ti.sil/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2025-12-12 04:15:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

feat: also consider OAUTH_ROLES_SEPARATOR for string claims themselves (#19514)

Browse source
This commit is contained in:
gerhardj-b 2025-11-26 23:38:26 +01:00 committed by GitHub
parent d071cdf7d4
commit f2d6a425de
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 15 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
backend/open_webui/config.py
View file

@ -583,14 +583,16 @@ OAUTH_ROLES_CLAIM = PersistentConfig(
os.environ.get("OAUTH_ROLES_CLAIM", "roles"), os.environ.get("OAUTH_ROLES_CLAIM", "roles"),
) )
SEP = os.environ.get("OAUTH_ROLES_SEPARATOR", ",") OAUTH_ROLES_SEPARATOR = os.environ.get("OAUTH_ROLES_SEPARATOR", ",")
OAUTH_ALLOWED_ROLES = PersistentConfig( OAUTH_ALLOWED_ROLES = PersistentConfig(
"OAUTH_ALLOWED_ROLES", "OAUTH_ALLOWED_ROLES",
"oauth.allowed_roles", "oauth.allowed_roles",
[ [
role.strip() role.strip()
for role in os.environ.get("OAUTH_ALLOWED_ROLES", f"user{SEP}admin").split(SEP) for role in os.environ.get(
"OAUTH_ALLOWED_ROLES", f"user{OAUTH_ROLES_SEPARATOR}admin"
).split(OAUTH_ROLES_SEPARATOR)
if role if role
], ],
) )
@ -600,7 +602,9 @@ OAUTH_ADMIN_ROLES = PersistentConfig(
"oauth.admin_roles", "oauth.admin_roles",
[ [
role.strip() role.strip()
for role in os.environ.get("OAUTH_ADMIN_ROLES", "admin").split(SEP) for role in os.environ.get("OAUTH_ADMIN_ROLES", "admin").split(
OAUTH_ROLES_SEPARATOR
)
if role if role
], ],
) )

9
backend/open_webui/utils/oauth.py
View file

@ -43,6 +43,7 @@ from open_webui.config import (
ENABLE_OAUTH_GROUP_CREATION, ENABLE_OAUTH_GROUP_CREATION,
OAUTH_BLOCKED_GROUPS, OAUTH_BLOCKED_GROUPS,
OAUTH_GROUPS_SEPARATOR, OAUTH_GROUPS_SEPARATOR,
OAUTH_ROLES_SEPARATOR,
OAUTH_ROLES_CLAIM, OAUTH_ROLES_CLAIM,
OAUTH_SUB_CLAIM, OAUTH_SUB_CLAIM,
OAUTH_GROUPS_CLAIM, OAUTH_GROUPS_CLAIM,
@ -1032,7 +1033,13 @@ class OAuthManager:
if isinstance(claim_data, list): if isinstance(claim_data, list):
oauth_roles = claim_data oauth_roles = claim_data
if isinstance(claim_data, str) or isinstance(claim_data, int): elif isinstance(claim_data, str):
# Split by the configured separator if present
if OAUTH_ROLES_SEPARATOR and OAUTH_ROLES_SEPARATOR in claim_data:
oauth_roles = claim_data.split(OAUTH_ROLES_SEPARATOR)
else:
oauth_roles = [claim_data]
elif isinstance(claim_data, int):
oauth_roles = [str(claim_data)] oauth_roles = [str(claim_data)]
log.debug(f"Oauth Roles claim: {oauth_claim}") log.debug(f"Oauth Roles claim: {oauth_claim}")