tdpeuter/open-webui
tdpeuter/open-webui
1
Fork 0
forked from open-webui/open-webui
Code Issues Pull requests 1 Projects 1 Releases 2 Packages 1 Activity Actions

fix: merge conflicts

Browse source
This commit is contained in:
Anuraag Jain 2023-12-30 13:00:21 +02:00
parent 613053e46c
commit 08c0d7a9ec
2 changed files with 19 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

14
backend/apps/web/routers/auths.py
View file

@ -23,6 +23,7 @@ from utils.utils import (
get_password_hash, get_password_hash,
get_current_user, get_current_user,
create_token, create_token,
verify_auth_token,
) )
from utils.misc import get_gravatar_url from utils.misc import get_gravatar_url
from constants import ERROR_MESSAGES from constants import ERROR_MESSAGES
@ -35,7 +36,7 @@ router = APIRouter()
############################ ############################
@router.get("/", response_model=UserResponse) @router.get("/", response_model=UserResponse, dependencies=[Depends(verify_auth_token)])
async def get_session_user(user=Depends(get_current_user)): async def get_session_user(user=Depends(get_current_user)):
return { return {
"id": user.id, "id": user.id,
@ -51,11 +52,12 @@ async def get_session_user(user=Depends(get_current_user)):
############################ ############################
@router.post("/update/password", response_model=bool) @router.post(
async def update_password(form_data: UpdatePasswordForm, cred=Depends(bearer_scheme)): "/update/password", response_model=bool, dependencies=[Depends(verify_auth_token)]
token = cred.credentials )
session_user = Users.get_user_by_token(token) async def update_password(
form_data: UpdatePasswordForm, session_user=Depends(get_current_user)
):
if session_user: if session_user:
user = Auths.authenticate_user(session_user.email, form_data.password) user = Auths.authenticate_user(session_user.email, form_data.password)

31
backend/apps/web/routers/users.py
View file

@ -62,34 +62,25 @@ async def update_user_role(
@router.delete("/{user_id}", response_model=bool) @router.delete("/{user_id}", response_model=bool)
async def delete_user_by_id(user_id: str, cred=Depends(bearer_scheme)): async def delete_user_by_id(user_id: str, user=Depends(get_current_user)):
token = cred.credentials if user.role == "admin":
user = Users.get_user_by_token(token) if user.id != user_id:
result = Auths.delete_auth_by_id(user_id)
if user: if result:
if user.role == "admin": return True
if user.id != user_id:
result = Auths.delete_auth_by_id(user_id)
if result:
return True
else:
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=ERROR_MESSAGES.DELETE_USER_ERROR,
)
else: else:
raise HTTPException( raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=ERROR_MESSAGES.ACTION_PROHIBITED, detail=ERROR_MESSAGES.DELETE_USER_ERROR,
) )
else: else:
raise HTTPException( raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, status_code=status.HTTP_403_FORBIDDEN,
detail=ERROR_MESSAGES.ACCESS_PROHIBITED, detail=ERROR_MESSAGES.ACTION_PROHIBITED,
) )
else: else:
raise HTTPException( raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED, status_code=status.HTTP_403_FORBIDDEN,
detail=ERROR_MESSAGES.INVALID_TOKEN, detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
) )