backend/open_webui/models/auths.py

import logging
import uuid
from typing import Optional

from open_webui.internal.db import Base, get_db
from open_webui.models.users import UserModel, Users
from open_webui.env import SRC_LOG_LEVELS
from pydantic import BaseModel
from sqlalchemy import Boolean, Column, String, Text
from open_webui.utils.auth import verify_password

log = logging.getLogger(__name__)
log.setLevel(SRC_LOG_LEVELS["MODELS"])

####################
# DB MODEL
####################


class Auth(Base):
    __tablename__ = "auth"

    id = Column(String, primary_key=True)
    email = Column(String)
    password = Column(Text)
    active = Column(Boolean)


class AuthModel(BaseModel):
    id: str
    email: str
    password: str
    active: bool = True


####################
# Forms
####################


class Token(BaseModel):
    token: str
    token_type: str


class ApiKey(BaseModel):
    api_key: Optional[str] = None


class UserResponse(BaseModel):
    id: str
    email: str
    name: str
    role: str
    profile_image_url: str


class SigninResponse(Token, UserResponse):
    pass


class SigninForm(BaseModel):
    email: str
    password: str


class LdapForm(BaseModel):
    user: str
    password: str


class ProfileImageUrlForm(BaseModel):
    profile_image_url: str


class UpdateProfileForm(BaseModel):
    profile_image_url: str
    name: str


class UpdatePasswordForm(BaseModel):
    password: str
    new_password: str


class SignupForm(BaseModel):
    name: str
    email: str
    password: str
    profile_image_url: Optional[str] = "/user.png"


class AddUserForm(SignupForm):
    role: Optional[str] = "pending"


class AuthsTable:
    def insert_new_auth(
        self,
        email: str,
        password: str,
        name: str,
        profile_image_url: str = "/user.png",
        role: str = "pending",
        oauth_sub: Optional[str] = None,
    ) -> Optional[UserModel]:
        with get_db() as db:
            log.info("insert_new_auth")

            id = str(uuid.uuid4())

            auth = AuthModel(
                **{"id": id, "email": email, "password": password, "active": True}
            )
            result = Auth(**auth.model_dump())
            db.add(result)

            user = Users.insert_new_user(
                id, name, email, profile_image_url, role, oauth_sub
            )

            db.commit()
            db.refresh(result)

            if result and user:
                return user
            else:
                return None

    def authenticate_user(self, email: str, password: str) -> Optional[UserModel]:
        log.info(f"authenticate_user: {email}")
        try:
            with get_db() as db:
                auth = db.query(Auth).filter_by(email=email, active=True).first()
                if auth:
                    if verify_password(password, auth.password):
                        user = Users.get_user_by_id(auth.id)
                        return user
                    else:
                        return None
                else:
                    return None
        except Exception:
            return None

    def authenticate_user_by_api_key(self, api_key: str) -> Optional[UserModel]:
        log.info(f"authenticate_user_by_api_key: {api_key}")
        # if no api_key, return None
        if not api_key:
            return None

        try:
            user = Users.get_user_by_api_key(api_key)
            return user if user else None
        except Exception:
            return False

    def authenticate_user_by_trusted_header(self, email: str) -> Optional[UserModel]:
        log.info(f"authenticate_user_by_trusted_header: {email}")
        try:
            with get_db() as db:
                auth = db.query(Auth).filter_by(email=email, active=True).first()
                if auth:
                    user = Users.get_user_by_id(auth.id)
                    return user
        except Exception:
            return None

    def update_user_password_by_id(self, id: str, new_password: str) -> bool:
        try:
            with get_db() as db:
                result = (
                    db.query(Auth).filter_by(id=id).update({"password": new_password})
                )
                db.commit()
                return True if result == 1 else False
        except Exception:
            return False

    def update_email_by_id(self, id: str, email: str) -> bool:
        try:
            with get_db() as db:
                result = db.query(Auth).filter_by(id=id).update({"email": email})
                db.commit()
                return True if result == 1 else False
        except Exception:
            return False

    def delete_auth_by_id(self, id: str) -> bool:
        try:
            with get_db() as db:
                # Delete User
                result = Users.delete_user_by_id(id)

                if result:
                    db.query(Auth).filter_by(id=id).delete()
                    db.commit()

                    return True
                else:
                    return False
        except Exception:
            return False


Auths = AuthsTable()
Migrate to python logging module with env var control. 2024-03-20 17:11:36 -06:00			`import logging`
sort and fix backend imports 2024-08-28 00:10:27 +02:00			`import uuid`
			`from typing import Optional`
feat: multi-user support w/ RBAC 2023-11-18 16:47:12 -08:00
wip 2024-12-10 00:54:13 -08:00			`from open_webui.internal.db import Base, get_db`
			`from open_webui.models.users import UserModel, Users`
refac: mv backend files to /open_webui dir 2024-09-04 16:54:48 +02:00			`from open_webui.env import SRC_LOG_LEVELS`
sort and fix backend imports 2024-08-28 00:10:27 +02:00			`from pydantic import BaseModel`
			`from sqlalchemy import Boolean, Column, String, Text`
refac 2024-12-08 16:01:56 -08:00			`from open_webui.utils.auth import verify_password`
chore: py formatting 2024-03-31 01:13:39 -07:00
Migrate to python logging module with env var control. 2024-03-20 17:11:36 -06:00			`log = logging.getLogger(__name__)`
			`log.setLevel(SRC_LOG_LEVELS["MODELS"])`

feat: multi-user support w/ RBAC 2023-11-18 16:47:12 -08:00			`####################`
			`# DB MODEL`
			`####################`


feat(sqlalchemy): Replace peewee with sqlalchemy 2024-06-18 15:03:31 +02:00			`class Auth(Base):`
			`__tablename__ = "auth"`
feat: db migration to sqlite 2023-12-25 21:44:28 -08:00
feat(sqlalchemy): Replace peewee with sqlalchemy 2024-06-18 15:03:31 +02:00			`id = Column(String, primary_key=True)`
			`email = Column(String)`
feat(sqlalchemy): fix wrong column types 2024-06-24 13:21:51 +02:00			`password = Column(Text)`
feat(sqlalchemy): Replace peewee with sqlalchemy 2024-06-18 15:03:31 +02:00			`active = Column(Boolean)`
feat: db migration to sqlite 2023-12-25 21:44:28 -08:00

feat: multi-user support w/ RBAC 2023-11-18 16:47:12 -08:00			`class AuthModel(BaseModel):`
			`id: str`
			`email: str`
			`password: str`
			`active: bool = True`


			`####################`
			`# Forms`
			`####################`


			`class Token(BaseModel):`
			`token: str`
			`token_type: str`

fix 2024-04-02 09:18:15 -07:00
backend support api key 2024-03-26 18:22:17 +08:00			`class ApiKey(BaseModel):`
			`api_key: Optional[str] = None`
feat: multi-user support w/ RBAC 2023-11-18 16:47:12 -08:00
fix 2024-04-02 09:18:15 -07:00
feat: multi-user support w/ RBAC 2023-11-18 16:47:12 -08:00			`class UserResponse(BaseModel):`
			`id: str`
			`email: str`
			`name: str`
			`role: str`
feat: basic RBAC support 2023-11-18 21:41:43 -08:00			`profile_image_url: str`
feat: multi-user support w/ RBAC 2023-11-18 16:47:12 -08:00

			`class SigninResponse(Token, UserResponse):`
			`pass`


			`class SigninForm(BaseModel):`
			`email: str`
			`password: str`


feat: LDAP User management LDAP will be used as default if no other auth form is enabled. LDAP now will work with ENABLE_LOGIN_FORM = false. Fixed exception "User does not match the record." Now LDAP login is case insensitive. Integrated with onboarding feature. 2024-11-06 03:20:54 +05:00			`class LdapForm(BaseModel):`
			`user: str`
			`password: str`


feat: profile image update backend 2024-01-26 20:27:45 -08:00			`class ProfileImageUrlForm(BaseModel):`
			`profile_image_url: str`


feat: profile update frontend integration 2024-01-26 21:22:25 -08:00			`class UpdateProfileForm(BaseModel):`
			`profile_image_url: str`
			`name: str`


feat: change password support 2023-12-29 00:12:30 -08:00			`class UpdatePasswordForm(BaseModel):`
			`password: str`
			`new_password: str`


feat: multi-user support w/ RBAC 2023-11-18 16:47:12 -08:00			`class SignupForm(BaseModel):`
			`name: str`
			`email: str`
			`password: str`
refac 2024-04-06 23:16:29 -07:00			`profile_image_url: Optional[str] = "/user.png"`
feat: multi-user support w/ RBAC 2023-11-18 16:47:12 -08:00

refac: styling 2024-05-01 17:55:18 -07:00			`class AddUserForm(SignupForm):`
feat: add user from admin panel 2024-05-01 18:06:02 -07:00			`role: Optional[str] = "pending"`
refac: styling 2024-05-01 17:55:18 -07:00

feat: multi-user support w/ RBAC 2023-11-18 16:47:12 -08:00			`class AuthsTable:`
feat: edit user support 2024-01-05 20:59:56 -08:00			`def insert_new_auth(`
run npm run lint:backend 2024-04-04 01:10:51 -07:00			`self,`
			`email: str,`
			`password: str,`
			`name: str,`
refac 2024-04-06 23:16:29 -07:00			`profile_image_url: str = "/user.png",`
run npm run lint:backend 2024-04-04 01:10:51 -07:00			`role: str = "pending",`
feat: experimental SSO support for Google, Microsoft, and OIDC 2024-05-26 08:37:09 +01:00			`oauth_sub: Optional[str] = None,`
feat: edit user support 2024-01-05 20:59:56 -08:00			`) -> Optional[UserModel]:`
Update auths.py 2024-07-04 00:25:45 -07:00			`with get_db() as db:`
			`log.info("insert_new_auth")`
feat: multi-user support w/ RBAC 2023-11-18 16:47:12 -08:00
Update auths.py 2024-07-04 00:25:45 -07:00			`id = str(uuid.uuid4())`
feat: db migration to sqlite 2023-12-25 21:44:28 -08:00
Update auths.py 2024-07-04 00:25:45 -07:00			`auth = AuthModel(`
			`**{"id": id, "email": email, "password": password, "active": True}`
			`)`
			`result = Auth(**auth.model_dump())`
			`db.add(result)`
feat: multi-user support w/ RBAC 2023-11-18 16:47:12 -08:00
Update auths.py 2024-07-04 00:25:45 -07:00			`user = Users.insert_new_user(`
			`id, name, email, profile_image_url, role, oauth_sub`
			`)`
feat(sqlalchemy): Replace peewee with sqlalchemy 2024-06-18 15:03:31 +02:00
Update auths.py 2024-07-04 00:25:45 -07:00			`db.commit()`
			`db.refresh(result)`

			`if result and user:`
			`return user`
			`else:`
			`return None`
feat: multi-user support w/ RBAC 2023-11-18 16:47:12 -08:00
feat(sqlalchemy): format backend 2024-06-24 09:57:08 +02:00			`def authenticate_user(self, email: str, password: str) -> Optional[UserModel]:`
Migrate to python logging module with env var control. 2024-03-20 17:11:36 -06:00			`log.info(f"authenticate_user: {email}")`
feat(sqlalchemy): use session factory instead of context manager 2024-06-24 13:06:15 +02:00			`try:`
Update auths.py 2024-07-04 00:25:45 -07:00			`with get_db() as db:`
			`auth = db.query(Auth).filter_by(email=email, active=True).first()`
			`if auth:`
			`if verify_password(password, auth.password):`
			`user = Users.get_user_by_id(auth.id)`
			`return user`
			`else:`
			`return None`
fix: chat model schema 2023-12-25 23:43:21 -08:00			`else:`
			`return None`
replace except: with except Exception: 2024-08-14 13:38:19 +01:00			`except Exception:`
feat(sqlalchemy): use session factory instead of context manager 2024-06-24 13:06:15 +02:00			`return None`
feat: multi-user support w/ RBAC 2023-11-18 16:47:12 -08:00
feat(sqlalchemy): format backend 2024-06-24 09:57:08 +02:00			`def authenticate_user_by_api_key(self, api_key: str) -> Optional[UserModel]:`
backend support api key 2024-03-26 18:22:17 +08:00			`log.info(f"authenticate_user_by_api_key: {api_key}")`
feat(sqlalchemy): use session factory instead of context manager 2024-06-24 13:06:15 +02:00			`# if no api_key, return None`
			`if not api_key:`
			`return None`
fix 2024-04-02 09:18:15 -07:00
feat(sqlalchemy): use session factory instead of context manager 2024-06-24 13:06:15 +02:00			`try:`
			`user = Users.get_user_by_api_key(api_key)`
			`return user if user else None`
replace except: with except Exception: 2024-08-14 13:38:19 +01:00			`except Exception:`
feat(sqlalchemy): use session factory instead of context manager 2024-06-24 13:06:15 +02:00			`return False`
fix 2024-04-02 09:18:15 -07:00
feat(sqlalchemy): format backend 2024-06-24 09:57:08 +02:00			`def authenticate_user_by_trusted_header(self, email: str) -> Optional[UserModel]:`
feat: add WEBUI_AUTH_TRUSTED_EMAIL_HEADER for authenticating users by a trusted header This is very yolo code, use at your own risk 2024-03-26 21:30:53 +00:00			`log.info(f"authenticate_user_by_trusted_header: {email}")`
feat(sqlalchemy): use session factory instead of context manager 2024-06-24 13:06:15 +02:00			`try:`
Update auths.py 2024-07-04 00:25:45 -07:00			`with get_db() as db:`
fix: db 2024-07-10 13:35:52 -07:00			`auth = db.query(Auth).filter_by(email=email, active=True).first()`
Update auths.py 2024-07-04 00:25:45 -07:00			`if auth:`
			`user = Users.get_user_by_id(auth.id)`
			`return user`
replace except: with except Exception: 2024-08-14 13:38:19 +01:00			`except Exception:`
feat(sqlalchemy): use session factory instead of context manager 2024-06-24 13:06:15 +02:00			`return None`
backend support api key 2024-03-26 18:22:17 +08:00
feat(sqlalchemy): format backend 2024-06-24 09:57:08 +02:00			`def update_user_password_by_id(self, id: str, new_password: str) -> bool:`
feat(sqlalchemy): use session factory instead of context manager 2024-06-24 13:06:15 +02:00			`try:`
Update auths.py 2024-07-04 00:25:45 -07:00			`with get_db() as db:`
			`result = (`
			`db.query(Auth).filter_by(id=id).update({"password": new_password})`
			`)`
fix password update in AuthsTable model 2024-07-07 22:27:26 +01:00			`db.commit()`
Update auths.py 2024-07-04 00:25:45 -07:00			`return True if result == 1 else False`
replace except: with except Exception: 2024-08-14 13:38:19 +01:00			`except Exception:`
feat(sqlalchemy): use session factory instead of context manager 2024-06-24 13:06:15 +02:00			`return False`
feat(sqlalchemy): remove session reference from router 2024-06-21 14:58:57 +02:00
			`def update_email_by_id(self, id: str, email: str) -> bool:`
feat(sqlalchemy): use session factory instead of context manager 2024-06-24 13:06:15 +02:00			`try:`
Update auths.py 2024-07-04 00:25:45 -07:00			`with get_db() as db:`
			`result = db.query(Auth).filter_by(id=id).update({"email": email})`
fix email update in AuthsTable model 2024-07-07 22:07:12 +01:00			`db.commit()`
Update auths.py 2024-07-04 00:25:45 -07:00			`return True if result == 1 else False`
replace except: with except Exception: 2024-08-14 13:38:19 +01:00			`except Exception:`
feat(sqlalchemy): use session factory instead of context manager 2024-06-24 13:06:15 +02:00			`return False`
feat(sqlalchemy): remove session reference from router 2024-06-21 14:58:57 +02:00
			`def delete_auth_by_id(self, id: str) -> bool:`
feat(sqlalchemy): use session factory instead of context manager 2024-06-24 13:06:15 +02:00			`try:`
Update auths.py 2024-07-04 00:25:45 -07:00			`with get_db() as db:`
			`# Delete User`
			`result = Users.delete_user_by_id(id)`
feat(sqlalchemy): remove session reference from router 2024-06-21 14:58:57 +02:00
Update auths.py 2024-07-04 00:25:45 -07:00			`if result:`
			`db.query(Auth).filter_by(id=id).delete()`
fix: delete 2024-07-06 08:10:58 -07:00			`db.commit()`
Update auths.py 2024-07-04 00:25:45 -07:00
			`return True`
			`else:`
			`return False`
replace except: with except Exception: 2024-08-14 13:38:19 +01:00			`except Exception:`
feat(sqlalchemy): use session factory instead of context manager 2024-06-24 13:06:15 +02:00			`return False`
fix: delete auth with user 2023-12-28 23:24:51 -08:00
feat: multi-user support w/ RBAC 2023-11-18 16:47:12 -08:00
feat(sqlalchemy): Replace peewee with sqlalchemy 2024-06-18 15:03:31 +02:00			`Auths = AuthsTable()`