Skip to content

fix: remove basic auth #5680

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
yau-wd merged 5 commits into from
Apr 10, 2026
Merged

fix: remove basic auth #5680

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
0ebd93f
fix: remove basic auth
0xi4o Jan 27, 2026
293d577
Merge branch 'main' into fix/remove-basic-auth
yau-wd Jan 29, 2026
6db11db
Merge branch 'main' into fix/remove-basic-auth
yau-wd Jan 30, 2026
cb95f3f
Merge remote-tracking branch 'origin/main' into fix/remove-basic-auth
yau-wd Apr 10, 2026
5b8198b
Merge branch 'main' into fix/remove-basic-auth
yau-wd Apr 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion packages/server/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,6 @@
"csv-parser": "^3.0.0",
"dotenv": "^16.0.0",
"express": "^4.17.3",
"express-basic-auth": "^1.2.1",
"express-mysql-session": "^3.0.3",
"express-rate-limit": "^6.9.0",
"express-session": "^1.18.1",
Expand Down
21 changes: 0 additions & 21 deletions packages/server/src/enterprise/controllers/account.controller.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,27 +130,6 @@ export class AccountController {
}
}

public async getBasicAuth(req: Request, res: Response) {
if (process.env.FLOWISE_USERNAME && process.env.FLOWISE_PASSWORD) {
return res.status(StatusCodes.OK).json({
isUsernamePasswordSet: true
})
} else {
return res.status(StatusCodes.OK).json({
isUsernamePasswordSet: false
})
}
}

public async checkBasicAuth(req: Request, res: Response) {
const { username, password } = req.body
if (username === process.env.FLOWISE_USERNAME && password === process.env.FLOWISE_PASSWORD) {
return res.json({ message: 'Authentication successful' })
} else {
return res.json({ message: 'Authentication failed' })
}
}

public async delete(req: Request, res: Response, next: NextFunction) {
let queryRunner: QueryRunner | undefined
try {
Expand Down
4 changes: 0 additions & 4 deletions packages/server/src/enterprise/routes/account.route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,10 +32,6 @@ router.post('/reset-password', accountController.resetPassword)

router.post('/billing', accountController.createStripeCustomerPortalSession)

router.get('/basic-auth', accountController.getBasicAuth)

router.post('/basic-auth', accountController.checkBasicAuth)

router.delete('/delete', accountController.delete)

export default router
1 change: 0 additions & 1 deletion packages/server/src/utils/constants.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@ export const WHITELIST_URLS = [
'/api/v1/account/forgot-password',
'/api/v1/account/reset-password',
'/api/v1/account/confirm-email-change',
'/api/v1/account/basic-auth',
'/api/v1/loginmethod/default',
'/api/v1/pricing',
'/api/v1/user/test',
Expand Down
4 changes: 0 additions & 4 deletions packages/ui/src/api/account.api.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,6 @@ const forgotPassword = (body) => client.post('/account/forgot-password', body)
const resetPassword = (body) => client.post('/account/reset-password', body)
const getBillingData = () => client.post('/account/billing')
const logout = () => client.post('/account/logout')
const getBasicAuth = () => client.get('/account/basic-auth')
const checkBasicAuth = (body) => client.post('/account/basic-auth', body)
const deleteAccount = (body) => client.delete('/account/delete', { data: body })

export default {
Expand All @@ -23,7 +21,5 @@ export default {
forgotPassword,
resetPassword,
logout,
getBasicAuth,
checkBasicAuth,
deleteAccount
}
88 changes: 2 additions & 86 deletions packages/ui/src/views/organization/index.jsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import { useNavigate } from 'react-router-dom'
import { z } from 'zod/v3'

// material-ui
import { Alert, Box, Button, Chip, Divider, Icon, List, ListItemText, Stack, TextField, Typography } from '@mui/material'
import { Alert, Box, Button, Chip, Divider, Icon, List, ListItemText, Stack, Typography } from '@mui/material'

// project imports
import { StyledButton } from '@/ui-component/button/StyledButton'
Expand Down Expand Up @@ -91,17 +91,13 @@ const OrganizationSetupPage = () => {
const [confirmPassword, setConfirmPassword] = useState('')
const [username, setUsername] = useState('')
const [orgName, setOrgName] = useState('')
const [existingUsername, setExistingUsername] = useState('')
const [existingPassword, setExistingPassword] = useState('')

const [loading, setLoading] = useState(false)
const [authError, setAuthError] = useState('')
const [successMsg, setSuccessMsg] = useState(undefined)
const [requiresAuthentication, setRequiresAuthentication] = useState(false)

const loginApi = useApi(authApi.login)
const registerAccountApi = useApi(accountApi.registerAccount)
const getBasicAuthApi = useApi(accountApi.getBasicAuth)
const navigate = useNavigate()

const getDefaultProvidersApi = useApi(loginMethodApi.getDefaultLoginMethods)
Expand All @@ -120,26 +116,6 @@ const OrganizationSetupPage = () => {
setLoading(true)
setAuthError('')

// Check authentication first if required
if (requiresAuthentication) {
try {
const authResult = await accountApi.checkBasicAuth({
username: existingUsername,
password: existingPassword
})

if (!authResult || !authResult.data || authResult.data.message !== 'Authentication successful') {
setAuthError('Authentication failed. Please check your existing credentials.')
setLoading(false)
return
}
} catch (error) {
setAuthError('Authentication failed. Please check your existing credentials.')
setLoading(false)
return
}
}

// Proceed with registration after successful authentication
const body = {
user: {
Expand Down Expand Up @@ -179,17 +155,9 @@ const OrganizationSetupPage = () => {
// eslint-disable-next-line react-hooks/exhaustive-deps
}, [registerAccountApi.error])

useEffect(() => {
if (getBasicAuthApi.data && getBasicAuthApi.data.isUsernamePasswordSet === true) {
setRequiresAuthentication(true)
}
}, [getBasicAuthApi.data])

useEffect(() => {
if (!isOpenSource) {
getDefaultProvidersApi.request()
} else {
getBasicAuthApi.request()
}
// eslint-disable-next-line react-hooks/exhaustive-deps
}, [])
Expand Down Expand Up @@ -270,60 +238,13 @@ const OrganizationSetupPage = () => {
<Stack sx={{ gap: 1 }}>
<Typography variant='h1'>Setup Account</Typography>
</Stack>
{requiresAuthentication && (
<Alert severity='info'>
Application authentication now requires email and password. Contact administrator to setup an account.
</Alert>
)}
{(isOpenSource || isEnterpriseLicensed) && (
<Typography variant='caption'>
Account setup does not make any external connections, your data stays securely on your locally hosted server.
</Typography>
)}
<form onSubmit={register}>
<Stack sx={{ width: '100%', flexDirection: 'column', alignItems: 'left', justifyContent: 'center', gap: 2 }}>
{requiresAuthentication && (
<>
<Box>
<div style={{ display: 'flex', flexDirection: 'row' }}>
<Typography sx={{ mb: 1 }}>
Existing Username<span style={{ color: 'red' }}>&nbsp;*</span>
</Typography>
<div style={{ flexGrow: 1 }}></div>
</div>
<TextField
fullWidth
placeholder='Existing Username'
value={existingUsername}
onChange={(e) => setExistingUsername(e.target.value)}
/>
<Typography variant='caption'>
<i>Existing username that was set as FLOWISE_USERNAME environment variable</i>
</Typography>
</Box>
<Box>
<div style={{ display: 'flex', flexDirection: 'row' }}>
<Typography sx={{ mb: 1 }}>
Existing Password<span style={{ color: 'red' }}>&nbsp;*</span>
</Typography>
<div style={{ flexGrow: 1 }}></div>
</div>
<TextField
fullWidth
type='password'
placeholder='Existing Password'
value={existingPassword}
onChange={(e) => setExistingPassword(e.target.value)}
/>
<Typography variant='caption'>
<i>Existing password that was set as FLOWISE_PASSWORD environment variable</i>
</Typography>
</Box>
<Divider>
<Chip label='New Account Details' size='small' />
</Divider>
</>
)}
{isEnterpriseLicensed && (
<>
<Box>
Expand Down Expand Up @@ -415,12 +336,7 @@ const OrganizationSetupPage = () => {
<i>Reconfirm your password. Must match the password typed above.</i>
</Typography>
</Box>
<StyledButton
variant='contained'
style={{ borderRadius: 12, height: 40, marginRight: 5 }}
type='submit'
disabled={requiresAuthentication && (!existingUsername || !existingPassword)}
>
<StyledButton variant='contained' style={{ borderRadius: 12, height: 40, marginRight: 5 }} type='submit'>
Sign Up
</StyledButton>
{configuredSsoProviders && configuredSsoProviders.length > 0 && <Divider sx={{ width: '100%' }}>OR</Divider>}
Expand Down
18 changes: 0 additions & 18 deletions pnpm-lock.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading