From 0c3f9a16e3c3ecd882b69bea2363902889a3c4c8 Mon Sep 17 00:00:00 2001 From: Sergey Mihaylin Date: Fri, 28 Jun 2024 16:31:40 +0300 Subject: [PATCH 1/4] custom env for set custom claims for openid --- backend/apps/webui/main.py | 5 +++++ backend/config.py | 12 ++++++++++++ backend/main.py | 6 ++++-- 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/backend/apps/webui/main.py b/backend/apps/webui/main.py index 28b1b4aac..e7f0683c6 100644 --- a/backend/apps/webui/main.py +++ b/backend/apps/webui/main.py @@ -39,6 +39,8 @@ from config import ( WEBUI_BANNERS, ENABLE_COMMUNITY_SHARING, AppConfig, + OAUTH_USERNAME_CLAIM, + OAUTH_PICTURE_CLAIM ) import inspect @@ -74,6 +76,9 @@ app.state.config.BANNERS = WEBUI_BANNERS app.state.config.ENABLE_COMMUNITY_SHARING = ENABLE_COMMUNITY_SHARING +app.state.config.OAUTH_USERNAME_CLAIM = OAUTH_USERNAME_CLAIM +app.state.config.OAUTH_PICTURE_CLAIM = OAUTH_PICTURE_CLAIM + app.state.MODELS = {} app.state.TOOLS = {} app.state.FUNCTIONS = {} diff --git a/backend/config.py b/backend/config.py index 3a825f53a..cd184aab8 100644 --- a/backend/config.py +++ b/backend/config.py @@ -395,6 +395,18 @@ OAUTH_PROVIDER_NAME = PersistentConfig( os.environ.get("OAUTH_PROVIDER_NAME", "SSO"), ) +OAUTH_USERNAME_CLAIM = PersistentConfig( + "OAUTH_USERNAME_CLAIM", + "oauth.oidc.username_claim", + os.environ.get("OAUTH_USERNAME_CLAIM", "name"), +) + +OAUTH_PICTURE_CLAIM = PersistentConfig( + "OAUTH_USERNAME_CLAIM", + "oauth.oidc.avatar_claim", + os.environ.get("OAUTH_PICTURE_CLAIM", "picture"), +) + def load_oauth_providers(): OAUTH_PROVIDERS.clear() diff --git a/backend/main.py b/backend/main.py index aae305c5e..b4fd10c21 100644 --- a/backend/main.py +++ b/backend/main.py @@ -1920,11 +1920,13 @@ async def oauth_callback(provider: str, request: Request, response: Response): # If the user does not exist, check if signups are enabled if ENABLE_OAUTH_SIGNUP.value: # Check if an existing user with the same email already exists - existing_user = Users.get_user_by_email(user_data.get("email", "").lower()) + email_claim = webui_app.state.config.OAUTH_USERNAME_CLAIM + existing_user = Users.get_user_by_email(user_data.get(email_claim, "").lower()) if existing_user: raise HTTPException(400, detail=ERROR_MESSAGES.EMAIL_TAKEN) - picture_url = user_data.get("picture", "") + picture_claim = webui_app.state.config.OAUTH_PICTURE_CLAIM + picture_url = user_data.get(picture_claim, "") if picture_url: # Download the profile image into a base64 string try: From 9f32e9ef602fdb25e69a95d41ae4a96358ed88f2 Mon Sep 17 00:00:00 2001 From: Sergey Mihaylin Date: Fri, 28 Jun 2024 17:08:32 +0300 Subject: [PATCH 2/4] fix username claim --- backend/main.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/backend/main.py b/backend/main.py index b4fd10c21..72527c310 100644 --- a/backend/main.py +++ b/backend/main.py @@ -1920,8 +1920,7 @@ async def oauth_callback(provider: str, request: Request, response: Response): # If the user does not exist, check if signups are enabled if ENABLE_OAUTH_SIGNUP.value: # Check if an existing user with the same email already exists - email_claim = webui_app.state.config.OAUTH_USERNAME_CLAIM - existing_user = Users.get_user_by_email(user_data.get(email_claim, "").lower()) + existing_user = Users.get_user_by_email(user_data.get("email", "").lower()) if existing_user: raise HTTPException(400, detail=ERROR_MESSAGES.EMAIL_TAKEN) @@ -1946,12 +1945,13 @@ async def oauth_callback(provider: str, request: Request, response: Response): picture_url = "" if not picture_url: picture_url = "/user.png" + username_claim = webui_app.state.config.OAUTH_USERNAME_CLAIM user = Auths.insert_new_auth( email=email, password=get_password_hash( str(uuid.uuid4()) ), # Random password, not used - name=user_data.get("name", "User"), + name=user_data.get(username_claim, "User"), profile_image_url=picture_url, role=webui_app.state.config.DEFAULT_USER_ROLE, oauth_sub=provider_sub, From e475f025b74250213b71b4c4853bfeae66573890 Mon Sep 17 00:00:00 2001 From: Sergey Mihaylin Date: Mon, 1 Jul 2024 10:25:25 +0300 Subject: [PATCH 3/4] fix: merge request fail (remove picture_claim) --- backend/main.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/backend/main.py b/backend/main.py index 3c4ffbbd2..edb7c74ae 100644 --- a/backend/main.py +++ b/backend/main.py @@ -1920,7 +1920,8 @@ async def oauth_callback(provider: str, request: Request, response: Response): if existing_user: raise HTTPException(400, detail=ERROR_MESSAGES.EMAIL_TAKEN) - picture_url = user_data.get("picture", "") + picture_claim = webui_app.state.config.OAUTH_PICTURE_CLAIM + picture_url = user_data.get(picture_claim, "") if picture_url: # Download the profile image into a base64 string try: From a94c7e5c0973811b82ff8443220286525d0b1929 Mon Sep 17 00:00:00 2001 From: Sergey Mihaylin Date: Mon, 1 Jul 2024 10:36:21 +0300 Subject: [PATCH 4/4] fix lint --- backend/apps/webui/main.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/apps/webui/main.py b/backend/apps/webui/main.py index e7f0683c6..8f1d8e334 100644 --- a/backend/apps/webui/main.py +++ b/backend/apps/webui/main.py @@ -40,7 +40,7 @@ from config import ( ENABLE_COMMUNITY_SHARING, AppConfig, OAUTH_USERNAME_CLAIM, - OAUTH_PICTURE_CLAIM + OAUTH_PICTURE_CLAIM, ) import inspect