OpenWebUI/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui synced 2025-06-26 18:26:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
61f49ff580
open-webui/backend/open_webui/utils
History
sasidhar 61f49ff580 fix: ensure trusted email header matches logged-in user 
When using trusted email header authentication, verify that the logged-in user's
email matches the value in the header. This prevents session conflicts when the
OAuth server changes the authenticated user.

- Move trusted email verification after user existence check
- Raise 401 if email mismatch is detected
- Only perform verification when WEBUI_AUTH_TRUSTED_EMAIL_HEADER is enabled
2025-06-08 14:16:10 +05:30
..
images
telemetry
access_control.py
audit.py enh: failed login attempts audit log 2025-04-23 00:06:44 +09:00
auth.py fix: ensure trusted email header matches logged-in user 2025-06-08 14:16:10 +05:30
chat.py Prevent duplicate function module loads with caching helper and refactor 2025-05-27 18:08:58 +09:00
code_interpreter.py chore: format 2025-05-10 19:00:01 +04:00
filter.py refac 2025-05-28 01:41:49 +04:00
logger.py
middleware.py refac: better memory error handling 2025-05-30 00:12:28 +04:00
misc.py refac 2025-05-28 01:34:53 +04:00
models.py chore: format 2025-05-29 02:36:33 +04:00
oauth.py refac: oauth redirect url to use WEBUI_URL 2025-05-23 01:03:28 +04:00
payload.py enh: better custom param handling 2025-05-29 23:32:14 +04:00
pdf_generator.py
plugin.py refac 2025-05-28 01:42:42 +04:00
redis.py chore: format 2025-04-12 16:35:11 -07:00
response.py
security_headers.py
task.py fix: local/external models 2025-05-23 02:48:31 +04:00
tools.py enh: allow custom openapi json url 2025-05-27 00:20:47 +04:00
webhook.py