feat: add deprecation warning for AUTO_LOGIN (#7691)

* feat: Update API key authentication logic and add deprecation warning - Introduced a deprecation warning for the upcoming change in v1.5 regarding AUTO_LOGIN authentication, which will require a valid API key or JWT. - Modified the authentication logic to check for API key or JWT in query parameters or headers before falling back to superuser credentials. - Enhanced the clarity of authentication requirements for users integrating with Langflow. * fix: Update deprecation warning message for API key authentication
2025-04-17 19:31:14 -03:00 · 2025-04-17 19:31:14 -03:00 · 71d1f06f2e
commit 71d1f06f2e
parent 6b8d622c5a
1 changed files with 13 additions and 2 deletions
--- a/src/backend/base/langflow/services/auth/utils.py
+++ b/src/backend/base/langflow/services/auth/utils.py
@ -49,8 +49,19 @@ async def api_key_security(
                    status_code=status.HTTP_400_BAD_REQUEST,
                    detail="Missing first superuser credentials",
                )
-
-            result = await get_user_by_username(db, settings_service.auth_settings.SUPERUSER)
+            warnings.warn(
+                (
+                    "In v1.5, the default behavior of AUTO_LOGIN authentication will change to require a valid API key"
+                    " or JWT. If you integrated with Langflow prior to v1.5, make sure to update your code to pass an "
+                    "API key or JWT when authenticating with protected endpoints."
+                ),
+                DeprecationWarning,
+                stacklevel=2,
+            )
+            if query_param or header_param:
+                result = await check_key(db, query_param or header_param)
+            else:
+                result = await get_user_by_username(db, settings_service.auth_settings.SUPERUSER)

        elif not query_param and not header_param:
            raise HTTPException(