o ưi,0 @s,dZddlZddlZddlmZmZmZddlmZddl Z ddl m Z m Z ddl mZmZmZmZmZmZmZddlmZddlmZdd lmZdd lmZmZdd lmZdd l m!Z!d ee"de#e"e"ffddZ$GdddZ%de"de"d ee"deede%f ddZ&de%de'de(de!fddZ)dS)z Login utilities for handling user authentication in the proxy server. This module contains the core login logic that can be reused across different login endpoints (e.g., /login and /v2/login). N)LiteralOptionalcast) HTTPException)LITELLM_PROXY_ADMIN_NAMELITELLM_UI_SESSION_DURATION)LiteLLM_UserTableLitellmUserRolesProxyErrorTypesProxyExceptionUpdateUserRequestUserAPIKeyAuth hash_token) user_update)generate_key_helper_fn),get_disabled_non_admin_personal_key_creation) PrismaClientget_server_root_path)get_secret_bool)ReturnedUITokenObject master_keyreturncCsVtdd}tdd}|dur|durt|nd}|dur'tdtjddd||fS)aU Get UI username and password from environment variables or master key. Args: master_key: Master key for the proxy (used as fallback for password) Returns: tuple[str, str]: A tuple containing (ui_username, ui_password) Raises: ProxyException: If neither UI_PASSWORD nor master_key is available Z UI_USERNAMEZadminZ UI_PASSWORDNzset Proxy master key to use UI. https://docs.litellm.ai/docs/proxy/virtual_keys. If set, use `--detailed_debug` to debug issue.messagetypeparamcode)osgetenvstrr r auth_error)r ui_username ui_passwordr$U/home/app/Keep/.python/lib/python3.10/site-packages/litellm/proxy/auth/login_utils.pyget_ui_credentials%s r&c @sleZdZUdZeed<eed<eeed<eed<eded< d dededeedededf d d Zd S) LoginResultz8Result object containing authentication data from login.user_idkey user_email user_role)Zssousername_password login_methodr,cCs"||_||_||_||_||_dS)Nr(r)r*r+r-)selfr(r)r*r+r-r$r$r%__init__Is  zLoginResult.__init__N)r,) __name__ __module__ __qualname____doc__r __annotations__rrr0r$r$r$r%r'@s&   r'usernamepassword prisma_clientc s|durtdtjdddt|\}}d}d}|dur1ttt|jjj d|ddid IdH} t | d | d rt | d | d rt j}t}t} td ddur`tjd |ksd|tkrjtd t} tt| |d tt jd dIdHtddurtd)ddit jttjgiid| dd IdH} n tdtjddd| d} tdrddlm} d} |dur|} n |durt||gtjd} | durtdddid| | } t|| d|ddS|durs t |d d!}t |d"t j!}t |dd!}t |d#d!}|durtd$tjd#ddt"|d%}t | d | d s.t | d | d rgtddurNtd)ddi|ttjgiid|dd IdH} n tdtjddd| d} t|| |tt#|ddStd&|tjd'ddtd(tjd'dd)*ap Authenticate a user and generate an API key for UI access. This function handles two login scenarios: 1. Admin login using UI_USERNAME and UI_PASSWORD 2. User login using email and password from database Args: username: Username or email from the login form password: Password from the login form master_key: Master key for the proxy (required) prisma_client: Prisma database client (optional) Returns: LoginResult: Object containing authentication data Raises: ProxyException: If authentication fails or required configuration is missing NzMaster Key not set for Proxy. Please set Master Key to use Admin UI. Set `LITELLM_MASTER_KEY` in .env or set general_settings:master_key in config.yaml. https://docs.litellm.ai/docs/proxy/virtual_keys. If set, use `--detailed_debug` to debug issue.rrrr*Z insensitive)equalsmode)wherezutf-8ZPROXY_ADMIN_ID)r(r+)r+)dataZuser_api_key_dictZ DATABASE_URLZ request_typer)rzlitellm-dashboard) r+durationZkey_max_budgetmodelsaliasesconfigZspendr(Zteam_idz_No Database connected. Set DATABASE_URL in .env. If set, use `--detailed_debug` to debug issue.tokenZEXPERIMENTAL_UI_LOGIN)ExperimentalUIJWTToken)r(r+r>Z max_budgetierrorz6User Information is required for experimental UI login) status_codedetailr,r.r(unknownr+r7zPUser has no password set. Please set a password for the user via `/user/update`.)rAzAInvalid credentials used to access UI. Not valid credentials for Zinvalid_credentialszVInvalid credentials used to access UI. Check 'UI_USERNAME', 'UI_PASSWORD' in .env filer$)$r r r!r&rrrdbZlitellm_usertableZ find_firstsecretscompare_digestencoder Z PROXY_ADMINrrrenvironrr r rrlitellmZmax_ui_session_budgetrZlitellm.proxy.auth.auth_checksrBrZ(get_experimental_ui_login_jwt_auth_tokenr'getattrZINTERNAL_USER_VIEW_ONLYrr )r6r7rr8r"r#Z _user_rowr+r(Z key_user_idresponser)rBZ user_infor*Z _passwordZ hash_passwordr$r$r%authenticate_userXs2              rO login_resultgeneral_settings premium_userc Cs4t}t|j|j|j|j|j||dd|td S)aG Create a ReturnedUITokenObject from a LoginResult. Args: login_result: The result from authenticate_user general_settings: General proxy settings dictionary premium_user: Whether premium features are enabled Returns: ReturnedUITokenObject: Token object ready for JWT encoding Zlitellm_key_header_name Authorization) r(r)r*r+r-rRZauth_header_name(disabled_non_admin_personal_key_creationZserver_root_path) rrr(r)r*r+r-getr)rPrQrRrTr$r$r%create_ui_token_object6srV)*r4rrHtypingrrrZfastapirrLZlitellm.constantsrrZlitellm.proxy._typesrr r r r r rZ:litellm.proxy.management_endpoints.internal_user_endpointsrZ;litellm.proxy.management_endpoints.key_management_endpointsrZ)litellm.proxy.management_endpoints.ui_ssorZlitellm.proxy.utilsrrZlitellm.secret_managers.mainrZlitellm.types.proxy.ui_ssorr tupler&r'rOdictboolrVr$r$r$r%sJ $     _