pull request #10809 from TobiasGoerke/feat/update_timestamp_asynchronously 
feat: update get_current_user to refresh last active timestamp asynchronously
 2025-02-26 02:38:06 -08:00
Tobias Goerke
76891f4760 feat: update get_current_user to refresh last active timestamp asynchronously 2025-02-26 10:53:47 +01:00
Yifang Deng
0e5d5ecb81
refactor: replace print statements with logging for better error tracking 2025-02-25 15:53:55 +01:00
Timothy Jaeryang Baek
1764170307 refac 2025-02-17 21:34:06 -08:00
Timothy Jaeryang Baek
82189066e8 refac 2025-02-16 18:35:09 -08:00
Timothy Jaeryang Baek
63cf80a456 refac 2025-02-16 00:11:18 -08:00
Timothy Jaeryang Baek
99c3194181 fix: API_KEY_ALLOWED_ENDPOINTS 2025-01-03 13:08:21 -08:00
Timothy Jaeryang Baek
99386bf680 fix: api key restrictions 2024-12-27 00:32:25 -08:00
Timothy Jaeryang Baek
4f93ecf519 refac 2024-12-26 20:58:46 -08:00
Timothy Jaeryang Baek
1e974439d9 enh: configurable api key endpoint restrictions 2024-12-26 20:57:51 -08:00
Timothy Jaeryang Baek
a2366a20ba refac: api key auth allowed paths 2024-12-24 23:32:34 -07:00
Timothy Jaeryang Baek
d3d161f723 wip 2024-12-10 00:54:13 -08:00
Timothy Jaeryang Baek
33099bf9e4 refac 2024-12-08 16:01:56 -08:00