Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication Loop #3438

Closed
konradbjk opened this issue Aug 19, 2024 · 3 comments
Closed

Authentication Loop #3438

konradbjk opened this issue Aug 19, 2024 · 3 comments
Labels
bug Something isn't working

Comments

@konradbjk
Copy link

Bug Description

Once I upgraded to v1.0.15 my docker instalaltion (with postgres16) I have been unable to login to the langflow. There was some loop of authentication, that was ending with 400 error stating, that I need to enable AUTO_LOGIN. When giving incorrect credentials, the behaviour is different, it shows right away that the credentials are wrong.

Downgrading to 1.0.14 is a workaround

Reproduction

  1. pull 1.0.15 docker image
  2. Fill in env file
  3. spin it up
  4. try to login

Expected behavior

I can login with my superuser credentials

Who can help?

@anovazzi1 @Cristhianzl @lucaseduoli @igorrCarvalho

Operating System

Ubuntu 24 LTS on Azure VM

Langflow Version

1.0.15

Python Version

3.12

Screenshot

My .env

POSTGRES_USER=...
POSTGRES_PASSWORD=...
POSTGRES_DB=langflow

DO_NOT_TRACK=true
LANGFLOW_AUTO_LOGIN=False
LANGFLOW_SUPERUSER=...
LANGFLOW_SUPERUSER_PASSWORD=...
LANGFLOW_STORE_ENVIRONMENT_VARIABLES=true
LANGFLOW_SECRET_KEY=...
LANGFLOW_DATABASE_URL=postgresql://...:...@postgres:5432/langflow

my compose file

services:
  langflow:
    image: langflowai/langflow:1.0.14
    ports:
      - "80:7860"
    depends_on:
      - postgres
    env_file: ".env"
    volumes:
      - langflow-data:/app/langflow
      - langflow-config:/app/config
    networks:
      - node-network

  postgres:
    image: postgres:16
    hostname: postgres
    env_file: ".env"
    volumes:
      - langflow-postgres:/var/lib/postgresql/data
    networks:
      - node-network

volumes:
  langflow-postgres:
  langflow-data:
  langflow-config:

networks:
  node-network:
    driver: bridge

Flow File

No response
@konradbjk konradbjk added the bug Something isn't working label Aug 19, 2024
@konradbjk konradbjk mentioned this issue Aug 19, 2024
Closed
@dosubot DosuBot
Copy link

dosubot bot commented Aug 19, 2024

To resolve the authentication loop issue in Langflow version 1.0.15 with a Docker installation using PostgreSQL 16, you should enable the AUTO_LOGIN setting. This setting allows automatic login without requiring user credentials. Here is how you can enable AUTO_LOGIN:

  1. Ensure that the LANGFLOW_AUTO_LOGIN environment variable is set to True in your settings configuration. By default, this variable is set to True, which means automatic login is enabled.

  2. If incorrect credentials are provided, the system should raise an HTTP_401_UNAUTHORIZED error with the message "Incorrect username or password".

Here is the relevant code snippet from src/backend/base/langflow/api/v1/login.py:

@router.get("/auto_login")
async def auto_login(
    response: Response,
    db: Session = Depends(get_session),
    settings_service=Depends(get_settings_service),
):
    auth_settings = settings_service.auth_settings
    if settings_service.auth_settings.AUTO_LOGIN:
        user_id, tokens = create_user_longterm_token(db)
        response.set_cookie(
            "access_token_lf",
            tokens["access_token"],
            httponly=auth_settings.ACCESS_HTTPONLY,
            samesite=auth_settings.ACCESS_SAME_SITE,
            secure=auth_settings.ACCESS_SECURE,
            expires=None,  # Set to None to make it a session cookie
            domain=auth_settings.COOKIE_DOMAIN,
        )

        return tokens

    raise HTTPException(
        status_code=status.HTTP_400_BAD_REQUEST,
        detail={
            "message": "Auto login is disabled. Please enable it in the settings",
            "auto_login": False,
        },
    )

To handle incorrect credentials, the following part of the login_to_get_access_token function ensures that an HTTP_401_UNAUTHORIZED error is raised:

@router.post("/login", response_model=Token)
async def login_to_get_access_token(
    response: Response,
    form_data: OAuth2PasswordRequestForm = Depends(),
    db: Session = Depends(get_session),
    settings_service=Depends(get_settings_service),
    variable_service: VariableService = Depends(get_variable_service),
):
    auth_settings = settings_service.auth_settings
    try:
        user = authenticate_user(form_data.username, form_data.password, db)
    except Exception as exc:
        if isinstance(exc, HTTPException):
            raise exc
        raise HTTPException(
            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
            detail=str(exc),
        ) from exc
    if user:
        tokens = create_user_tokens(user_id=user.id, db=db, update_last_login=True)
        response.set_cookie(
            "refresh_token_lf",
            tokens["refresh_token"],
            httponly=auth_settings.REFRESH_HTTPONLY,
            samesite=auth_settings.REFRESH_SAME_SITE,
            secure=auth_settings.REFRESH_SECURE,
            expires=auth_settings.REFRESH_TOKEN_EXPIRE_SECONDS,
            domain=auth_settings.COOKIE_DOMAIN,
        )
        response.set_cookie(
            "access_token_lf",
            tokens["access_token"],
            httponly=auth_settings.ACCESS_HTTPONLY,
            samesite=auth_settings.ACCESS_SAME_SITE,
            secure=auth_settings.ACCESS_SECURE,
            expires=auth_settings.ACCESS_TOKEN_EXPIRE_SECONDS,
            domain=auth_settings.COOKIE_DOMAIN,
        )
        variable_service.initialize_user_variables(user.id, db)
        create_default_folder_if_it_doesnt_exist(db, user.id)
        return tokens
    else:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Incorrect username or password",
            headers={"WWW-Authenticate": "Bearer"},
        )

Additionally, you can manage the LANGFLOW_AUTO_LOGIN and other related environment variables through the CLI command langflow run --env-file .env. Ensure that these environment variables are securely set in your deployment environment, for example, using Docker secrets or Kubernetes ConfigMaps/Secrets.

By ensuring AUTO_LOGIN is enabled and handling incorrect credentials properly, you should be able to resolve the authentication loop issue [1][2][3][4][5].

To continue talking to Dosu, mention @dosu.

@konradbjk konradbjk mentioned this issue Aug 19, 2024
Closed
@Cristhianzl Cristhianzl mentioned this issue Aug 21, 2024
Merged
@Cristhianzl
Copy link
Collaborator

Hi @konradbjk,

Could you please follow up on PR #3471? This PR should resolve any issues related to login using Langflow on Docker.

The fix will be included in version 1.0.16 of Langflow, so if you're using pip, I recommend waiting for the new release before updating to see if the issue persists. Alternatively, you can fork our main branch and use it locally.

Thank you!

@carlosrcoelho
Copy link
Contributor

#3471

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@konradbjk @Cristhianzl @carlosrcoelho