added ability to set user name for federated auth

this commit adds an optional environment variable named `WEBUI_AUTH_TRUSTED_NAME_HEADER`, which sets the user's name to the contents of that header. this only happens if the user is just being created, just like how the trusted e-mail header works. if the environment variable or header is not present, we fall back to the original behavior which is to re-use the user e-mail address. Co-Authored-By: Nikita Borzykh <sample@fastmail.com>

added ability to set user name for federated auth
this commit adds an optional environment variable named `WEBUI_AUTH_TRUSTED_NAME_HEADER`, which sets the user's name to the contents of that header. this only happens if the user is just being created, just like how the trusted e-mail header works. if the environment variable or header is not present, we fall back to the original behavior which is to re-use the user e-mail address. Co-Authored-By: Nikita Borzykh <sample@fastmail.com>
c00a6fa0 · John Karabudak · 8e62c361 · c00a6fa0 · c00a6fa0 · c00a6fa0
Commit c00a6fa0 authored Jun 15, 2024 by John Karabudak
Showing with 10 additions and 2 deletions

backend/apps/webui/main.py backend/apps/webui/main.py +2 -0

backend/apps/webui/routers/auths.py backend/apps/webui/routers/auths.py +5 -2

backend/config.py backend/config.py +3 -0

No files found.
--- a/backend/apps/webui/main.py
+++ b/backend/apps/webui/main.py
@@ -25,6 +25,7 @@ from config import (
    USER_PERMISSIONS,
    WEBHOOK_URL,
    WEBUI_AUTH_TRUSTED_EMAIL_HEADER,
+    WEBUI_AUTH_TRUSTED_NAME_HEADER,
    JWT_EXPIRES_IN,
    WEBUI_BANNERS,
    ENABLE_COMMUNITY_SHARING,
@@ -40,6 +41,7 @@ app.state.config = AppConfig()
 app.state.config.ENABLE_SIGNUP = ENABLE_SIGNUP
 app.state.config.JWT_EXPIRES_IN = JWT_EXPIRES_IN
 app.state.AUTH_TRUSTED_EMAIL_HEADER = WEBUI_AUTH_TRUSTED_EMAIL_HEADER
+app.state.AUTH_TRUSTED_NAME_HEADER = WEBUI_AUTH_TRUSTED_NAME_HEADER


 app.state.config.SHOW_ADMIN_DETAILS = SHOW_ADMIN_DETAILS

--- a/backend/apps/webui/routers/auths.py
+++ b/backend/apps/webui/routers/auths.py
@@ -33,7 +33,7 @@ from utils.utils import (
 from utils.misc import parse_duration, validate_email_format
 from utils.webhook import post_webhook
 from constants import ERROR_MESSAGES, WEBHOOK_MESSAGES
-from config import WEBUI_AUTH, WEBUI_AUTH_TRUSTED_EMAIL_HEADER
+from config import WEBUI_AUTH, WEBUI_AUTH_TRUSTED_EMAIL_HEADER, WEBUI_AUTH_TRUSTED_NAME_HEADER

 router = APIRouter()

@@ -110,11 +110,14 @@ async def signin(request: Request, form_data: SigninForm):
            raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_TRUSTED_HEADER)

        trusted_email = request.headers[WEBUI_AUTH_TRUSTED_EMAIL_HEADER].lower()
+        trusted_name = trusted_email
+        if WEBUI_AUTH_TRUSTED_NAME_HEADER:
+            trusted_name = request.headers.get(WEBUI_AUTH_TRUSTED_NAME_HEADER, trusted_email)
        if not Users.get_user_by_email(trusted_email.lower()):
            await signup(
                request,
                SignupForm(
-                    email=trusted_email, password=str(uuid.uuid4()), name=trusted_email
+                    email=trusted_email, password=str(uuid.uuid4()), name=trusted_name
                ),
            )
        user = Auths.authenticate_user_by_trusted_header(trusted_email)

--- a/backend/config.py
+++ b/backend/config.py
@@ -294,6 +294,9 @@ WEBUI_AUTH = os.environ.get("WEBUI_AUTH", "True").lower() == "true"
 WEBUI_AUTH_TRUSTED_EMAIL_HEADER = os.environ.get(
    "WEBUI_AUTH_TRUSTED_EMAIL_HEADER", None
 )
+WEBUI_AUTH_TRUSTED_NAME_HEADER = os.environ.get(
+    "WEBUI_AUTH_TRUSTED_NAME_HEADER", None
+)
 JWT_EXPIRES_IN = PersistentConfig(
    "JWT_EXPIRES_IN", "auth.jwt_expiry", os.environ.get("JWT_EXPIRES_IN", "-1")
 )