UniqAI/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui synced 2025-02-22 13:18:25 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Merge pull request #10410 from xinhai-ai/dev

Browse Source 
fix: GitHub OAuth email retrieval when public email is not set
This commit is contained in:
Timothy Jaeryang Baek 2025-02-19 23:16:46 -08:00 committed by GitHub
commit 0e20b15afe
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 29 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
backend/open_webui/utils/oauth.py
View File

@ -246,11 +246,37 @@ class OAuthManager:
raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED) raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)
provider_sub = f"{provider}@{sub}" provider_sub = f"{provider}@{sub}"
email_claim = auth_manager_config.OAUTH_EMAIL_CLAIM email_claim = auth_manager_config.OAUTH_EMAIL_CLAIM
email = user_data.get(email_claim, "").lower() email = user_data.get(email_claim, "")
# We currently mandate that email addresses are provided # We currently mandate that email addresses are provided
if not email: if not email:
log.warning(f"OAuth callback failed, email is missing: {user_data}") # If the provider is GitHub,and public email is not provided, we can use the access token to fetch the user's email
raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED) if provider == "github":
try:
access_token = token.get("access_token")
headers = {
"Authorization": f"Bearer {access_token}"
}
async with aiohttp.ClientSession() as session:
async with session.get("https://api.github.com/user/emails", headers=headers) as resp:
if resp.ok:
emails = await resp.json()
# use the primary email as the user's email
primary_email = next((e["email"] for e in emails if e.get("primary")), None)
if primary_email:
email = primary_email
else:
log.warning("No primary email found in GitHub response")
raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)
else:
log.warning("Failed to fetch GitHub email")
raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)
except Exception as e:
log.warning(f"Error fetching GitHub email: {e}")
raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)
else:
log.warning(f"OAuth callback failed, email is missing: {user_data}")
raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)
email = email.lower()
if ( if (
"*" not in auth_manager_config.OAUTH_ALLOWED_DOMAINS "*" not in auth_manager_config.OAUTH_ALLOWED_DOMAINS
and email.split("@")[-1] not in auth_manager_config.OAUTH_ALLOWED_DOMAINS and email.split("@")[-1] not in auth_manager_config.OAUTH_ALLOWED_DOMAINS