ti.sil/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2025-12-14 21:35:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
open-webui/backend/open_webui/routers/configs.py

548 lines
19 KiB
Python
Raw Normal View History

refac
2025-04-05 10:05:52 +00:00
from fastapi import APIRouter, Depends, Request, HTTPException
from pydantic import BaseModel, ConfigDict
fix: openai issue
2024-01-03 00:48:10 +00:00
fix: models configure
2024-11-26 16:55:06 +00:00
from typing import Optional
feat: Add SCIM 2.0 support for enterprise user provisioning Implements SCIM 2.0 protocol for automated user and group provisioning from identity providers like Okta, Azure AD, and Google Workspace. Backend changes: - Add SCIM configuration with PersistentConfig for database persistence - Implement SCIM 2.0 endpoints (Users, Groups, ServiceProviderConfig) - Add bearer token authentication for SCIM requests - Include comprehensive test coverage for SCIM functionality Frontend changes: - Add SCIM admin settings page with token generation - Implement SCIM configuration management UI - Add save functionality and proper error handling - Include SCIM statistics display 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-13 14:34:41 +00:00
from datetime import datetime, timedelta
import secrets
import string
feat: import/export config
2024-09-03 19:16:07 +00:00
refac
2024-12-09 00:01:56 +00:00
from open_webui.utils.auth import get_admin_user, get_verified_user
refac: mv backend files to /open_webui dir
2024-09-04 14:54:48 +00:00
from open_webui.config import get_config, save_config
fix: models configure
2024-11-26 16:55:06 +00:00
from open_webui.config import BannerModel
feat: Add SCIM 2.0 support for enterprise user provisioning Implements SCIM 2.0 protocol for automated user and group provisioning from identity providers like Okta, Azure AD, and Google Workspace. Backend changes: - Add SCIM configuration with PersistentConfig for database persistence - Implement SCIM 2.0 endpoints (Users, Groups, ServiceProviderConfig) - Add bearer token authentication for SCIM requests - Include comprehensive test coverage for SCIM functionality Frontend changes: - Add SCIM admin settings page with token generation - Implement SCIM configuration management UI - Add save functionality and proper error handling - Include SCIM statistics display 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-13 14:34:41 +00:00
from open_webui.models.users import Users
from open_webui.models.groups import Groups
from open_webui.env import WEBUI_AUTH
fix: models configure
2024-11-26 16:55:06 +00:00
refac
2025-04-05 10:05:52 +00:00
from open_webui.utils.tools import get_tool_server_data, get_tool_servers_data
feat: import/export config
2024-09-03 19:16:07 +00:00
fix: openai issue
2024-01-03 00:48:10 +00:00
router = APIRouter()
feat: import/export config
2024-09-03 19:16:07 +00:00
############################
# ImportConfig
############################
class ImportConfigForm(BaseModel):
config: dict
@router.post("/import", response_model=dict)
async def import_config(form_data: ImportConfigForm, user=Depends(get_admin_user)):
save_config(form_data.config)
return get_config()
############################
# ExportConfig
############################
@router.get("/export", response_model=dict)
async def export_config(user=Depends(get_admin_user)):
return get_config()
feat: direct api settings backend
2025-02-12 06:29:45 +00:00
############################
refac
2025-02-12 07:12:00 +00:00
# Direct Connections Config
feat: direct api settings backend
2025-02-12 06:29:45 +00:00
############################
refac
2025-02-12 07:13:48 +00:00
class DirectConnectionsConfigForm(BaseModel):
refac
2025-02-12 07:12:00 +00:00
ENABLE_DIRECT_CONNECTIONS: bool
feat: direct api settings backend
2025-02-12 06:29:45 +00:00
refac
2025-02-12 07:13:48 +00:00
@router.get("/direct_connections", response_model=DirectConnectionsConfigForm)
refac
2025-02-12 07:12:00 +00:00
async def get_direct_connections_config(request: Request, user=Depends(get_admin_user)):
feat: direct api settings backend
2025-02-12 06:29:45 +00:00
return {
refac
2025-02-12 07:12:00 +00:00
"ENABLE_DIRECT_CONNECTIONS": request.app.state.config.ENABLE_DIRECT_CONNECTIONS,
feat: direct api settings backend
2025-02-12 06:29:45 +00:00
}
refac
2025-02-12 07:13:48 +00:00
@router.post("/direct_connections", response_model=DirectConnectionsConfigForm)
refac
2025-02-12 07:12:00 +00:00
async def set_direct_connections_config(
refac
2025-02-12 07:13:48 +00:00
request: Request,
form_data: DirectConnectionsConfigForm,
user=Depends(get_admin_user),
feat: direct api settings backend
2025-02-12 06:29:45 +00:00
):
refac
2025-02-12 07:12:00 +00:00
request.app.state.config.ENABLE_DIRECT_CONNECTIONS = (
form_data.ENABLE_DIRECT_CONNECTIONS
)
feat: direct api settings backend
2025-02-12 06:29:45 +00:00
return {
refac
2025-02-12 07:12:00 +00:00
"ENABLE_DIRECT_CONNECTIONS": request.app.state.config.ENABLE_DIRECT_CONNECTIONS,
feat: direct api settings backend
2025-02-12 06:29:45 +00:00
}
refac
2025-04-05 10:05:52 +00:00
############################
# ToolServers Config
############################
class ToolServerConnection(BaseModel):
url: str
path: str
auth_type: Optional[str]
key: Optional[str]
config: Optional[dict]
model_config = ConfigDict(extra="allow")
class ToolServersConfigForm(BaseModel):
TOOL_SERVER_CONNECTIONS: list[ToolServerConnection]
@router.get("/tool_servers", response_model=ToolServersConfigForm)
async def get_tool_servers_config(request: Request, user=Depends(get_admin_user)):
return {
"TOOL_SERVER_CONNECTIONS": request.app.state.config.TOOL_SERVER_CONNECTIONS,
}
@router.post("/tool_servers", response_model=ToolServersConfigForm)
async def set_tool_servers_config(
request: Request,
form_data: ToolServersConfigForm,
user=Depends(get_admin_user),
):
refac
2025-04-05 10:12:57 +00:00
request.app.state.config.TOOL_SERVER_CONNECTIONS = [
connection.model_dump() for connection in form_data.TOOL_SERVER_CONNECTIONS
]
refac
2025-04-05 10:05:52 +00:00
request.app.state.TOOL_SERVERS = await get_tool_servers_data(
request.app.state.config.TOOL_SERVER_CONNECTIONS
)
return {
"TOOL_SERVER_CONNECTIONS": request.app.state.config.TOOL_SERVER_CONNECTIONS,
}
@router.post("/tool_servers/verify")
async def verify_tool_servers_config(
request: Request, form_data: ToolServerConnection, user=Depends(get_admin_user)
):
"""
Verify the connection to the tool server.
"""
try:
token = None
if form_data.auth_type == "bearer":
token = form_data.key
elif form_data.auth_type == "session":
token = request.state.token.credentials
url = f"{form_data.url}/{form_data.path}"
return await get_tool_server_data(token, url)
except Exception as e:
raise HTTPException(
status_code=400,
detail=f"Failed to connect to the tool server: {str(e)}",
)
enh: code interpreter jupyter support
2025-02-10 10:25:02 +00:00
############################
# CodeInterpreterConfig
############################
class CodeInterpreterConfigForm(BaseModel):
enh: enable_code_execution toggle Co-Authored-By: recrudesce <6450799+recrudesce@users.noreply.github.com>
2025-03-06 03:06:28 +00:00
ENABLE_CODE_EXECUTION: bool
enh: code execution settings
2025-02-18 00:25:50 +00:00
CODE_EXECUTION_ENGINE: str
CODE_EXECUTION_JUPYTER_URL: Optional[str]
CODE_EXECUTION_JUPYTER_AUTH: Optional[str]
CODE_EXECUTION_JUPYTER_AUTH_TOKEN: Optional[str]
CODE_EXECUTION_JUPYTER_AUTH_PASSWORD: Optional[str]
enh: configurable jupyter execution timeout
2025-02-20 01:05:37 +00:00
CODE_EXECUTION_JUPYTER_TIMEOUT: Optional[int]
enh: code interpreter jupyter support
2025-02-10 10:25:02 +00:00
ENABLE_CODE_INTERPRETER: bool
CODE_INTERPRETER_ENGINE: str
enh: custom code interpreter prompt
2025-02-12 05:36:16 +00:00
CODE_INTERPRETER_PROMPT_TEMPLATE: Optional[str]
enh: code interpreter jupyter support
2025-02-10 10:25:02 +00:00
CODE_INTERPRETER_JUPYTER_URL: Optional[str]
CODE_INTERPRETER_JUPYTER_AUTH: Optional[str]
CODE_INTERPRETER_JUPYTER_AUTH_TOKEN: Optional[str]
CODE_INTERPRETER_JUPYTER_AUTH_PASSWORD: Optional[str]
enh: configurable jupyter execution timeout
2025-02-20 01:05:37 +00:00
CODE_INTERPRETER_JUPYTER_TIMEOUT: Optional[int]
enh: code interpreter jupyter support
2025-02-10 10:25:02 +00:00
enh: code execution settings
2025-02-18 00:25:50 +00:00
@router.get("/code_execution", response_model=CodeInterpreterConfigForm)
async def get_code_execution_config(request: Request, user=Depends(get_admin_user)):
enh: code interpreter jupyter support
2025-02-10 10:25:02 +00:00
return {
enh: enable_code_execution toggle Co-Authored-By: recrudesce <6450799+recrudesce@users.noreply.github.com>
2025-03-06 03:06:28 +00:00
"ENABLE_CODE_EXECUTION": request.app.state.config.ENABLE_CODE_EXECUTION,
enh: code execution settings
2025-02-18 00:25:50 +00:00
"CODE_EXECUTION_ENGINE": request.app.state.config.CODE_EXECUTION_ENGINE,
"CODE_EXECUTION_JUPYTER_URL": request.app.state.config.CODE_EXECUTION_JUPYTER_URL,
"CODE_EXECUTION_JUPYTER_AUTH": request.app.state.config.CODE_EXECUTION_JUPYTER_AUTH,
"CODE_EXECUTION_JUPYTER_AUTH_TOKEN": request.app.state.config.CODE_EXECUTION_JUPYTER_AUTH_TOKEN,
"CODE_EXECUTION_JUPYTER_AUTH_PASSWORD": request.app.state.config.CODE_EXECUTION_JUPYTER_AUTH_PASSWORD,
enh: configurable jupyter execution timeout
2025-02-20 01:05:37 +00:00
"CODE_EXECUTION_JUPYTER_TIMEOUT": request.app.state.config.CODE_EXECUTION_JUPYTER_TIMEOUT,
enh: code interpreter jupyter support
2025-02-10 10:25:02 +00:00
"ENABLE_CODE_INTERPRETER": request.app.state.config.ENABLE_CODE_INTERPRETER,
"CODE_INTERPRETER_ENGINE": request.app.state.config.CODE_INTERPRETER_ENGINE,
enh: custom code interpreter prompt
2025-02-12 05:36:16 +00:00
"CODE_INTERPRETER_PROMPT_TEMPLATE": request.app.state.config.CODE_INTERPRETER_PROMPT_TEMPLATE,
enh: code interpreter jupyter support
2025-02-10 10:25:02 +00:00
"CODE_INTERPRETER_JUPYTER_URL": request.app.state.config.CODE_INTERPRETER_JUPYTER_URL,
"CODE_INTERPRETER_JUPYTER_AUTH": request.app.state.config.CODE_INTERPRETER_JUPYTER_AUTH,
"CODE_INTERPRETER_JUPYTER_AUTH_TOKEN": request.app.state.config.CODE_INTERPRETER_JUPYTER_AUTH_TOKEN,
"CODE_INTERPRETER_JUPYTER_AUTH_PASSWORD": request.app.state.config.CODE_INTERPRETER_JUPYTER_AUTH_PASSWORD,
enh: configurable jupyter execution timeout
2025-02-20 01:05:37 +00:00
"CODE_INTERPRETER_JUPYTER_TIMEOUT": request.app.state.config.CODE_INTERPRETER_JUPYTER_TIMEOUT,
enh: code interpreter jupyter support
2025-02-10 10:25:02 +00:00
}
enh: code execution settings
2025-02-18 00:25:50 +00:00
@router.post("/code_execution", response_model=CodeInterpreterConfigForm)
async def set_code_execution_config(
enh: code interpreter jupyter support
2025-02-10 10:25:02 +00:00
request: Request, form_data: CodeInterpreterConfigForm, user=Depends(get_admin_user)
):
enh: code execution settings
2025-02-18 00:25:50 +00:00
enh: enable_code_execution toggle Co-Authored-By: recrudesce <6450799+recrudesce@users.noreply.github.com>
2025-03-06 03:06:28 +00:00
request.app.state.config.ENABLE_CODE_EXECUTION = form_data.ENABLE_CODE_EXECUTION
enh: code execution settings
2025-02-18 00:25:50 +00:00
request.app.state.config.CODE_EXECUTION_ENGINE = form_data.CODE_EXECUTION_ENGINE
request.app.state.config.CODE_EXECUTION_JUPYTER_URL = (
form_data.CODE_EXECUTION_JUPYTER_URL
)
request.app.state.config.CODE_EXECUTION_JUPYTER_AUTH = (
form_data.CODE_EXECUTION_JUPYTER_AUTH
)
request.app.state.config.CODE_EXECUTION_JUPYTER_AUTH_TOKEN = (
form_data.CODE_EXECUTION_JUPYTER_AUTH_TOKEN
)
request.app.state.config.CODE_EXECUTION_JUPYTER_AUTH_PASSWORD = (
form_data.CODE_EXECUTION_JUPYTER_AUTH_PASSWORD
)
enh: configurable jupyter execution timeout
2025-02-20 01:05:37 +00:00
request.app.state.config.CODE_EXECUTION_JUPYTER_TIMEOUT = (
form_data.CODE_EXECUTION_JUPYTER_TIMEOUT
)
enh: code execution settings
2025-02-18 00:25:50 +00:00
enh: code interpreter jupyter support
2025-02-10 10:25:02 +00:00
request.app.state.config.ENABLE_CODE_INTERPRETER = form_data.ENABLE_CODE_INTERPRETER
request.app.state.config.CODE_INTERPRETER_ENGINE = form_data.CODE_INTERPRETER_ENGINE
enh: custom code interpreter prompt
2025-02-12 05:36:16 +00:00
request.app.state.config.CODE_INTERPRETER_PROMPT_TEMPLATE = (
form_data.CODE_INTERPRETER_PROMPT_TEMPLATE
)
enh: code interpreter jupyter support
2025-02-10 10:25:02 +00:00
request.app.state.config.CODE_INTERPRETER_JUPYTER_URL = (
form_data.CODE_INTERPRETER_JUPYTER_URL
)
request.app.state.config.CODE_INTERPRETER_JUPYTER_AUTH = (
form_data.CODE_INTERPRETER_JUPYTER_AUTH
)
request.app.state.config.CODE_INTERPRETER_JUPYTER_AUTH_TOKEN = (
form_data.CODE_INTERPRETER_JUPYTER_AUTH_TOKEN
)
request.app.state.config.CODE_INTERPRETER_JUPYTER_AUTH_PASSWORD = (
form_data.CODE_INTERPRETER_JUPYTER_AUTH_PASSWORD
)
enh: configurable jupyter execution timeout
2025-02-20 01:05:37 +00:00
request.app.state.config.CODE_INTERPRETER_JUPYTER_TIMEOUT = (
form_data.CODE_INTERPRETER_JUPYTER_TIMEOUT
)
enh: code interpreter jupyter support
2025-02-10 10:25:02 +00:00
return {
enh: enable_code_execution toggle Co-Authored-By: recrudesce <6450799+recrudesce@users.noreply.github.com>
2025-03-06 03:06:28 +00:00
"ENABLE_CODE_EXECUTION": request.app.state.config.ENABLE_CODE_EXECUTION,
enh: code execution settings
2025-02-18 00:25:50 +00:00
"CODE_EXECUTION_ENGINE": request.app.state.config.CODE_EXECUTION_ENGINE,
"CODE_EXECUTION_JUPYTER_URL": request.app.state.config.CODE_EXECUTION_JUPYTER_URL,
"CODE_EXECUTION_JUPYTER_AUTH": request.app.state.config.CODE_EXECUTION_JUPYTER_AUTH,
"CODE_EXECUTION_JUPYTER_AUTH_TOKEN": request.app.state.config.CODE_EXECUTION_JUPYTER_AUTH_TOKEN,
"CODE_EXECUTION_JUPYTER_AUTH_PASSWORD": request.app.state.config.CODE_EXECUTION_JUPYTER_AUTH_PASSWORD,
enh: configurable jupyter execution timeout
2025-02-20 01:05:37 +00:00
"CODE_EXECUTION_JUPYTER_TIMEOUT": request.app.state.config.CODE_EXECUTION_JUPYTER_TIMEOUT,
enh: code interpreter jupyter support
2025-02-10 10:25:02 +00:00
"ENABLE_CODE_INTERPRETER": request.app.state.config.ENABLE_CODE_INTERPRETER,
"CODE_INTERPRETER_ENGINE": request.app.state.config.CODE_INTERPRETER_ENGINE,
enh: custom code interpreter prompt
2025-02-12 05:36:16 +00:00
"CODE_INTERPRETER_PROMPT_TEMPLATE": request.app.state.config.CODE_INTERPRETER_PROMPT_TEMPLATE,
enh: code interpreter jupyter support
2025-02-10 10:25:02 +00:00
"CODE_INTERPRETER_JUPYTER_URL": request.app.state.config.CODE_INTERPRETER_JUPYTER_URL,
"CODE_INTERPRETER_JUPYTER_AUTH": request.app.state.config.CODE_INTERPRETER_JUPYTER_AUTH,
"CODE_INTERPRETER_JUPYTER_AUTH_TOKEN": request.app.state.config.CODE_INTERPRETER_JUPYTER_AUTH_TOKEN,
"CODE_INTERPRETER_JUPYTER_AUTH_PASSWORD": request.app.state.config.CODE_INTERPRETER_JUPYTER_AUTH_PASSWORD,
enh: configurable jupyter execution timeout
2025-02-20 01:05:37 +00:00
"CODE_INTERPRETER_JUPYTER_TIMEOUT": request.app.state.config.CODE_INTERPRETER_JUPYTER_TIMEOUT,
enh: code interpreter jupyter support
2025-02-10 10:25:02 +00:00
}
enh: reintroduce model order/default models
2024-11-26 08:55:58 +00:00
############################
# SetDefaultModels
############################
class ModelsConfigForm(BaseModel):
fix: models configure
2024-11-26 16:55:06 +00:00
DEFAULT_MODELS: Optional[str]
MODEL_ORDER_LIST: Optional[list[str]]
enh: reintroduce model order/default models
2024-11-26 08:55:58 +00:00
@router.get("/models", response_model=ModelsConfigForm)
async def get_models_config(request: Request, user=Depends(get_admin_user)):
return {
"DEFAULT_MODELS": request.app.state.config.DEFAULT_MODELS,
"MODEL_ORDER_LIST": request.app.state.config.MODEL_ORDER_LIST,
}
@router.post("/models", response_model=ModelsConfigForm)
async def set_models_config(
request: Request, form_data: ModelsConfigForm, user=Depends(get_admin_user)
):
request.app.state.config.DEFAULT_MODELS = form_data.DEFAULT_MODELS
request.app.state.config.MODEL_ORDER_LIST = form_data.MODEL_ORDER_LIST
return {
"DEFAULT_MODELS": request.app.state.config.DEFAULT_MODELS,
"MODEL_ORDER_LIST": request.app.state.config.MODEL_ORDER_LIST,
}
fix: openai issue
2024-01-03 00:48:10 +00:00
feat: custom interface support
2024-01-23 05:07:40 +00:00
class PromptSuggestion(BaseModel):
remove List imports
2024-08-14 12:46:31 +00:00
title: list[str]
feat: custom interface support
2024-01-23 05:07:40 +00:00
content: str
class SetDefaultSuggestionsForm(BaseModel):
remove List imports
2024-08-14 12:46:31 +00:00
suggestions: list[PromptSuggestion]
feat: custom interface support
2024-01-23 05:07:40 +00:00
enh: reintroduce model order/default models
2024-11-26 08:55:58 +00:00
@router.post("/suggestions", response_model=list[PromptSuggestion])
async def set_default_suggestions(
feat: custom interface support
2024-01-23 05:07:40 +00:00
request: Request,
form_data: SetDefaultSuggestionsForm,
Endpoint role-checking was redundantly applied but FastAPI provides a nice abstraction mechanic...so I applied it. There should be no logical changes in this code; only simpler, cleaner ways for doing the same thing.
2024-02-09 00:05:01 +00:00
user=Depends(get_admin_user),
feat: custom interface support
2024-01-23 05:07:40 +00:00
):
Endpoint role-checking was redundantly applied but FastAPI provides a nice abstraction mechanic...so I applied it. There should be no logical changes in this code; only simpler, cleaner ways for doing the same thing.
2024-02-09 00:05:01 +00:00
data = form_data.model_dump()
feat: switch to config proxy, remove config_get/set
2024-05-10 07:03:24 +00:00
request.app.state.config.DEFAULT_PROMPT_SUGGESTIONS = data["suggestions"]
return request.app.state.config.DEFAULT_PROMPT_SUGGESTIONS
feat: banners Co-Authored-By: Jun Siang Cheah <me@jscheah.me>
2024-05-26 19:18:43 +00:00
############################
# SetBanners
############################
class SetBannersForm(BaseModel):
remove List imports
2024-08-14 12:46:31 +00:00
banners: list[BannerModel]
feat: banners Co-Authored-By: Jun Siang Cheah <me@jscheah.me>
2024-05-26 19:18:43 +00:00
remove List imports
2024-08-14 12:46:31 +00:00
@router.post("/banners", response_model=list[BannerModel])
feat: banners Co-Authored-By: Jun Siang Cheah <me@jscheah.me>
2024-05-26 19:18:43 +00:00
async def set_banners(
request: Request,
form_data: SetBannersForm,
user=Depends(get_admin_user),
):
data = form_data.model_dump()
request.app.state.config.BANNERS = data["banners"]
return request.app.state.config.BANNERS
remove List imports
2024-08-14 12:46:31 +00:00
@router.get("/banners", response_model=list[BannerModel])
feat: banners Co-Authored-By: Jun Siang Cheah <me@jscheah.me>
2024-05-26 19:18:43 +00:00
async def get_banners(
request: Request,
refac
2024-06-27 18:29:59 +00:00
user=Depends(get_verified_user),
feat: banners Co-Authored-By: Jun Siang Cheah <me@jscheah.me>
2024-05-26 19:18:43 +00:00
):
return request.app.state.config.BANNERS
feat: Add SCIM 2.0 support for enterprise user provisioning Implements SCIM 2.0 protocol for automated user and group provisioning from identity providers like Okta, Azure AD, and Google Workspace. Backend changes: - Add SCIM configuration with PersistentConfig for database persistence - Implement SCIM 2.0 endpoints (Users, Groups, ServiceProviderConfig) - Add bearer token authentication for SCIM requests - Include comprehensive test coverage for SCIM functionality Frontend changes: - Add SCIM admin settings page with token generation - Implement SCIM configuration management UI - Add save functionality and proper error handling - Include SCIM statistics display 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-13 14:34:41 +00:00
############################
# SCIM Configuration
############################
class SCIMConfigForm(BaseModel):
enabled: bool
token: Optional[str] = None
token_created_at: Optional[str] = None
token_expires_at: Optional[str] = None
class SCIMTokenRequest(BaseModel):
expires_in: Optional[int] = None # seconds until expiration, None = never
class SCIMTokenResponse(BaseModel):
token: str
created_at: str
expires_at: Optional[str] = None
class SCIMStats(BaseModel):
total_users: int
total_groups: int
last_sync: Optional[str] = None
# In-memory storage for SCIM tokens (in production, use database)
scim_tokens = {}
def generate_scim_token(length: int = 48) -> str:
"""Generate a secure random token for SCIM authentication"""
alphabet = string.ascii_letters + string.digits + "-_"
return "".join(secrets.choice(alphabet) for _ in range(length))
@router.get("/scim", response_model=SCIMConfigForm)
async def get_scim_config(request: Request, user=Depends(get_admin_user)):
"""Get current SCIM configuration"""
# Get token info from storage
token_info = None
scim_token = getattr(request.app.state.config, "SCIM_TOKEN", None)
# Handle both PersistentConfig and direct value
if hasattr(scim_token, 'value'):
scim_token = scim_token.value
if scim_token and scim_token in scim_tokens:
token_info = scim_tokens[scim_token]
scim_enabled = getattr(request.app.state.config, "SCIM_ENABLED", False)
print(f"Getting SCIM config - raw SCIM_ENABLED: {scim_enabled}, type: {type(scim_enabled)}")
# Handle both PersistentConfig and direct value
if hasattr(scim_enabled, 'value'):
scim_enabled = scim_enabled.value
print(f"Returning SCIM config: enabled={scim_enabled}, token={'set' if scim_token else 'not set'}")
return SCIMConfigForm(
enabled=scim_enabled,
token="***" if scim_token else None, # Don't expose actual token
token_created_at=token_info.get("created_at") if token_info else None,
token_expires_at=token_info.get("expires_at") if token_info else None,
)
@router.post("/scim", response_model=SCIMConfigForm)
async def update_scim_config(request: Request, config: SCIMConfigForm, user=Depends(get_admin_user)):
"""Update SCIM configuration"""
if not WEBUI_AUTH:
raise HTTPException(400, detail="Authentication must be enabled for SCIM")
print(f"Updating SCIM config: enabled={config.enabled}")
# Import here to avoid circular import
from open_webui.config import save_config, get_config
# Get current config data
config_data = get_config()
# Update SCIM settings in config data
if "scim" not in config_data:
config_data["scim"] = {}
config_data["scim"]["enabled"] = config.enabled
# Save config to database
save_config(config_data)
# Also update the runtime config
scim_enabled_attr = getattr(request.app.state.config, "SCIM_ENABLED", None)
if scim_enabled_attr:
if hasattr(scim_enabled_attr, 'value'):
# It's a PersistentConfig object
print(f"Updating PersistentConfig SCIM_ENABLED from {scim_enabled_attr.value} to {config.enabled}")
scim_enabled_attr.value = config.enabled
else:
# Direct assignment
print(f"Direct assignment SCIM_ENABLED to {config.enabled}")
request.app.state.config.SCIM_ENABLED = config.enabled
else:
# Create if doesn't exist
print(f"Creating SCIM_ENABLED with value {config.enabled}")
request.app.state.config.SCIM_ENABLED = config.enabled
# Return updated config
return await get_scim_config(request=request, user=user)
@router.post("/scim/token", response_model=SCIMTokenResponse)
async def generate_scim_token_endpoint(
request: Request, token_request: SCIMTokenRequest, user=Depends(get_admin_user)
):
"""Generate a new SCIM bearer token"""
token = generate_scim_token()
created_at = datetime.utcnow()
expires_at = None
if token_request.expires_in:
expires_at = created_at + timedelta(seconds=token_request.expires_in)
# Store token info
token_info = {
"token": token,
"created_at": created_at.isoformat(),
"expires_at": expires_at.isoformat() if expires_at else None,
}
scim_tokens[token] = token_info
# Import here to avoid circular import
from open_webui.config import save_config, get_config
# Get current config data
config_data = get_config()
# Update SCIM token in config data
if "scim" not in config_data:
config_data["scim"] = {}
config_data["scim"]["token"] = token
# Save config to database
save_config(config_data)
# Also update the runtime config
scim_token_attr = getattr(request.app.state.config, "SCIM_TOKEN", None)
if scim_token_attr:
if hasattr(scim_token_attr, 'value'):
# It's a PersistentConfig object
scim_token_attr.value = token
else:
# Direct assignment
request.app.state.config.SCIM_TOKEN = token
else:
# Create if doesn't exist
request.app.state.config.SCIM_TOKEN = token
return SCIMTokenResponse(
token=token,
created_at=token_info["created_at"],
expires_at=token_info["expires_at"],
)
@router.delete("/scim/token")
async def revoke_scim_token(request: Request, user=Depends(get_admin_user)):
"""Revoke the current SCIM token"""
# Get current token
scim_token = getattr(request.app.state.config, "SCIM_TOKEN", None)
if hasattr(scim_token, 'value'):
scim_token = scim_token.value
# Remove from storage
if scim_token and scim_token in scim_tokens:
del scim_tokens[scim_token]
# Import here to avoid circular import
from open_webui.config import save_config, get_config
# Get current config data
config_data = get_config()
# Remove SCIM token from config data
if "scim" in config_data:
config_data["scim"]["token"] = None
# Save config to database
save_config(config_data)
# Also update the runtime config
scim_token_attr = getattr(request.app.state.config, "SCIM_TOKEN", None)
if scim_token_attr:
if hasattr(scim_token_attr, 'value'):
# It's a PersistentConfig object
scim_token_attr.value = None
else:
# Direct assignment
request.app.state.config.SCIM_TOKEN = None
return {"detail": "SCIM token revoked successfully"}
@router.get("/scim/stats", response_model=SCIMStats)
async def get_scim_stats(request: Request, user=Depends(get_admin_user)):
"""Get SCIM statistics"""
users = Users.get_users()
groups = Groups.get_groups()
# Get last sync time (in production, track this properly)
last_sync = None
return SCIMStats(
total_users=len(users),
total_groups=len(groups) if groups else 0,
last_sync=last_sync,
)
Reference in a new issue Copy permalink