mirror of
https://github.com/open-webui/open-webui.git
synced 2026-02-24 12:11:56 +01:00
a0c82c8e4c
The signup_handler function checks has_users() before inserting a new user and assigns the admin role based on that check. With multiple uvicorn workers, concurrent signup requests during first-user registration can all observe an empty user table before any insert completes, causing multiple accounts to receive the admin role. Fix: insert with the default role first, then check user count after the insert. Only promote to admin if this is the only user in the database. This eliminates the TOCTOU window between the check and the insert.