* feat(auth): update AUTO_LOGIN authentication to enforce API key or JWT requirement
* Removed deprecated warning messages and implemented explicit HTTP exceptions for missing API key or JWT in both API and WebSocket authentication methods.
* Enhanced error handling to ensure compliance with the new authentication requirements introduced in v1.5.
* fix(auth): refine error message for AUTO_LOGIN API key requirement
* Updated the error message in the API key security function to clarify that AUTO_LOGIN requires a valid API key, removing the mention of JWT for consistency with the latest authentication requirements.
* feat(auth): introduce SKIP_AUTH_AUTO_LOGIN setting for enhanced authentication flexibility
* Added a new configuration option `SKIP_AUTH_AUTO_LOGIN` to the AuthSettings class, allowing the application to bypass API key validation for auto login.
* Updated the API and WebSocket security functions to utilize this setting, improving error handling and providing a fallback for superuser credentials when authentication is skipped.
* refactor(auth): rename SKIP_AUTH_AUTO_LOGIN to skip_auth_auto_login for consistency
* Updated the `SKIP_AUTH_AUTO_LOGIN` setting in the `AuthSettings` class to `skip_auth_auto_login` to follow Python naming conventions.
* Adjusted references in the API and WebSocket security functions to use the new attribute name, ensuring consistent behavior across the authentication logic.
* feat(auth): add deprecation warning for SKIP_AUTH_AUTO_LOGIN removal
* Introduced a warning log in both API and WebSocket security functions to inform users that the `LANGFLOW_SKIP_AUTH_AUTO_LOGIN` feature will be removed in version 1.6, prompting necessary updates to authentication methods.
* feat(auth): enhance deprecation warnings for AUTO_LOGIN features
* Added constants for deprecation warning and error messages related to `LANGFLOW_SKIP_AUTH_AUTO_LOGIN` and `AUTO_LOGIN` requirements, improving code maintainability and clarity.
* Updated API and WebSocket security functions to utilize these constants for logging and exception handling, ensuring consistent messaging across authentication methods.
* fix(auth): update AUTO_LOGIN_ERROR message to include LANGFLOW_SKIP_AUTH_AUTO_LOGIN usage
* fix(auth): correct logic for API key validation in WebSocket security function
* Adjusted the conditional flow in the `ws_api_key_security` function to ensure that the API key is checked only when necessary, improving the clarity and correctness of the authentication logic.
* [autofix.ci] apply automated fixes
* feat(tests): add authentication token retrieval for starter projects integration tests
* Implemented a helper function to obtain a JWT token for API requests, enhancing the security of the integration tests.
* Updated the test for starter projects to include the token in API requests, ensuring proper authentication during testing.
* feat(auth): add MCP-specific user authentication and active user dependency
* Introduced `get_current_user_mcp` function for MCP-specific user authentication, allowing fallback to username lookup when no API key is provided.
* Added `get_current_active_user_mcp` dependency to manage active user checks for MCP, ensuring proper integration with the authentication flow.
* refactor(api): replace user dependency with CurrentActiveMCPUser in mcp project endpoints
* Updated project-related API endpoints to use CurrentActiveMCPUser for user authentication, enhancing clarity and consistency in user management.
* Removed unused imports and dependencies related to the previous user authentication method, streamlining the codebase.
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
3a3e205f6f