highperfocused/danswer
1
0
Fork 0
mirror of https://github.com/danswer-ai/danswer.git synced 2025-09-20 13:05:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add support for multiple allowed email domains + make slack bot logs go to stdout

Browse Source
This commit is contained in:
Weves
2023-08-30 13:37:20 -07:00
committed by Chris Weaver
parent 038f646c09
commit cea3e1f3d5
5 changed files with 43 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
backend/danswer/auth/users.py
View File

@@ -40,7 +40,7 @@ from danswer.configs.app_configs import SMTP_PASS
from danswer.configs.app_configs import SMTP_PORT from danswer.configs.app_configs import SMTP_PORT
from danswer.configs.app_configs import SMTP_SERVER from danswer.configs.app_configs import SMTP_SERVER
from danswer.configs.app_configs import SMTP_USER from danswer.configs.app_configs import SMTP_USER
from danswer.configs.app_configs import VALID_EMAIL_DOMAIN from danswer.configs.app_configs import VALID_EMAIL_DOMAINS
from danswer.configs.app_configs import WEB_DOMAIN from danswer.configs.app_configs import WEB_DOMAIN
from danswer.db.auth import get_access_token_db from danswer.db.auth import get_access_token_db
from danswer.db.auth import get_user_count from danswer.db.auth import get_user_count
@@ -77,6 +77,21 @@ def verify_email_in_whitelist(email: str) -> None:
raise PermissionError("User not on allowed user whitelist") raise PermissionError("User not on allowed user whitelist")
def verify_email_domain(email: str) -> None:
if VALID_EMAIL_DOMAINS:
if email.count("@") != 1:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Email is not valid",
)
domain = email.split("@")[-1]
if domain not in VALID_EMAIL_DOMAINS:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Email domain is not valid",
)
def send_user_verification_email(user_email: str, token: str) -> None: def send_user_verification_email(user_email: str, token: str) -> None:
msg = MIMEMultipart() msg = MIMEMultipart()
msg["Subject"] = "Danswer Email Verification" msg["Subject"] = "Danswer Email Verification"
@@ -107,6 +122,7 @@ class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]):
request: Optional[Request] = None, request: Optional[Request] = None,
) -> models.UP: ) -> models.UP:
verify_email_in_whitelist(user_create.email) verify_email_in_whitelist(user_create.email)
verify_email_domain(user_create.email)
if hasattr(user_create, "role"): if hasattr(user_create, "role"):
user_count = await get_user_count() user_count = await get_user_count()
if user_count == 0: if user_count == 0:
@@ -129,6 +145,7 @@ class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]):
is_verified_by_default: bool = False, is_verified_by_default: bool = False,
) -> models.UOAP: ) -> models.UOAP:
verify_email_in_whitelist(account_email) verify_email_in_whitelist(account_email)
verify_email_domain(account_email)
return await super().oauth_callback( # type: ignore return await super().oauth_callback( # type: ignore
oauth_name=oauth_name, oauth_name=oauth_name,
@@ -155,18 +172,7 @@ class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]):
async def on_after_request_verify( async def on_after_request_verify(
self, user: User, token: str, request: Optional[Request] = None self, user: User, token: str, request: Optional[Request] = None
) -> None: ) -> None:
if VALID_EMAIL_DOMAIN: verify_email_domain(user.email)
if user.email.count("@") != 1:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Email is not valid",
)
domain = user.email.split("@")[-1]
if domain != VALID_EMAIL_DOMAIN:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Email domain is not valid",
)
logger.info( logger.info(
f"Verification requested for user {user.id}. Verification token: {token}" f"Verification requested for user {user.id}. Verification token: {token}"

17
backend/danswer/configs/app_configs.py
View File

@@ -45,7 +45,22 @@ SECRET = os.environ.get("SECRET", "")
SESSION_EXPIRE_TIME_SECONDS = int( SESSION_EXPIRE_TIME_SECONDS = int(
os.environ.get("SESSION_EXPIRE_TIME_SECONDS", 86400) os.environ.get("SESSION_EXPIRE_TIME_SECONDS", 86400)
) # 1 day ) # 1 day
VALID_EMAIL_DOMAIN = os.environ.get("VALID_EMAIL_DOMAIN", "")
# set `VALID_EMAIL_DOMAINS` to a comma seperated list of domains in order to
# restrict access to Danswer to only users with emails from those domains.
# E.g. `VALID_EMAIL_DOMAINS=example.com,example.org` will restrict Danswer
# signups to users with either an @example.com or an @example.org email.
# NOTE: maintaining `VALID_EMAIL_DOMAIN` to keep backwards compatibility
_VALID_EMAIL_DOMAIN = os.environ.get("VALID_EMAIL_DOMAIN", "")
_VALID_EMAIL_DOMAINS_STR = (
os.environ.get("VALID_EMAIL_DOMAINS", "") or _VALID_EMAIL_DOMAIN
)
VALID_EMAIL_DOMAINS = (
[domain.strip() for domain in _VALID_EMAIL_DOMAINS_STR.split(",")]
if _VALID_EMAIL_DOMAINS_STR
else []
)
# OAuth Login Flow # OAuth Login Flow
ENABLE_OAUTH = os.environ.get("ENABLE_OAUTH", "").lower() != "false" ENABLE_OAUTH = os.environ.get("ENABLE_OAUTH", "").lower() != "false"
OAUTH_TYPE = os.environ.get("OAUTH_TYPE", "google").lower() OAUTH_TYPE = os.environ.get("OAUTH_TYPE", "google").lower()

2
backend/supervisord.conf
View File

@@ -39,7 +39,7 @@ startsecs=60
# pushes all logs from the above programs to stdout # pushes all logs from the above programs to stdout
[program:log-redirect-handler] [program:log-redirect-handler]
command=tail -qF /var/log/update.log /var/log/connector_deletion.log /var/log/file_deletion.log command=tail -qF /var/log/update.log /var/log/connector_deletion.log /var/log/file_deletion.log /var/log/slack_bot_listener.log
stdout_logfile=/dev/stdout stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0 stdout_logfile_maxbytes=0
redirect_stderr=true redirect_stderr=true

1
deployment/docker_compose/docker-compose.dev.yml
View File

@@ -26,6 +26,7 @@ services:
- LOG_LEVEL=${LOG_LEVEL:-info} - LOG_LEVEL=${LOG_LEVEL:-info}
- DISABLE_AUTH=${DISABLE_AUTH:-True} - DISABLE_AUTH=${DISABLE_AUTH:-True}
- QA_TIMEOUT=${QA_TIMEOUT:-} - QA_TIMEOUT=${QA_TIMEOUT:-}
- VALID_EMAIL_DOMAINS=${VALID_EMAIL_DOMAINS:-}
- OAUTH_TYPE=${OAUTH_TYPE:-google} - OAUTH_TYPE=${OAUTH_TYPE:-google}
- OPENID_CONFIG_URL=${OPENID_CONFIG_URL:-} - OPENID_CONFIG_URL=${OPENID_CONFIG_URL:-}
- GOOGLE_OAUTH_CLIENT_ID=${GOOGLE_OAUTH_CLIENT_ID:-} - GOOGLE_OAUTH_CLIENT_ID=${GOOGLE_OAUTH_CLIENT_ID:-}

8
deployment/docker_compose/env.prod.template
View File

@@ -45,10 +45,14 @@ SECRET=
# How long before user needs to reauthenticate, default to 1 day. (cookie expiration time) # How long before user needs to reauthenticate, default to 1 day. (cookie expiration time)
SESSION_EXPIRE_TIME_SECONDS=86400 SESSION_EXPIRE_TIME_SECONDS=86400
# used to specify a list of allowed user domains
# e.g. `VALID_EMAIL_DOMAINS=example.com,example.org` will only allow users
# with an @example.com or an @example.org email
VALID_EMAIL_DOMAINS=
# Only relevant if using basic auth (not supported on frontend yet) # Only relevant if using basic auth (not supported on frontend yet)
REQUIRE_EMAIL_VERIFICATION=True REQUIRE_EMAIL_VERIFICATION=True
# The five settings below are only required if REQUIRE_EMAIL_VERIFICATION is True # The four settings below are only required if REQUIRE_EMAIL_VERIFICATION is True
VALID_EMAIL_DOMAIN=
SMTP_SERVER= SMTP_SERVER=
SMTP_PORT= SMTP_PORT=
SMTP_USER= SMTP_USER=