feat(auth): update AUTO_LOGIN authentication to enforce API key or JWT requirement (#8513)

* feat(auth): update AUTO_LOGIN authentication to enforce API key or JWT requirement

* Removed deprecated warning messages and implemented explicit HTTP exceptions for missing API key or JWT in both API and WebSocket authentication methods.
* Enhanced error handling to ensure compliance with the new authentication requirements introduced in v1.5.

* fix(auth): refine error message for AUTO_LOGIN API key requirement

* Updated the error message in the API key security function to clarify that AUTO_LOGIN requires a valid API key, removing the mention of JWT for consistency with the latest authentication requirements.

* feat(auth): introduce SKIP_AUTH_AUTO_LOGIN setting for enhanced authentication flexibility

* Added a new configuration option `SKIP_AUTH_AUTO_LOGIN` to the AuthSettings class, allowing the application to bypass API key validation for auto login.
* Updated the API and WebSocket security functions to utilize this setting, improving error handling and providing a fallback for superuser credentials when authentication is skipped.

* refactor(auth): rename SKIP_AUTH_AUTO_LOGIN to skip_auth_auto_login for consistency

* Updated the `SKIP_AUTH_AUTO_LOGIN` setting in the `AuthSettings` class to `skip_auth_auto_login` to follow Python naming conventions.
* Adjusted references in the API and WebSocket security functions to use the new attribute name, ensuring consistent behavior across the authentication logic.

* feat(auth): add deprecation warning for SKIP_AUTH_AUTO_LOGIN removal

* Introduced a warning log in both API and WebSocket security functions to inform users that the `LANGFLOW_SKIP_AUTH_AUTO_LOGIN` feature will be removed in version 1.6, prompting necessary updates to authentication methods.

* feat(auth): enhance deprecation warnings for AUTO_LOGIN features

* Added constants for deprecation warning and error messages related to `LANGFLOW_SKIP_AUTH_AUTO_LOGIN` and `AUTO_LOGIN` requirements, improving code maintainability and clarity.
* Updated API and WebSocket security functions to utilize these constants for logging and exception handling, ensuring consistent messaging across authentication methods.

* fix(auth): update AUTO_LOGIN_ERROR message to include LANGFLOW_SKIP_AUTH_AUTO_LOGIN usage

* fix(auth): correct logic for API key validation in WebSocket security function

* Adjusted the conditional flow in the `ws_api_key_security` function to ensure that the API key is checked only when necessary, improving the clarity and correctness of the authentication logic.

* [autofix.ci] apply automated fixes

* feat(tests): add authentication token retrieval for starter projects integration tests

* Implemented a helper function to obtain a JWT token for API requests, enhancing the security of the integration tests.
* Updated the test for starter projects to include the token in API requests, ensuring proper authentication during testing.

* feat(auth): add MCP-specific user authentication and active user dependency

* Introduced `get_current_user_mcp` function for MCP-specific user authentication, allowing fallback to username lookup when no API key is provided.
* Added `get_current_active_user_mcp` dependency to manage active user checks for MCP, ensuring proper integration with the authentication flow.

* refactor(api): replace user dependency with CurrentActiveMCPUser in mcp project endpoints

* Updated project-related API endpoints to use CurrentActiveMCPUser for user authentication, enhancing clarity and consistency in user management.
* Removed unused imports and dependencies related to the previous user authentication method, streamlining the codebase.

---------

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

src/frontend/tests/core/integrations/starter-projects.spec.ts

@@ -1,11 +1,36 @@
 import { expect, test } from "@playwright/test";
 import { awaitBootstrapTest } from "../../utils/await-bootstrap-test";
 
+// Helper function to get JWT token for API requests
+async function getAuthToken(request: any) {
+  const formData = new URLSearchParams();
+  formData.append("username", "langflow");
+  formData.append("password", "langflow");
+
+  const loginResponse = await request.post("/api/v1/login", {
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded",
+    },
+    data: formData.toString(),
+  });
+
+  expect(loginResponse.status()).toBe(200);
+  const tokenData = await loginResponse.json();
+  return tokenData.access_token;
+}
+
 test(
   "vector store from starter projects should have its connections and nodes on the flow",
   { tag: ["@release", "@starter-projects"] },
   async ({ page, request }) => {
-    const response = await request.get("/api/v1/starter-projects");
+    // Get authentication token
+    const authToken = await getAuthToken(request);
+
+    const response = await request.get("/api/v1/starter-projects", {
+      headers: {
+        Authorization: `Bearer ${authToken}`,
+      },
+    });
     expect(response.status()).toBe(200);
     const responseBody = await response.json();
 
@@ -18,7 +43,13 @@ test(
     await page.route("**/api/v1/flows/", async (route) => {
       if (route.request().method() === "GET") {
         try {
-          const response = await route.fetch();
+          // Add authorization header to the request
+          const headers = route.request().headers();
+          headers["Authorization"] = `Bearer ${authToken}`;
+
+          const response = await route.fetch({
+            headers: headers,
+          });
           const flowsData = await response.json();
 
           const modifiedFlows = flowsData.map((flow) => {