Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(backend): Avoid falling back to default user unless ENABLED_AUTH is set to False #8691

Merged
merged 4 commits into from
Nov 18, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions autogpt_platform/autogpt_libs/autogpt_libs/auth/depends.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
import fastapi

from .middleware import auth_middleware
from .models import User
from .models import User, DEFAULT_USER_ID, DEFAULT_EMAIL
from .config import Settings


def requires_user(payload: dict = fastapi.Depends(auth_middleware)) -> User:
Expand All @@ -16,8 +17,12 @@ def requires_admin_user(

def verify_user(payload: dict | None, admin_only: bool) -> User:
if not payload:
if Settings.ENABLE_AUTH:
raise fastapi.HTTPException(
status_code=401, detail="Authorization header is missing"
)
# This handles the case when authentication is disabled
payload = {"sub": "3e53486c-cf57-477e-ba2a-cb02dc828e1a", "role": "admin"}
payload = {"sub": DEFAULT_USER_ID, "role": "admin"}

user_id = payload.get("sub")

Expand Down
3 changes: 3 additions & 0 deletions autogpt_platform/autogpt_libs/autogpt_libs/auth/models.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
from dataclasses import dataclass

DEFAULT_USER_ID = "3e53486c-cf57-477e-ba2a-cb02dc828e1a"
DEFAULT_EMAIL = "[email protected]"


# Using dataclass here to avoid adding dependency on pydantic
@dataclass(frozen=True)
Expand Down
4 changes: 1 addition & 3 deletions autogpt_platform/backend/backend/data/user.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import logging
from typing import Optional, cast

from autogpt_libs.auth.models import DEFAULT_USER_ID
from autogpt_libs.supabase_integration_credentials_store.types import (
UserIntegrations,
UserMetadata,
Expand All @@ -15,9 +16,6 @@

logger = logging.getLogger(__name__)

DEFAULT_USER_ID = "3e53486c-cf57-477e-ba2a-cb02dc828e1a"
DEFAULT_EMAIL = "[email protected]"


async def get_or_create_user(user_data: dict) -> User:
user_id = user_data.get("sub")
Expand Down
17 changes: 5 additions & 12 deletions autogpt_platform/backend/backend/server/utils.py
Original file line number Diff line number Diff line change
@@ -1,18 +1,11 @@
from autogpt_libs.auth.middleware import auth_middleware
from fastapi import Depends, HTTPException
from autogpt_libs.auth.depends import requires_user
from autogpt_libs.auth.models import User
from fastapi import Depends

from backend.data.user import DEFAULT_USER_ID
from backend.util.settings import Settings

settings = Settings()


def get_user_id(payload: dict = Depends(auth_middleware)) -> str:
if not payload:
# This handles the case when authentication is disabled
return DEFAULT_USER_ID

user_id = payload.get("sub")
if not user_id:
raise HTTPException(status_code=401, detail="User ID not found in token")
return user_id
def get_user_id(user: User = Depends(requires_user)) -> str:
return user.user_id
32 changes: 16 additions & 16 deletions autogpt_platform/backend/backend/server/ws_api.py
Original file line number Diff line number Diff line change
Expand Up @@ -53,24 +53,24 @@ async def event_broadcaster(manager: ConnectionManager):


async def authenticate_websocket(websocket: WebSocket) -> str:
if settings.config.enable_auth:
token = websocket.query_params.get("token")
if not token:
await websocket.close(code=4001, reason="Missing authentication token")
return ""
if not settings.config.enable_auth:
return DEFAULT_USER_ID

token = websocket.query_params.get("token")
if not token:
await websocket.close(code=4001, reason="Missing authentication token")
return ""

try:
payload = parse_jwt_token(token)
user_id = payload.get("sub")
if not user_id:
await websocket.close(code=4002, reason="Invalid token")
return ""
return user_id
except ValueError:
await websocket.close(code=4003, reason="Invalid token")
try:
payload = parse_jwt_token(token)
user_id = payload.get("sub")
if not user_id:
await websocket.close(code=4002, reason="Invalid token")
return ""
else:
return DEFAULT_USER_ID
return user_id
except ValueError:
await websocket.close(code=4003, reason="Invalid token")
return ""


async def handle_subscribe(
Expand Down
Loading