From c00a6fa02a86b92859f2b269c195436427b44f39 Mon Sep 17 00:00:00 2001 From: John Karabudak Date: Sat, 15 Jun 2024 17:34:11 -0230 Subject: [PATCH] added ability to set user name for federated auth this commit adds an optional environment variable named `WEBUI_AUTH_TRUSTED_NAME_HEADER`, which sets the user's name to the contents of that header. this only happens if the user is just being created, just like how the trusted e-mail header works. if the environment variable or header is not present, we fall back to the original behavior which is to re-use the user e-mail address. Co-Authored-By: Nikita Borzykh --- backend/apps/webui/main.py | 2 ++ backend/apps/webui/routers/auths.py | 7 +++++-- backend/config.py | 3 +++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/backend/apps/webui/main.py b/backend/apps/webui/main.py index 62a0a7a7b..190d2d1c3 100644 --- a/backend/apps/webui/main.py +++ b/backend/apps/webui/main.py @@ -25,6 +25,7 @@ from config import ( USER_PERMISSIONS, WEBHOOK_URL, WEBUI_AUTH_TRUSTED_EMAIL_HEADER, + WEBUI_AUTH_TRUSTED_NAME_HEADER, JWT_EXPIRES_IN, WEBUI_BANNERS, ENABLE_COMMUNITY_SHARING, @@ -40,6 +41,7 @@ app.state.config = AppConfig() app.state.config.ENABLE_SIGNUP = ENABLE_SIGNUP app.state.config.JWT_EXPIRES_IN = JWT_EXPIRES_IN app.state.AUTH_TRUSTED_EMAIL_HEADER = WEBUI_AUTH_TRUSTED_EMAIL_HEADER +app.state.AUTH_TRUSTED_NAME_HEADER = WEBUI_AUTH_TRUSTED_NAME_HEADER app.state.config.SHOW_ADMIN_DETAILS = SHOW_ADMIN_DETAILS diff --git a/backend/apps/webui/routers/auths.py b/backend/apps/webui/routers/auths.py index d45879a24..6c4941475 100644 --- a/backend/apps/webui/routers/auths.py +++ b/backend/apps/webui/routers/auths.py @@ -33,7 +33,7 @@ from utils.utils import ( from utils.misc import parse_duration, validate_email_format from utils.webhook import post_webhook from constants import ERROR_MESSAGES, WEBHOOK_MESSAGES -from config import WEBUI_AUTH, WEBUI_AUTH_TRUSTED_EMAIL_HEADER +from config import WEBUI_AUTH, WEBUI_AUTH_TRUSTED_EMAIL_HEADER, WEBUI_AUTH_TRUSTED_NAME_HEADER router = APIRouter() @@ -110,11 +110,14 @@ async def signin(request: Request, form_data: SigninForm): raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_TRUSTED_HEADER) trusted_email = request.headers[WEBUI_AUTH_TRUSTED_EMAIL_HEADER].lower() + trusted_name = trusted_email + if WEBUI_AUTH_TRUSTED_NAME_HEADER: + trusted_name = request.headers.get(WEBUI_AUTH_TRUSTED_NAME_HEADER, trusted_email) if not Users.get_user_by_email(trusted_email.lower()): await signup( request, SignupForm( - email=trusted_email, password=str(uuid.uuid4()), name=trusted_email + email=trusted_email, password=str(uuid.uuid4()), name=trusted_name ), ) user = Auths.authenticate_user_by_trusted_header(trusted_email) diff --git a/backend/config.py b/backend/config.py index 5d3b1e53f..f3f85202c 100644 --- a/backend/config.py +++ b/backend/config.py @@ -294,6 +294,9 @@ WEBUI_AUTH = os.environ.get("WEBUI_AUTH", "True").lower() == "true" WEBUI_AUTH_TRUSTED_EMAIL_HEADER = os.environ.get( "WEBUI_AUTH_TRUSTED_EMAIL_HEADER", None ) +WEBUI_AUTH_TRUSTED_NAME_HEADER = os.environ.get( + "WEBUI_AUTH_TRUSTED_NAME_HEADER", None +) JWT_EXPIRES_IN = PersistentConfig( "JWT_EXPIRES_IN", "auth.jwt_expiry", os.environ.get("JWT_EXPIRES_IN", "-1") )