add pending as role fallback

add logging to determine correct handling of oauth roles
2025-01-18 00:30:51 +00:00 · 2024-10-03 22:56:52 +02:00 · 2024-10-03 22:56:52 +02:00 · 0a7373dae1
commit 0a7373dae1
parent c9d948f284
1 changed files with 10 additions and 1 deletions
--- a/backend/open_webui/main.py
+++ b/backend/open_webui/main.py
@ -2250,10 +2250,16 @@ async def oauth_callback(provider: str, request: Request, response: Response):
        if Users.get_num_users() == 1:
            role = "admin"
        elif webui_app.state.config.ENABLE_OAUTH_ROLE_MAPPING:
-            oauth_roles = user_data.get(webui_app.state.config.OAUTH_ROLE_CLAIM)
+            oauth_roles = user_data.get(webui_app.state.config.OAUTH_ROLES_CLAIM)
+            log.info(f"User {user.name} has OAuth roles: {oauth_roles}")
            if oauth_roles:
                for allowed_role in ["pending", "user", "admin"]:
                    role = allowed_role if allowed_role in oauth_roles else role
+                    log.info(f"Applied role: {role} to user {user.name}")
+            else:
+                # If role mapping is enabled, but no roles are provided, fall back to pending
+                role = "pending"
+
        if role != user.role:
            Users.update_user_role_by_id(user.id, role)

@ -2305,6 +2311,9 @@ async def oauth_callback(provider: str, request: Request, response: Response):
                if oauth_roles:
                    for allowed_role in ["pending", "user", "admin"]:
                        role = allowed_role if allowed_role in oauth_roles else role
+                else:
+                    # If role mapping is enabled, but no roles are provided, fall back to pending
+                    role = "pending"

            user = Auths.insert_new_auth(
                email=email,