From 9eca124b1700eaeb8742b1f60c7170543fcb03f5 Mon Sep 17 00:00:00 2001 From: Gabriel Luiz Freitas Almeida Date: Thu, 31 Aug 2023 11:17:16 -0300 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20fix(utils.py):=20raise=20HTTPExc?= =?UTF-8?q?eption=20with=20status=20code=20400=20and=20detail=20message=20?= =?UTF-8?q?when=20FIRST=5FSUPERUSER=20credentials=20are=20missing=20in=20a?= =?UTF-8?q?pi=5Fkey=5Fsecurity=20function=20=F0=9F=90=9B=20fix(utils.py):?= =?UTF-8?q?=20raise=20credentials=5Fexception=20when=20SECRET=5FKEY=20is?= =?UTF-8?q?=20None=20in=20get=5Fcurrent=5Fuser=20function=20=F0=9F=90=9B?= =?UTF-8?q?=20fix(utils.py):=20raise=20HTTPException=20with=20status=20cod?= =?UTF-8?q?e=20400=20and=20detail=20message=20when=20FIRST=5FSUPERUSER=20c?= =?UTF-8?q?redentials=20are=20missing=20in=20create=5Fuser=5Flongterm=5Fto?= =?UTF-8?q?ken=20function=20=F0=9F=90=9B=20fix(auth.py):=20set=20SECRET=5F?= =?UTF-8?q?KEY=20default=20value=20to=20empty=20string=20and=20disallow=20?= =?UTF-8?q?mutation=20in=20AuthSettings=20class=20=F0=9F=90=9B=20fix(auth.?= =?UTF-8?q?py):=20set=20FIRST=5FSUPERUSER=20and=20FIRST=5FSUPERUSER=5FPASS?= =?UTF-8?q?WORD=20as=20optional=20fields=20with=20default=20values=20and?= =?UTF-8?q?=20disallow=20mutation=20in=20AuthSettings=20class=20?= =?UTF-8?q?=F0=9F=90=9B=20fix(manager.py):=20raise=20ValueError=20when=20C?= =?UTF-8?q?ONFIG=5FDIR=20is=20not=20set=20in=20settings?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/backend/langflow/services/auth/utils.py | 21 +++++++++++++++---- .../langflow/services/settings/auth.py | 19 +++++++++++++---- .../langflow/services/settings/manager.py | 8 ++++++- 3 files changed, 39 insertions(+), 9 deletions(-) diff --git a/src/backend/langflow/services/auth/utils.py b/src/backend/langflow/services/auth/utils.py index a53a182c0..485968a38 100644 --- a/src/backend/langflow/services/auth/utils.py +++ b/src/backend/langflow/services/auth/utils.py @@ -37,7 +37,12 @@ async def api_key_security( result: Optional[Union[ApiKey, User]] = None if settings_manager.auth_settings.AUTO_LOGIN: # Get the first user - settings_manager.auth_settings.FIRST_SUPERUSER + if not settings_manager.auth_settings.FIRST_SUPERUSER: + raise HTTPException( + status_code=status.HTTP_400_BAD_REQUEST, + detail="Missing first superuser credentials", + ) + result = get_user_by_username( db, settings_manager.auth_settings.FIRST_SUPERUSER ) @@ -80,6 +85,9 @@ async def get_current_user( if isinstance(token, Coroutine): token = await token + if settings_manager.auth_settings.SECRET_KEY is None: + raise credentials_exception + try: payload = jwt.decode( token, @@ -150,9 +158,9 @@ def create_token(data: dict, expires_delta: timedelta): def create_super_user( + username: str, + password: str, db: Session = Depends(get_session), - username: Optional[str] = None, - password: Optional[str] = None, ) -> User: super_user = get_user_by_username(db, username) @@ -176,7 +184,12 @@ def create_user_longterm_token(db: Session = Depends(get_session)) -> dict: settings_manager = get_settings_manager() username = settings_manager.auth_settings.FIRST_SUPERUSER password = settings_manager.auth_settings.FIRST_SUPERUSER_PASSWORD - super_user = create_super_user(db, username=username, password=password) + if not username or not password: + raise HTTPException( + status_code=status.HTTP_400_BAD_REQUEST, + detail="Missing first superuser credentials", + ) + super_user = create_super_user(db=db, username=username, password=password) access_token_expires_longterm = timedelta(days=365) access_token = create_token( diff --git a/src/backend/langflow/services/settings/auth.py b/src/backend/langflow/services/settings/auth.py index 7550d3ddd..c38417502 100644 --- a/src/backend/langflow/services/settings/auth.py +++ b/src/backend/langflow/services/settings/auth.py @@ -11,10 +11,11 @@ from langflow.utils.logger import logger class AuthSettings(BaseSettings): # Login settings CONFIG_DIR: str - SECRET_KEY: Optional[str] = Field( - None, + SECRET_KEY: str = Field( + default="", description="Secret key for JWT. If not provided, a random one will be generated.", env="LANGFLOW_SECRET_KEY", + allow_mutation=False, ) ALGORITHM: str = "HS256" ACCESS_TOKEN_EXPIRE_MINUTES: int = 60 @@ -30,8 +31,18 @@ class AuthSettings(BaseSettings): # If AUTO_LOGIN = True # > The application does not request login and logs in automatically as a super user. AUTO_LOGIN: bool = False - FIRST_SUPERUSER: str = "langflow" - FIRST_SUPERUSER_PASSWORD: str = "langflow" + FIRST_SUPERUSER: Optional[str] = Field( + "langflow", + description="First super user to be created if AUTO_LOGIN is True.", + env="LANGFLOW_FIRST_SUPERUSER", + allow_mutation=False, + ) + FIRST_SUPERUSER_PASSWORD: Optional[str] = Field( + "langflow", + description="First super user password to be created if AUTO_LOGIN is True.", + env="LANGFLOW_FIRST_SUPERUSER_PASSWORD", + allow_mutation=False, + ) pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto") diff --git a/src/backend/langflow/services/settings/manager.py b/src/backend/langflow/services/settings/manager.py index 67e06108e..cef212c4e 100644 --- a/src/backend/langflow/services/settings/manager.py +++ b/src/backend/langflow/services/settings/manager.py @@ -35,5 +35,11 @@ class SettingsManager(Service): ) settings = Settings(**settings_dict) - auth_settings = AuthSettings(CONFIG_DIR=settings.CONFIG_DIR) + if not settings.CONFIG_DIR: + raise ValueError("CONFIG_DIR must be set in settings") + auth_settings = AuthSettings( + CONFIG_DIR=settings.CONFIG_DIR, + FIRST_SUPERUSER=None, + FIRST_SUPERUSER_PASSWORD=None, + ) return cls(settings, auth_settings)