7 月之前 · dc92178641
--- a/backend/open_webui/apps/webui/main.py
+++ b/backend/open_webui/apps/webui/main.py
@@ -32,6 +32,8 @@ from open_webui.config import (
 
				     ENABLE_MESSAGE_RATING,
			
 
				     ENABLE_SIGNUP,
			
 
				     JWT_EXPIRES_IN,
			
 
				+    ENABLE_OAUTH_ROLE_MAPPING,
			
 
				+    OAUTH_ROLES_CLAIM,
			
 
				     OAUTH_EMAIL_CLAIM,
			
 
				     OAUTH_PICTURE_CLAIM,
			
 
				     OAUTH_USERNAME_CLAIM,
			
@@ -93,6 +95,9 @@ app.state.config.OAUTH_USERNAME_CLAIM = OAUTH_USERNAME_CLAIM
 
				 app.state.config.OAUTH_PICTURE_CLAIM = OAUTH_PICTURE_CLAIM
			
 
				 app.state.config.OAUTH_EMAIL_CLAIM = OAUTH_EMAIL_CLAIM
			
 
				 
			
 
				+app.state.config.ENABLE_OAUTH_ROLE_MAPPING = ENABLE_OAUTH_ROLE_MAPPING
			
 
				+app.state.config.OAUTH_ROLES_CLAIM = OAUTH_ROLES_CLAIM
			
 
				+
			
 
				 app.state.MODELS = {}
			
 
				 app.state.TOOLS = {}
			
 
				 app.state.FUNCTIONS = {}
			
--- a/backend/open_webui/config.py
+++ b/backend/open_webui/config.py
@@ -278,18 +278,6 @@ ENABLE_OAUTH_SIGNUP = PersistentConfig(
 
				     os.environ.get("ENABLE_OAUTH_SIGNUP", "False").lower() == "true",
			
 
				 )
			
 
				 
			
 
				-ENABLE_OAUTH_ROLE_MAPPING = PersistentConfig(
			
 
				-    "ENABLE_OAUTH_ROLE_MAPPING",
			
 
				-    "oauth.enable_role_mapping",
			
 
				-    os.environ.get("ENABLE_OAUTH_ROLE_MAPPING", "False").lower() == "true",
			
 
				-)
			
 
				-
			
 
				-OAUTH_ROLES_CLAIM = PersistentConfig(
			
 
				-    "OAUTH_ROLES_CLAIM",
			
 
				-    "oauth.roles_claim",
			
 
				-    os.environ.get("OAUTH_ROLES_CLAIM", "roles"),
			
 
				-)
			
 
				-
			
 
				 OAUTH_MERGE_ACCOUNTS_BY_EMAIL = PersistentConfig(
			
 
				     "OAUTH_MERGE_ACCOUNTS_BY_EMAIL",
			
 
				     "oauth.merge_accounts_by_email",
			
@@ -395,7 +383,7 @@ OAUTH_USERNAME_CLAIM = PersistentConfig(
 
				 )
			
 
				 
			
 
				 OAUTH_PICTURE_CLAIM = PersistentConfig(
			
 
				-    "OAUTH_USERNAME_CLAIM",
			
 
				+    "OAUTH_PICTURE_CLAIM",
			
 
				     "oauth.oidc.avatar_claim",
			
 
				     os.environ.get("OAUTH_PICTURE_CLAIM", "picture"),
			
 
				 )
			
@@ -406,6 +394,18 @@ OAUTH_EMAIL_CLAIM = PersistentConfig(
 
				     os.environ.get("OAUTH_EMAIL_CLAIM", "email"),
			
 
				 )
			
 
				 
			
 
				+ENABLE_OAUTH_ROLE_MAPPING = PersistentConfig(
			
 
				+    "ENABLE_OAUTH_ROLE_MAPPING",
			
 
				+    "oauth.enable_role_mapping",
			
 
				+    os.environ.get("ENABLE_OAUTH_ROLE_MAPPING", "False").lower() == "true",
			
 
				+)
			
 
				+
			
 
				+OAUTH_ROLES_CLAIM = PersistentConfig(
			
 
				+    "OAUTH_ROLES_CLAIM",
			
 
				+    "oauth.roles_claim",
			
 
				+    os.environ.get("OAUTH_ROLES_CLAIM", "roles"),
			
 
				+)
			
 
				+
			
 
				 
			
 
				 def load_oauth_providers():
			
 
				     OAUTH_PROVIDERS.clear()
			
--- a/backend/open_webui/main.py
+++ b/backend/open_webui/main.py
@@ -2249,7 +2249,7 @@ async def oauth_callback(provider: str, request: Request, response: Response):
 
				         role = user.role
			
 
				         if Users.get_num_users() == 1:
			
 
				             role = "admin"
			
 
				-        elif webui_app.state.config.ENABLE_OAUTH_ROLE_MAPPING:
			
 
				+        elif webui_app.state.config.ENABLE_OAUTH_ROLE_MAPPING.value:
			
 
				             oauth_roles = user_data.get(webui_app.state.config.OAUTH_ROLE_CLAIM)
			
 
				             if oauth_roles:
			
 
				                 for allowed_role in ["pending", "user", "admin"]: