UniqAI/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui synced 2025-01-29 13:58:09 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Add oauth role mapping

Browse Source 
also add node env to allow local build to succeed
This commit is contained in:
Patrick Willnow 2024-10-03 11:12:14 +02:00
parent 1d225dd804
commit 9a691c0387
3 changed files with 35 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Dockerfile
View File

@ -27,6 +27,7 @@ RUN npm ci
COPY . . COPY . .
ENV APP_BUILD_HASH=${BUILD_HASH} ENV APP_BUILD_HASH=${BUILD_HASH}
ENV NODE_OPTIONS="--max_old_space_size=8192"
RUN npm run build RUN npm run build
######## WebUI backend ######## ######## WebUI backend ########

12
backend/open_webui/config.py
View File

@ -278,6 +278,18 @@ ENABLE_OAUTH_SIGNUP = PersistentConfig(
os.environ.get("ENABLE_OAUTH_SIGNUP", "False").lower() == "true", os.environ.get("ENABLE_OAUTH_SIGNUP", "False").lower() == "true",
) )
ENABLE_OAUTH_ROLE_MAPPING = PersistentConfig(
"ENABLE_OAUTH_ROLE_MAPPING",
"oauth.enable_role_mapping",
os.environ.get("ENABLE_OAUTH_ROLE_MAPPING", "False").lower() == "true",
)
OAUTH_ROLES_CLAIM = PersistentConfig(
"OAUTH_ROLES_CLAIM",
"oauth.roles_claim",
os.environ.get("OAUTH_ROLES_CLAIM", "roles"),
)
OAUTH_MERGE_ACCOUNTS_BY_EMAIL = PersistentConfig( OAUTH_MERGE_ACCOUNTS_BY_EMAIL = PersistentConfig(
"OAUTH_MERGE_ACCOUNTS_BY_EMAIL", "OAUTH_MERGE_ACCOUNTS_BY_EMAIL",
"oauth.merge_accounts_by_email", "oauth.merge_accounts_by_email",

27
backend/open_webui/main.py
View File

@ -2245,6 +2245,18 @@ async def oauth_callback(provider: str, request: Request, response: Response):
# Check if the user exists # Check if the user exists
user = Users.get_user_by_oauth_sub(provider_sub) user = Users.get_user_by_oauth_sub(provider_sub)
if user:
role = user.role
if Users.get_num_users() == 1:
role = "admin"
elif webui_app.state.config.ENABLE_OAUTH_ROLE_MAPPING:
oauth_roles = user_data.get(webui_app.state.config.OAUTH_ROLE_CLAIM)
if oauth_roles:
for allowed_role in ["pending", "user", "admin"]:
role = allowed_role if allowed_role in oauth_roles else role
if role != user.role:
Users.update_user_role_by_id(user.id, role)
if not user: if not user:
# If the user does not exist, check if merging is enabled # If the user does not exist, check if merging is enabled
if OAUTH_MERGE_ACCOUNTS_BY_EMAIL.value: if OAUTH_MERGE_ACCOUNTS_BY_EMAIL.value:
@ -2284,11 +2296,16 @@ async def oauth_callback(provider: str, request: Request, response: Response):
if not picture_url: if not picture_url:
picture_url = "/user.png" picture_url = "/user.png"
username_claim = webui_app.state.config.OAUTH_USERNAME_CLAIM username_claim = webui_app.state.config.OAUTH_USERNAME_CLAIM
role = (
"admin" role = webui_app.state.config.DEFAULT_USER_ROLE
if Users.get_num_users() == 0 if Users.get_num_users() == 0:
else webui_app.state.config.DEFAULT_USER_ROLE role = "admin"
) elif webui_app.state.config.ENABLE_OAUTH_ROLE_MAPPING:
oauth_roles = user_data.get(webui_app.state.config.OAUTH_ROLE_CLAIM)
if oauth_roles:
for allowed_role in ["pending", "user", "admin"]:
role = allowed_role if allowed_role in oauth_roles else role
user = Auths.insert_new_auth( user = Auths.insert_new_auth(
email=email, email=email,
password=get_password_hash( password=get_password_hash(