ti.sil/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2025-12-12 04:15:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

enh: regex pattern support for groups

Browse source
This commit is contained in:
Timothy Jaeryang Baek 2025-09-03 18:50:02 +04:00
parent 51fc792501
commit df66e21472
1 changed files with 49 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
backend/open_webui/utils/oauth.py
View file

@ -5,6 +5,9 @@ import sys
import uuid import uuid
import json import json
import re
import fnmatch
import aiohttp import aiohttp
from authlib.integrations.starlette_client import OAuth from authlib.integrations.starlette_client import OAuth
from authlib.oidc.core import UserInfo from authlib.oidc.core import UserInfo
@ -79,6 +82,50 @@ auth_manager_config.JWT_EXPIRES_IN = JWT_EXPIRES_IN
auth_manager_config.OAUTH_UPDATE_PICTURE_ON_LOGIN = OAUTH_UPDATE_PICTURE_ON_LOGIN auth_manager_config.OAUTH_UPDATE_PICTURE_ON_LOGIN = OAUTH_UPDATE_PICTURE_ON_LOGIN
def is_in_blocked_groups(group_name: str, groups: list) -> bool:
"""
Check if a group name matches any blocked pattern.
Supports exact matches, shell-style wildcards (*, ?), and regex patterns.
Args:
group_name: The group name to check
groups: List of patterns to match against
Returns:
True if the group is blocked, False otherwise
"""
if not groups:
return False
for group_pattern in groups:
if not group_pattern: # Skip empty patterns
continue
# Exact match
if group_name == group_pattern:
return True
# Try as regex pattern first if it contains regex-specific characters
if any(
char in group_pattern
for char in ["^", "$", "[", "]", "(", ")", "{", "}", "+", "\\", "|"]
):
try:
# Use the original pattern as-is for regex matching
if re.search(group_pattern, group_name):
return True
except re.error:
# If regex is invalid, fall through to wildcard check
pass
# Shell-style wildcard match (supports * and ?)
if "*" in group_pattern or "?" in group_pattern:
if fnmatch.fnmatch(group_name, group_pattern):
return True
return False
class OAuthManager: class OAuthManager:
def __init__(self, app): def __init__(self, app):
self.oauth = OAuth() self.oauth = OAuth()
@ -238,7 +285,7 @@ class OAuthManager:
if ( if (
user_oauth_groups user_oauth_groups
and group_model.name not in user_oauth_groups and group_model.name not in user_oauth_groups
and group_model.name not in blocked_groups and not is_in_blocked_groups(group_model.name, blocked_groups)
): ):
# Remove group from user # Remove group from user
log.debug( log.debug(
@ -269,7 +316,7 @@ class OAuthManager:
user_oauth_groups user_oauth_groups
and group_model.name in user_oauth_groups and group_model.name in user_oauth_groups
and not any(gm.name == group_model.name for gm in user_current_groups) and not any(gm.name == group_model.name for gm in user_current_groups)
and group_model.name not in blocked_groups and not is_in_blocked_groups(group_model.name, blocked_groups)
): ):
# Add user to group # Add user to group
log.debug( log.debug(