Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Basic Auth Support #1089

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add Basic Auth Support #1089

wants to merge 1 commit into from

Conversation

JustinMissmahl
Copy link

Adds username/password authentication mode for self-hosted instances that want to manage users manually without OAuth providers.

Changes:

Backend:

  • basic_auth.py: Login endpoint and metadata endpoint returning {"google": null}
  • state.py: Added controlled_access_mode flag
  • main.py: CLI flag and env var handling
  • configure.py: Router mounting and auth middleware

Frontend (loginPrompt.tsx):

  • Basic auth detection from metadata response
  • Username/password form with loading/error states
  • Works in both mobile/desktop views
  • Preserves existing OAuth/email flows

Usage:

  1. Enable controlled access mode via:

    • CLI: --controlled-access
    • ENV: KHOJ_CONTROLLED_ACCESS=true

  2. Initial admin credentials:

  3. Managing Users:

Security Notes:

  • Default admin should be changed after first login
  • Each user needs to be manually created by admin
  • No self-registration - controlled environment

Testing:

docker compose up  # Uses KHOJ_CONTROLLED_ACCESS=true
  1. Visit http://localhost:42110 - should show username/password form
  2. Login with admin credentials
  3. Create test user in admin panel
  4. Test login with new user

@JustinMissmahl
Add Basic Auth Support
5bb5d70 
Adds username/password authentication mode for self-hosted instances that want to manage users manually without OAuth providers.

Changes:

Backend:
- basic_auth.py: Login endpoint and metadata endpoint returning {"google": null}
- state.py: Added controlled_access_mode flag
- main.py: CLI flag and env var handling
- configure.py: Router mounting and auth middleware

Frontend (loginPrompt.tsx):
- Basic auth detection from metadata response
- Username/password form with loading/error states
- Works in both mobile/desktop views
- Preserves existing OAuth/email flows

Usage:
1. Enable controlled access mode via:
   - CLI: --controlled-access
   - ENV: KHOJ_CONTROLLED_ACCESS=true

2. Initial admin credentials:
   - Username: [email protected]
   - Password: admin

3. Managing Users:
   - Login as admin at http://localhost:42110/server/admin
   - Use Django admin interface to:
     * Create new users
     * Set passwords
     * Manage permissions
   - Users can then login with their credentials at http://localhost:42110

Security Notes:
- Default admin should be changed after first login
- Each user needs to be manually created by admin
- No self-registration - controlled environment

Testing:
```bash
docker compose up  # Uses KHOJ_CONTROLLED_ACCESS=true
```
1. Visit http://localhost:42110 - should show username/password form
2. Login with admin credentials
3. Create test user in admin panel
4. Test login with new user
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@JustinMissmahl