From b6a1989358e0507678f8f33948a7c63a84b48e77 Mon Sep 17 00:00:00 2001 From: carlosrcoelho Date: Sun, 18 Feb 2024 19:07:07 -0300 Subject: [PATCH 1/6] Update Twitter links in config and headerComponent --- docs/docusaurus.config.js | 2 +- src/frontend/src/components/headerComponent/index.tsx | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docusaurus.config.js b/docs/docusaurus.config.js index 538180ccd..430aebcb0 100644 --- a/docs/docusaurus.config.js +++ b/docs/docusaurus.config.js @@ -90,7 +90,7 @@ module.exports = { }, { position: "right", - href: "https://twitter.com/logspace_ai", + href: "https://twitter.com/langflow_ai", position: "right", className: "header-twitter-link", target: "_blank", diff --git a/src/frontend/src/components/headerComponent/index.tsx b/src/frontend/src/components/headerComponent/index.tsx index 77ac85c54..c379971f4 100644 --- a/src/frontend/src/components/headerComponent/index.tsx +++ b/src/frontend/src/components/headerComponent/index.tsx @@ -105,7 +105,7 @@ export default function Header(): JSX.Element {
{stars ?? 0}
Date: Sun, 18 Feb 2024 19:08:09 -0300 Subject: [PATCH 2/6] Update Langflow Twitter handle --- docs/docs/contributing/community.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/contributing/community.md b/docs/docs/contributing/community.md index fb18b1172..51016f508 100644 --- a/docs/docs/contributing/community.md +++ b/docs/docs/contributing/community.md @@ -12,7 +12,7 @@ ## 🐦 Stay tunned for **Langflow** on Twitter -Follow [@logspace_ai](https://twitter.com/logspace_ai) on **Twitter** to get the latest news about **Langflow**. +Follow [@logspace_ai](https://twitter.com/langflow_ai) on **Twitter** to get the latest news about **Langflow**. --- ## ⭐️ Star **Langflow** on GitHub From ab4ff09e8eb600c1cc835429002c970996b3f87f Mon Sep 17 00:00:00 2001 From: anovazzi1 Date: Mon, 19 Feb 2024 10:49:02 -0300 Subject: [PATCH 3/6] Update cookie settings for login and refresh_token functions --- src/backend/langflow/api/v1/login.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/backend/langflow/api/v1/login.py b/src/backend/langflow/api/v1/login.py index 29db59855..7539c1f6f 100644 --- a/src/backend/langflow/api/v1/login.py +++ b/src/backend/langflow/api/v1/login.py @@ -33,8 +33,8 @@ async def login_to_get_access_token( if user: tokens = create_user_tokens(user_id=user.id, db=db, update_last_login=True) - response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True) - response.set_cookie("access_token_lf", tokens["access_token"], httponly=False) + response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True, samesite=None) + response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, samesite=None) return tokens else: raise HTTPException( @@ -50,7 +50,7 @@ async def auto_login( ): if settings_service.auth_settings.AUTO_LOGIN: tokens = create_user_longterm_token(db) - response.set_cookie("access_token_lf", tokens["access_token"], httponly=False) + response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, samesite=None) return tokens raise HTTPException( @@ -67,8 +67,8 @@ async def refresh_token(request: Request, response: Response): token = request.cookies.get("refresh_token_lf") if token: tokens = create_refresh_token(token) - response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True) - response.set_cookie("access_token_lf", tokens["access_token"], httponly=False) + response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True, samesite=None) + response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, samesite=None) return tokens else: raise HTTPException( From 77331da3b6ad09dc2d071833ef4531c35ca881fb Mon Sep 17 00:00:00 2001 From: anovazzi1 Date: Mon, 19 Feb 2024 11:15:08 -0300 Subject: [PATCH 4/6] Update cookie settings for secure access --- src/backend/langflow/api/v1/login.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/backend/langflow/api/v1/login.py b/src/backend/langflow/api/v1/login.py index 7539c1f6f..076ee4ddb 100644 --- a/src/backend/langflow/api/v1/login.py +++ b/src/backend/langflow/api/v1/login.py @@ -33,8 +33,8 @@ async def login_to_get_access_token( if user: tokens = create_user_tokens(user_id=user.id, db=db, update_last_login=True) - response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True, samesite=None) - response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, samesite=None) + response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True, samesite=None, secure=True) + response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, samesite=None, secure=True) return tokens else: raise HTTPException( @@ -50,7 +50,7 @@ async def auto_login( ): if settings_service.auth_settings.AUTO_LOGIN: tokens = create_user_longterm_token(db) - response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, samesite=None) + response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, samesite=None, secure=True) return tokens raise HTTPException( @@ -67,8 +67,8 @@ async def refresh_token(request: Request, response: Response): token = request.cookies.get("refresh_token_lf") if token: tokens = create_refresh_token(token) - response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True, samesite=None) - response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, samesite=None) + response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True, samesite=None, secure=True) + response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, samesite=None, secure=True) return tokens else: raise HTTPException( From 4f2c8cde34a2920892dc8cb722517e1506a415a7 Mon Sep 17 00:00:00 2001 From: anovazzi1 Date: Mon, 19 Feb 2024 11:23:27 -0300 Subject: [PATCH 5/6] Update cookie settings for login and token refresh --- src/backend/langflow/api/v1/login.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/backend/langflow/api/v1/login.py b/src/backend/langflow/api/v1/login.py index 076ee4ddb..e867839dd 100644 --- a/src/backend/langflow/api/v1/login.py +++ b/src/backend/langflow/api/v1/login.py @@ -33,8 +33,8 @@ async def login_to_get_access_token( if user: tokens = create_user_tokens(user_id=user.id, db=db, update_last_login=True) - response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True, samesite=None, secure=True) - response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, samesite=None, secure=True) + response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True, samesite="none", secure=True) + response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, samesite="none", secure=True) return tokens else: raise HTTPException( @@ -50,7 +50,7 @@ async def auto_login( ): if settings_service.auth_settings.AUTO_LOGIN: tokens = create_user_longterm_token(db) - response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, samesite=None, secure=True) + response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, samesite="none", secure=True) return tokens raise HTTPException( @@ -67,8 +67,8 @@ async def refresh_token(request: Request, response: Response): token = request.cookies.get("refresh_token_lf") if token: tokens = create_refresh_token(token) - response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True, samesite=None, secure=True) - response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, samesite=None, secure=True) + response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True, samesite="none", secure=True) + response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, samesite="none", secure=True) return tokens else: raise HTTPException( From 2491c87fda0e4d883c2a1278eba4e2127601e1fc Mon Sep 17 00:00:00 2001 From: Gabriel Luiz Freitas Almeida Date: Mon, 19 Feb 2024 11:45:36 -0300 Subject: [PATCH 6/6] Refactor authentication cookie settings --- src/backend/langflow/api/v1/login.py | 57 ++++++++++++++++--- .../langflow/services/settings/auth.py | 22 ++++++- 2 files changed, 68 insertions(+), 11 deletions(-) diff --git a/src/backend/langflow/api/v1/login.py b/src/backend/langflow/api/v1/login.py index e867839dd..1bd3dd55b 100644 --- a/src/backend/langflow/api/v1/login.py +++ b/src/backend/langflow/api/v1/login.py @@ -1,7 +1,5 @@ from fastapi import APIRouter, Depends, HTTPException, Request, Response, status from fastapi.security import OAuth2PasswordRequestForm -from sqlmodel import Session - from langflow.api.v1.schemas import Token from langflow.services.auth.utils import ( authenticate_user, @@ -10,6 +8,7 @@ from langflow.services.auth.utils import ( create_user_tokens, ) from langflow.services.deps import get_session, get_settings_service +from sqlmodel import Session router = APIRouter(tags=["Login"]) @@ -20,7 +19,9 @@ async def login_to_get_access_token( form_data: OAuth2PasswordRequestForm = Depends(), db: Session = Depends(get_session), # _: Session = Depends(get_current_active_user) + settings_service=Depends(get_settings_service), ): + auth_settings = settings_service.auth_settings try: user = authenticate_user(form_data.username, form_data.password, db) except Exception as exc: @@ -33,8 +34,20 @@ async def login_to_get_access_token( if user: tokens = create_user_tokens(user_id=user.id, db=db, update_last_login=True) - response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True, samesite="none", secure=True) - response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, samesite="none", secure=True) + response.set_cookie( + "refresh_token_lf", + tokens["refresh_token"], + httponly=auth_settings.REFRESH_TOKEN_HTTPONLY, + samesite=auth_settings.REFRESH_SAME_SITE, + secure=auth_settings.REFRESH_SECURE, + ) + response.set_cookie( + "access_token_lf", + tokens["access_token"], + httponly=auth_settings.ACCESS_HTTPONLY, + samesite=auth_settings.ACCESS_SAME_SITE, + secure=auth_settings.ACCESS_SECURE, + ) return tokens else: raise HTTPException( @@ -46,11 +59,20 @@ async def login_to_get_access_token( @router.get("/auto_login") async def auto_login( - response: Response, db: Session = Depends(get_session), settings_service=Depends(get_settings_service) + response: Response, + db: Session = Depends(get_session), + settings_service=Depends(get_settings_service), ): + auth_settings = settings_service.auth_settings if settings_service.auth_settings.AUTO_LOGIN: tokens = create_user_longterm_token(db) - response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, samesite="none", secure=True) + response.set_cookie( + "access_token_lf", + tokens["access_token"], + httponly=auth_settings.ACCESS_HTTPONLY, + samesite=auth_settings.ACCESS_SAME_SITE, + secure=auth_settings.ACCESS_SECURE, + ) return tokens raise HTTPException( @@ -63,12 +85,29 @@ async def auto_login( @router.post("/refresh") -async def refresh_token(request: Request, response: Response): +async def refresh_token( + request: Request, response: Response, settings_service=Depends(get_settings_service) +): + auth_settings = settings_service.auth_settings + token = request.cookies.get("refresh_token_lf") + if token: tokens = create_refresh_token(token) - response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True, samesite="none", secure=True) - response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, samesite="none", secure=True) + response.set_cookie( + "refresh_token_lf", + tokens["refresh_token"], + httponly=auth_settings.REFRESH_TOKEN_HTTPONLY, + samesite=auth_settings.REFRESH_SAME_SITE, + secure=auth_settings.REFRESH_SECURE, + ) + response.set_cookie( + "access_token_lf", + tokens["access_token"], + httponly=auth_settings.ACCESS_HTTPONLY, + samesite=auth_settings.ACCESS_SAME_SITE, + secure=auth_settings.ACCESS_SECURE, + ) return tokens else: raise HTTPException( diff --git a/src/backend/langflow/services/settings/auth.py b/src/backend/langflow/services/settings/auth.py index 92a696cc5..258ff5f63 100644 --- a/src/backend/langflow/services/settings/auth.py +++ b/src/backend/langflow/services/settings/auth.py @@ -2,7 +2,10 @@ import secrets from pathlib import Path from typing import Optional -from langflow.services.settings.constants import DEFAULT_SUPERUSER, DEFAULT_SUPERUSER_PASSWORD +from langflow.services.settings.constants import ( + DEFAULT_SUPERUSER, + DEFAULT_SUPERUSER_PASSWORD, +) from langflow.services.settings.utils import read_secret_from_file, write_secret_to_file from loguru import logger from passlib.context import CryptContext @@ -23,7 +26,9 @@ class AuthSettings(BaseSettings): REFRESH_TOKEN_EXPIRE_MINUTES: int = 60 * 12 * 7 # API Key to execute /process endpoint - API_KEY_SECRET_KEY: Optional[str] = "b82818e0ad4ff76615c5721ee21004b07d84cd9b87ba4d9cb42374da134b841a" + API_KEY_SECRET_KEY: Optional[str] = ( + "b82818e0ad4ff76615c5721ee21004b07d84cd9b87ba4d9cb42374da134b841a" + ) API_KEY_ALGORITHM: str = "HS256" API_V1_STR: str = "/api/v1" @@ -34,6 +39,19 @@ class AuthSettings(BaseSettings): SUPERUSER: str = DEFAULT_SUPERUSER SUPERUSER_PASSWORD: str = DEFAULT_SUPERUSER_PASSWORD + REFRESH_SAME_SITE: str = "none" + """The SameSite attribute of the refresh token cookie.""" + REFRESH_SECURE: bool = True + """The Secure attribute of the refresh token cookie.""" + REFRESH_HTTPONLY: bool = True + """The HttpOnly attribute of the refresh token cookie.""" + ACCESS_SAME_SITE: str = "none" + """The SameSite attribute of the access token cookie.""" + ACCESS_SECURE: bool = True + """The Secure attribute of the access token cookie.""" + ACCESS_HTTPONLY: bool = False + """The HttpOnly attribute of the access token cookie.""" + pwd_context: CryptContext = CryptContext(schemes=["bcrypt"], deprecated="auto") class Config: