From 71d1f06f2e9f57cee4684127121fa1a317264399 Mon Sep 17 00:00:00 2001 From: Gabriel Luiz Freitas Almeida Date: Thu, 17 Apr 2025 19:31:14 -0300 Subject: [PATCH] feat: add deprecation warning for AUTO_LOGIN (#7691) * feat: Update API key authentication logic and add deprecation warning - Introduced a deprecation warning for the upcoming change in v1.5 regarding AUTO_LOGIN authentication, which will require a valid API key or JWT. - Modified the authentication logic to check for API key or JWT in query parameters or headers before falling back to superuser credentials. - Enhanced the clarity of authentication requirements for users integrating with Langflow. * fix: Update deprecation warning message for API key authentication --- src/backend/base/langflow/services/auth/utils.py | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/src/backend/base/langflow/services/auth/utils.py b/src/backend/base/langflow/services/auth/utils.py index 28b1b1c4d..030f6d5b4 100644 --- a/src/backend/base/langflow/services/auth/utils.py +++ b/src/backend/base/langflow/services/auth/utils.py @@ -49,8 +49,19 @@ async def api_key_security( status_code=status.HTTP_400_BAD_REQUEST, detail="Missing first superuser credentials", ) - - result = await get_user_by_username(db, settings_service.auth_settings.SUPERUSER) + warnings.warn( + ( + "In v1.5, the default behavior of AUTO_LOGIN authentication will change to require a valid API key" + " or JWT. If you integrated with Langflow prior to v1.5, make sure to update your code to pass an " + "API key or JWT when authenticating with protected endpoints." + ), + DeprecationWarning, + stacklevel=2, + ) + if query_param or header_param: + result = await check_key(db, query_param or header_param) + else: + result = await get_user_by_username(db, settings_service.auth_settings.SUPERUSER) elif not query_param and not header_param: raise HTTPException(