mirror of
https://github.com/open-webui/open-webui.git
synced 2025-12-12 12:25:20 +00:00
8d7d79d54b
* feat: improve ollama model management experience
This commit introduces several improvements to the Ollama model management modal:
- Adds a cancel button to the model pulling operation, using the existing 'x' button pattern.
- Adds a cancel button to the "Update All" models operation, allowing the user to cancel the update for the currently processing model.
- Cleans up toast notifications when updating all models. A single toast is now shown at the beginning and a summary toast at the end, preventing notification spam.
- Refactors the `ManageOllama.svelte` component to support these new cancellation features.
- Adds tooltips to all buttons in the modal to improve clarity.
- Disables buttons when their corresponding input fields are empty to prevent accidental clicks.
* fix
* i18n: improve Chinese translation
* fix: handle non‑UTF8 chars in third‑party responses without error
* German translation of new strings in i18n
* log web search queries only with level 'debug' instead of 'info'
* Tool calls now only include text and dont inlcude other content like image b64
* fix onedrive
* fix: discovery url
* fix: default permissions not being loaded
* fix: ai hallucination
* fix: non rich text input copy
* refac: rm print statements
* refac: disable direct models from model editors
* refac/fix: do not process xlsx files with azure doc intelligence
* Update pull_request_template.md
* Update generated image translation in DE-de
* added missing danish translations
* feat(onedrive): Enable search and "My Organization" pivot
* style(onedrive): Formatting fix
* feat: Implement toggling for vertical and horizontal flow layouts
This commit introduces the necessary logic and UI controls to allow users to switch the Flow component layout between vertical and horizontal orientations.
* **`Flow.svelte` Refactoring:**
* Updates logic for calculating level offsets and node positions to consistently respect the current flow orientation.
* Adds a control panel using `<Controls>` and `<SwitchButton>` components.
* Provides user interface elements to easily switch the flow layout between horizontal and vertical orientations.
* build(deps): bump pydantic from 2.11.7 to 2.11.9 in /backend
Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.11.7 to 2.11.9.
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/v2.11.9/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/compare/v2.11.7...v2.11.9)
---
updated-dependencies:
- dependency-name: pydantic
dependency-version: 2.11.9
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump black from 25.1.0 to 25.9.0 in /backend
Bumps [black](https://github.com/psf/black) from 25.1.0 to 25.9.0.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/25.1.0...25.9.0)
---
updated-dependencies:
- dependency-name: black
dependency-version: 25.9.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump markdown from 3.8.2 to 3.9 in /backend
Bumps [markdown](https://github.com/Python-Markdown/markdown) from 3.8.2 to 3.9.
- [Release notes](https://github.com/Python-Markdown/markdown/releases)
- [Changelog](https://github.com/Python-Markdown/markdown/blob/master/docs/changelog.md)
- [Commits](https://github.com/Python-Markdown/markdown/compare/3.8.2...3.9.0)
---
updated-dependencies:
- dependency-name: markdown
dependency-version: '3.9'
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump chromadb from 1.0.20 to 1.1.0 in /backend
Bumps [chromadb](https://github.com/chroma-core/chroma) from 1.0.20 to 1.1.0.
- [Release notes](https://github.com/chroma-core/chroma/releases)
- [Changelog](https://github.com/chroma-core/chroma/blob/main/RELEASE_PROCESS.md)
- [Commits](https://github.com/chroma-core/chroma/compare/1.0.20...1.1.0)
---
updated-dependencies:
- dependency-name: chromadb
dependency-version: 1.1.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump opentelemetry-api from 1.36.0 to 1.37.0
Bumps [opentelemetry-api](https://github.com/open-telemetry/opentelemetry-python) from 1.36.0 to 1.37.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-python/compare/v1.36.0...v1.37.0)
---
updated-dependencies:
- dependency-name: opentelemetry-api
dependency-version: 1.37.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* refac: ollama embed form data
* fix: non rich text handling
* fix: oauth client registration
* refac
* chore: dep bump
* chore: fastapi bump
* chore/refac: bump bcrypt and remove passlib
* Improving Korean Translation
* refac
* Improving Korean Translation
* feat: PWA share_target implementation
Co-Authored-By: gjveld <19951982+gjveld@users.noreply.github.com>
* refac: message input mobile detection behaviour
* feat: model_ids per folder
* Update translation.json (pt-BR)
inclusion of new translations of items that have been added
* refac
* refac
* refac
* refac
* refac/fix: temp chat
* refac
* refac: stop task
* refac/fix: azure audio escape
* refac: external tool validation
* refac/enh: start.sh additional args support
* refac
* refac: styling
* refac/fix: direct connection floating action buttons
* refac/fix: system prompt duplication
* refac/enh: openai tts additional params support
* refac
* feat: load data in parallel to accelerate page loading speed
* i18n: improve Chinese translation
* refac
* refac: model selector
* UPD: i18n es-ES Translation v0.6.33
UPD: i18n es-ES Translation v0.6.33
Updated new strings.
* refac
* improved query pref by querying only relevant columns
* refac/enh: docling params
* refac
* refac: openai additional headers support
* refac
* FEAT: Add Vega Char Visualizer Renderer
### FEAT: Add Vega Char Visualizer Renderer
Feature required in https://github.com/open-webui/open-webui/discussions/18022
Added npm vega lib to package.json
Added function for visualization renderer to src/libs/utils/index.ts
Added logic to src/lib/components/chat/Messages/CodeBlock.svelte
The treatment is similar as for mermaid diagrams.
Reference: https://vega.github.io/vega/
* refac
* chore
* refac
* FEAT: Add Vega-Lite Char Visualizer Renderer
### FEAT: Add Vega Char Visualizer Renderer
Add suport for Vega-Lite Specifications.
Vega-Lite is a "compiled" version of Vega Char Visualizer.
For be rendered with Vega it have to be compiled.
This PR add the check and compile if necessary, is a complement of recent Vega Renderer Feature added.
* refac
* refac/fix: switch
* enh/refac: url input handling
* refac
* refac: styling
* UPD: Add Validators & Error Toast for Mermaid & Vega diagrams
### UPD: Feat: Add Validators & Error Toast for Mermaid & Vega diagrams
Description:
As many time the diagrams generated or entered have syntax errors the diagrams are not rendered due to that errors, but as there isn't any notification is difficult to know what happend.
This PR add validator and toast notification when error on Mermaid and Vega/Vega-Lite diagrams, helping the user to fix its.
* removed redundant knowledge API call
* Fix Code Format
* refac: model workspace view
* refac
* refac: knowledge
* refac: prompts
* refac: tools
* refac
* feat: attach folder
* refac: make tencentcloud-sdk-python optional
* refac/fix: oauth
* enh: ENABLE_OAUTH_EMAIL_FALLBACK
* refac/fix: folders
* Update requirements.txt
* Update pyproject.toml
* UPD: Add Validators & Error Toast for Mermaid & Vega diagrams
### UPD: Feat: Add Validators & Error Toast for Mermaid & Vega diagrams
Description:
As many time the diagrams generated or entered have syntax errors the diagrams are not rendered due to that errors, but as there isn't any notification is difficult to know what happend.
This PR add validator and toast notification when error on Mermaid and Vega/Vega-Lite diagrams, helping the user to fix its.
Note:
Another possibility of integrating this Graph Visualizer is through its svelte component: https://github.com/vega/svelte-vega/tree/main/packages/svelte-vega
* Removed unused toast import & Code Format
* refac
* refac: external tool server view
* refac
* refac: overview
* refac: styling
* refac
* Update bug_report.yaml
* refac
* refac
* refac
* refac
* refac: oauth client fallback
* Fixed: Cannot handle batch sizes > 1 if no padding token is defined
Fixes Cannot handle batch sizes > 1 if no padding token is defined
For reranker models that do not have this defined in their config by using the eos_token_id if present as pad_token_id.
* refac: fallback to reasoning content
* fix(i18n): corrected typo in Spanish translation for "Reasoning Tags"
Typo fixed in Spanish translation file at line 1240 of `open-webui/src/lib/i18n/locales/es-ES/translation.json`:
- Incorrect: "Eriquetas de Razonamiento"
- Correct: "Etiquetas de Razonamiento"
This improves clarity and consistency in the UI.
* refac/fix: ENABLE_STAR_SESSIONS_MIDDLEWARE
* refac/fix: redirect
* refac
* refac
* refac
* refac: web search error handling
* refac: source parsing
* refac: functions
* refac
* refac/enh: note pdf export
* refac/fix: mcp oauth2.1
* chore: format
* chore: Changelog (#17995)
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* refac
* chore: dep bump
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: silentoplayz <jacwoo21@outlook.com>
Co-authored-by: Shirasawa <764798966@qq.com>
Co-authored-by: Jan Kessler <jakessle@uni-mainz.de>
Co-authored-by: Jacob Leksan <jacob.leksan@expedient.com>
Co-authored-by: Classic298 <27028174+Classic298@users.noreply.github.com>
Co-authored-by: sinejespersen <sinejespersen@protonmail.com>
Co-authored-by: Selene Blok <selene.blok@rws.nl>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Cyp <cypher9715@naver.com>
Co-authored-by: gjveld <19951982+gjveld@users.noreply.github.com>
Co-authored-by: joaoback <156559121+joaoback@users.noreply.github.com>
Co-authored-by: _00_ <131402327+rgaricano@users.noreply.github.com>
Co-authored-by: expruc <eygabi01@gmail.com>
Co-authored-by: YetheSamartaka <55753928+YetheSamartaka@users.noreply.github.com>
Co-authored-by: Akutangulo <akutangulo@gmail.com>
367 lines
11 KiB
Python
367 lines
11 KiB
Python
import logging
|
|
import uuid
|
|
import jwt
|
|
import base64
|
|
import hmac
|
|
import hashlib
|
|
import requests
|
|
import os
|
|
import bcrypt
|
|
|
|
from cryptography.hazmat.primitives.ciphers.aead import AESGCM
|
|
from cryptography.hazmat.primitives.asymmetric import ed25519
|
|
from cryptography.hazmat.primitives import serialization
|
|
import json
|
|
|
|
|
|
from datetime import datetime, timedelta
|
|
import pytz
|
|
from pytz import UTC
|
|
from typing import Optional, Union, List, Dict
|
|
|
|
from opentelemetry import trace
|
|
|
|
from open_webui.models.users import Users
|
|
|
|
from open_webui.constants import ERROR_MESSAGES
|
|
|
|
from open_webui.env import (
|
|
OFFLINE_MODE,
|
|
LICENSE_BLOB,
|
|
pk,
|
|
WEBUI_SECRET_KEY,
|
|
TRUSTED_SIGNATURE_KEY,
|
|
STATIC_DIR,
|
|
SRC_LOG_LEVELS,
|
|
WEBUI_AUTH_TRUSTED_EMAIL_HEADER,
|
|
)
|
|
|
|
from fastapi import BackgroundTasks, Depends, HTTPException, Request, Response, status
|
|
from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
|
|
|
|
|
|
log = logging.getLogger(__name__)
|
|
log.setLevel(SRC_LOG_LEVELS["OAUTH"])
|
|
|
|
SESSION_SECRET = WEBUI_SECRET_KEY
|
|
ALGORITHM = "HS256"
|
|
|
|
##############
|
|
# Auth Utils
|
|
##############
|
|
|
|
|
|
def verify_signature(payload: str, signature: str) -> bool:
|
|
"""
|
|
Verifies the HMAC signature of the received payload.
|
|
"""
|
|
try:
|
|
expected_signature = base64.b64encode(
|
|
hmac.new(TRUSTED_SIGNATURE_KEY, payload.encode(), hashlib.sha256).digest()
|
|
).decode()
|
|
|
|
# Compare securely to prevent timing attacks
|
|
return hmac.compare_digest(expected_signature, signature)
|
|
|
|
except Exception:
|
|
return False
|
|
|
|
|
|
def override_static(path: str, content: str):
|
|
# Ensure path is safe
|
|
if "/" in path or ".." in path:
|
|
log.error(f"Invalid path: {path}")
|
|
return
|
|
|
|
file_path = os.path.join(STATIC_DIR, path)
|
|
os.makedirs(os.path.dirname(file_path), exist_ok=True)
|
|
|
|
with open(file_path, "wb") as f:
|
|
f.write(base64.b64decode(content)) # Convert Base64 back to raw binary
|
|
|
|
|
|
def get_license_data(app, key):
|
|
def data_handler(data):
|
|
for k, v in data.items():
|
|
if k == "resources":
|
|
for p, c in v.items():
|
|
globals().get("override_static", lambda a, b: None)(p, c)
|
|
elif k == "count":
|
|
setattr(app.state, "USER_COUNT", v)
|
|
elif k == "name":
|
|
setattr(app.state, "WEBUI_NAME", v)
|
|
elif k == "metadata":
|
|
setattr(app.state, "LICENSE_METADATA", v)
|
|
|
|
def handler(u):
|
|
res = requests.post(
|
|
f"{u}/api/v1/license/",
|
|
json={"key": key, "version": "1"},
|
|
timeout=5,
|
|
)
|
|
|
|
if getattr(res, "ok", False):
|
|
payload = getattr(res, "json", lambda: {})()
|
|
data_handler(payload)
|
|
return True
|
|
else:
|
|
log.error(
|
|
f"License: retrieval issue: {getattr(res, 'text', 'unknown error')}"
|
|
)
|
|
|
|
if key:
|
|
us = [
|
|
"https://api.openwebui.com",
|
|
"https://licenses.api.openwebui.com",
|
|
]
|
|
try:
|
|
for u in us:
|
|
if handler(u):
|
|
return True
|
|
except Exception as ex:
|
|
log.exception(f"License: Uncaught Exception: {ex}")
|
|
|
|
try:
|
|
if LICENSE_BLOB:
|
|
nl = 12
|
|
kb = hashlib.sha256((key.replace("-", "").upper()).encode()).digest()
|
|
|
|
def nt(b):
|
|
return b[:nl], b[nl:]
|
|
|
|
lb = base64.b64decode(LICENSE_BLOB)
|
|
ln, lt = nt(lb)
|
|
|
|
aesgcm = AESGCM(kb)
|
|
p = json.loads(aesgcm.decrypt(ln, lt, None))
|
|
pk.verify(base64.b64decode(p["s"]), p["p"].encode())
|
|
|
|
pb = base64.b64decode(p["p"])
|
|
pn, pt = nt(pb)
|
|
|
|
data = json.loads(aesgcm.decrypt(pn, pt, None).decode())
|
|
if not data.get("exp") and data.get("exp") < datetime.now().date():
|
|
return False
|
|
|
|
data_handler(data)
|
|
return True
|
|
except Exception as e:
|
|
log.error(f"License: {e}")
|
|
|
|
return False
|
|
|
|
|
|
bearer_security = HTTPBearer(auto_error=False)
|
|
|
|
|
|
def get_password_hash(password: str) -> str:
|
|
"""Hash a password using bcrypt"""
|
|
return bcrypt.hashpw(password.encode("utf-8"), bcrypt.gensalt()).decode("utf-8")
|
|
|
|
|
|
def verify_password(plain_password: str, hashed_password: str) -> bool:
|
|
"""Verify a password against its hash"""
|
|
return (
|
|
bcrypt.checkpw(
|
|
plain_password.encode("utf-8"),
|
|
hashed_password.encode("utf-8"),
|
|
)
|
|
if hashed_password
|
|
else None
|
|
)
|
|
|
|
|
|
def create_token(data: dict, expires_delta: Union[timedelta, None] = None) -> str:
|
|
payload = data.copy()
|
|
|
|
if expires_delta:
|
|
expire = datetime.now(UTC) + expires_delta
|
|
payload.update({"exp": expire})
|
|
|
|
encoded_jwt = jwt.encode(payload, SESSION_SECRET, algorithm=ALGORITHM)
|
|
return encoded_jwt
|
|
|
|
|
|
def decode_token(token: str) -> Optional[dict]:
|
|
try:
|
|
decoded = jwt.decode(token, SESSION_SECRET, algorithms=[ALGORITHM])
|
|
return decoded
|
|
except Exception:
|
|
return None
|
|
|
|
|
|
def extract_token_from_auth_header(auth_header: str):
|
|
return auth_header[len("Bearer ") :]
|
|
|
|
|
|
def create_api_key():
|
|
key = str(uuid.uuid4()).replace("-", "")
|
|
return f"sk-{key}"
|
|
|
|
|
|
def get_http_authorization_cred(auth_header: Optional[str]):
|
|
if not auth_header:
|
|
return None
|
|
try:
|
|
scheme, credentials = auth_header.split(" ")
|
|
return HTTPAuthorizationCredentials(scheme=scheme, credentials=credentials)
|
|
except Exception:
|
|
return None
|
|
|
|
|
|
def get_current_user(
|
|
request: Request,
|
|
response: Response,
|
|
background_tasks: BackgroundTasks,
|
|
auth_token: HTTPAuthorizationCredentials = Depends(bearer_security),
|
|
):
|
|
token = None
|
|
|
|
if auth_token is not None:
|
|
token = auth_token.credentials
|
|
|
|
if token is None and "token" in request.cookies:
|
|
token = request.cookies.get("token")
|
|
|
|
if token is None:
|
|
raise HTTPException(status_code=401, detail="Not authenticated")
|
|
|
|
# auth by api key
|
|
if token.startswith("sk-"):
|
|
if not request.state.enable_api_key:
|
|
raise HTTPException(
|
|
status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.API_KEY_NOT_ALLOWED
|
|
)
|
|
|
|
if request.app.state.config.ENABLE_API_KEY_ENDPOINT_RESTRICTIONS:
|
|
allowed_paths = [
|
|
path.strip()
|
|
for path in str(
|
|
request.app.state.config.API_KEY_ALLOWED_ENDPOINTS
|
|
).split(",")
|
|
]
|
|
|
|
# Check if the request path matches any allowed endpoint.
|
|
if not any(
|
|
request.url.path == allowed
|
|
or request.url.path.startswith(allowed + "/")
|
|
for allowed in allowed_paths
|
|
):
|
|
raise HTTPException(
|
|
status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.API_KEY_NOT_ALLOWED
|
|
)
|
|
|
|
user = get_current_user_by_api_key(token)
|
|
|
|
# Add user info to current span
|
|
current_span = trace.get_current_span()
|
|
if current_span:
|
|
current_span.set_attribute("client.user.id", user.id)
|
|
current_span.set_attribute("client.user.email", user.email)
|
|
current_span.set_attribute("client.user.role", user.role)
|
|
current_span.set_attribute("client.auth.type", "api_key")
|
|
|
|
return user
|
|
|
|
# auth by jwt token
|
|
|
|
try:
|
|
try:
|
|
data = decode_token(token)
|
|
except Exception as e:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="Invalid token",
|
|
)
|
|
|
|
if data is not None and "id" in data:
|
|
user = Users.get_user_by_id(data["id"])
|
|
if user is None:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail=ERROR_MESSAGES.INVALID_TOKEN,
|
|
)
|
|
else:
|
|
if WEBUI_AUTH_TRUSTED_EMAIL_HEADER:
|
|
trusted_email = request.headers.get(
|
|
WEBUI_AUTH_TRUSTED_EMAIL_HEADER, ""
|
|
).lower()
|
|
if trusted_email and user.email != trusted_email:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail="User mismatch. Please sign in again.",
|
|
)
|
|
|
|
# Add user info to current span
|
|
current_span = trace.get_current_span()
|
|
if current_span:
|
|
current_span.set_attribute("client.user.id", user.id)
|
|
current_span.set_attribute("client.user.email", user.email)
|
|
current_span.set_attribute("client.user.role", user.role)
|
|
current_span.set_attribute("client.auth.type", "jwt")
|
|
|
|
# Refresh the user's last active timestamp asynchronously
|
|
# to prevent blocking the request
|
|
if background_tasks:
|
|
background_tasks.add_task(
|
|
Users.update_user_last_active_by_id, user.id
|
|
)
|
|
return user
|
|
else:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail=ERROR_MESSAGES.UNAUTHORIZED,
|
|
)
|
|
except Exception as e:
|
|
# Delete the token cookie
|
|
if request.cookies.get("token"):
|
|
response.delete_cookie("token")
|
|
|
|
if request.cookies.get("oauth_id_token"):
|
|
response.delete_cookie("oauth_id_token")
|
|
|
|
# Delete OAuth session if present
|
|
if request.cookies.get("oauth_session_id"):
|
|
response.delete_cookie("oauth_session_id")
|
|
|
|
raise e
|
|
|
|
|
|
def get_current_user_by_api_key(api_key: str):
|
|
user = Users.get_user_by_api_key(api_key)
|
|
|
|
if user is None:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail=ERROR_MESSAGES.INVALID_TOKEN,
|
|
)
|
|
else:
|
|
# Add user info to current span
|
|
current_span = trace.get_current_span()
|
|
if current_span:
|
|
current_span.set_attribute("client.user.id", user.id)
|
|
current_span.set_attribute("client.user.email", user.email)
|
|
current_span.set_attribute("client.user.role", user.role)
|
|
current_span.set_attribute("client.auth.type", "api_key")
|
|
|
|
Users.update_user_last_active_by_id(user.id)
|
|
|
|
return user
|
|
|
|
|
|
def get_verified_user(user=Depends(get_current_user)):
|
|
if user.role not in {"user", "admin"}:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
|
|
)
|
|
return user
|
|
|
|
|
|
def get_admin_user(user=Depends(get_current_user)):
|
|
if user.role != "admin":
|
|
raise HTTPException(
|
|
status_code=status.HTTP_401_UNAUTHORIZED,
|
|
detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
|
|
)
|
|
return user
|