added ability to set user name for federated auth

this commit adds an optional environment variable named `WEBUI_AUTH_TRUSTED_NAME_HEADER`, which sets the user's name to the contents of that header. this only happens if the user is just being created, just like how the trusted e-mail header works. if the environment variable or header is not present, we fall back to the original behavior which is to re-use the user e-mail address. Co-Authored-By: Nikita Borzykh <sample@fastmail.com>
2025-01-18 00:30:51 +00:00 · 2024-06-15 17:34:11 -02:30 · 2024-06-15 17:34:11 -02:30 · c00a6fa02a
commit c00a6fa02a
parent 8e62c36148
3 changed files with 10 additions and 2 deletions
--- a/backend/apps/webui/main.py
+++ b/backend/apps/webui/main.py
@ -25,6 +25,7 @@ from config import (
    USER_PERMISSIONS,
    WEBHOOK_URL,
    WEBUI_AUTH_TRUSTED_EMAIL_HEADER,
+    WEBUI_AUTH_TRUSTED_NAME_HEADER,
    JWT_EXPIRES_IN,
    WEBUI_BANNERS,
    ENABLE_COMMUNITY_SHARING,
@ -40,6 +41,7 @@ app.state.config = AppConfig()
 app.state.config.ENABLE_SIGNUP = ENABLE_SIGNUP
 app.state.config.JWT_EXPIRES_IN = JWT_EXPIRES_IN
 app.state.AUTH_TRUSTED_EMAIL_HEADER = WEBUI_AUTH_TRUSTED_EMAIL_HEADER
+app.state.AUTH_TRUSTED_NAME_HEADER = WEBUI_AUTH_TRUSTED_NAME_HEADER


 app.state.config.SHOW_ADMIN_DETAILS = SHOW_ADMIN_DETAILS
--- a/backend/apps/webui/routers/auths.py
+++ b/backend/apps/webui/routers/auths.py
@ -33,7 +33,7 @@ from utils.utils import (
 from utils.misc import parse_duration, validate_email_format
 from utils.webhook import post_webhook
 from constants import ERROR_MESSAGES, WEBHOOK_MESSAGES
-from config import WEBUI_AUTH, WEBUI_AUTH_TRUSTED_EMAIL_HEADER
+from config import WEBUI_AUTH, WEBUI_AUTH_TRUSTED_EMAIL_HEADER, WEBUI_AUTH_TRUSTED_NAME_HEADER

 router = APIRouter()

@ -110,11 +110,14 @@ async def signin(request: Request, form_data: SigninForm):
            raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_TRUSTED_HEADER)

        trusted_email = request.headers[WEBUI_AUTH_TRUSTED_EMAIL_HEADER].lower()
+        trusted_name = trusted_email
+        if WEBUI_AUTH_TRUSTED_NAME_HEADER:
+            trusted_name = request.headers.get(WEBUI_AUTH_TRUSTED_NAME_HEADER, trusted_email)
        if not Users.get_user_by_email(trusted_email.lower()):
            await signup(
                request,
                SignupForm(
-                    email=trusted_email, password=str(uuid.uuid4()), name=trusted_email
+                    email=trusted_email, password=str(uuid.uuid4()), name=trusted_name
                ),
            )
        user = Auths.authenticate_user_by_trusted_header(trusted_email)
--- a/backend/config.py
+++ b/backend/config.py
@ -294,6 +294,9 @@ WEBUI_AUTH = os.environ.get("WEBUI_AUTH", "True").lower() == "true"
 WEBUI_AUTH_TRUSTED_EMAIL_HEADER = os.environ.get(
    "WEBUI_AUTH_TRUSTED_EMAIL_HEADER", None
 )
+WEBUI_AUTH_TRUSTED_NAME_HEADER = os.environ.get(
+    "WEBUI_AUTH_TRUSTED_NAME_HEADER", None
+)
 JWT_EXPIRES_IN = PersistentConfig(
    "JWT_EXPIRES_IN", "auth.jwt_expiry", os.environ.get("JWT_EXPIRES_IN", "-1")
 )