UniqAI/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui synced 2024-12-28 14:52:23 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

feat: update signout functionality to use OpenID configuration for logout URL and remove the logout variable from config

Browse Source
This commit is contained in:
Zaiban Ali 2024-12-07 15:13:13 +01:00
parent d5ce85f34a
commit 9918ec6246
3 changed files with 20 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
backend/open_webui/apps/webui/routers/auths.py
View File

@ -3,6 +3,7 @@ import uuid
import time import time
import datetime import datetime
import logging import logging
import httpx
from open_webui.apps.webui.models.auths import ( from open_webui.apps.webui.models.auths import (
AddUserForm, AddUserForm,
@ -31,8 +32,7 @@ from open_webui.env import (
from fastapi import APIRouter, Depends, HTTPException, Request, status from fastapi import APIRouter, Depends, HTTPException, Request, status
from fastapi.responses import RedirectResponse, Response from fastapi.responses import RedirectResponse, Response
from open_webui.config import ( from open_webui.config import (
OAUTH_PROVIDER_NAME, OPENID_PROVIDER_URL,
OAUTH_LOGOUT_URL,
) )
from pydantic import BaseModel from pydantic import BaseModel
from open_webui.utils.misc import parse_duration, validate_email_format from open_webui.utils.misc import parse_duration, validate_email_format
@ -504,13 +504,23 @@ async def signup(request: Request, response: Response, form_data: SignupForm):
@router.get("/signout") @router.get("/signout")
async def signout(request: Request, response: Response): async def signout(request: Request, response: Response):
response.delete_cookie("token") response.delete_cookie("token")
if OAUTH_PROVIDER_NAME.value == "keycloak" and OAUTH_LOGOUT_URL: id_token = request.cookies.get("id_token", None)
id_token = request.cookies.get("id_token", None) if id_token:
if id_token: async with httpx.AsyncClient() as client:
logout_url = f"{OAUTH_LOGOUT_URL}?id_token_hint={id_token}" try:
response.delete_cookie("id_token") openid_config = await client.get(OPENID_PROVIDER_URL.value)
return RedirectResponse(url=logout_url) openid_config.raise_for_status()
openid_data = openid_config.json()
end_session_endpoint = openid_data.get("end_session_endpoint")
if end_session_endpoint:
logout_url = f"{end_session_endpoint}?id_token_hint={id_token}"
response.delete_cookie("id_token")
return RedirectResponse(url=logout_url)
except httpx.HTTPStatusError as e:
raise HTTPException(status_code=e.response.status_code, detail="Failed to fetch OpenID configuration")
except Exception as e:
raise HTTPException(status_code=500, detail=str(e))
# Fall back to the default signout # Fall back to the default signout
return {"status": True} return {"status": True}

6
backend/open_webui/config.py
View File

@ -384,12 +384,6 @@ OAUTH_PROVIDER_NAME = PersistentConfig(
os.environ.get("OAUTH_PROVIDER_NAME", "SSO"), os.environ.get("OAUTH_PROVIDER_NAME", "SSO"),
) )
OAUTH_LOGOUT_URL = PersistentConfig(
"OAUTH_LOGOUT_URL",
"oauth.oidc.logout_url",
os.environ.get("OAUTH_LOGOUT_URL", ""),
)
OAUTH_USERNAME_CLAIM = PersistentConfig( OAUTH_USERNAME_CLAIM = PersistentConfig(
"OAUTH_USERNAME_CLAIM", "OAUTH_USERNAME_CLAIM",
"oauth.oidc.username_claim", "oauth.oidc.username_claim",

2
backend/open_webui/utils/oauth.py
View File

@ -254,7 +254,7 @@ class OAuthManager:
secure=WEBUI_SESSION_COOKIE_SECURE, secure=WEBUI_SESSION_COOKIE_SECURE,
) )
if OAUTH_PROVIDER_NAME.value == "keycloak": if OAUTH_PROVIDER_NAME.value:
id_token = token.get("id_token") id_token = token.get("id_token")
response.set_cookie( response.set_cookie(
key="id_token", key="id_token",