Merge pull request #3499 from Semihal/fix-oauth-openid

fix: First OIDC account is not admin
2025-01-18 00:30:51 +00:00 · 2024-06-29 13:15:42 -07:00 · 2024-06-29 13:15:42 -07:00 · d3a67b44cd
commit d3a67b44cd
parent 58398b6eeb 7d10dacad6
1 changed files with 7 additions and 2 deletions
--- a/backend/main.py
+++ b/backend/main.py
@ -1944,6 +1944,11 @@ async def oauth_callback(provider: str, request: Request, response: Response):
                    picture_url = ""
            if not picture_url:
                picture_url = "/user.png"
+            role = (
+                "admin"
+                if Users.get_num_users() == 0
+                else webui_app.state.config.DEFAULT_USER_ROLE
+            )
            user = Auths.insert_new_auth(
                email=email,
                password=get_password_hash(
@ -1951,7 +1956,7 @@ async def oauth_callback(provider: str, request: Request, response: Response):
                ),  # Random password, not used
                name=user_data.get("name", "User"),
                profile_image_url=picture_url,
-                role=webui_app.state.config.DEFAULT_USER_ROLE,
+                role=role,
                oauth_sub=provider_sub,
            )

@ -1978,7 +1983,7 @@ async def oauth_callback(provider: str, request: Request, response: Response):
    # Set the cookie token
    response.set_cookie(
        key="token",
-        value=token,
+        value=jwt_token,
        httponly=True,  # Ensures the cookie is not accessible via JavaScript
    )