search

JuristAI-Legal-Software / Chatbot

Chatbot functionality for various products
https://librechat.ai/
MIT License
0 stars 0 forks source link

Enhancement: Bypass Librechat Login #18

Closed AliSMAmin closed 1 month ago

AliSMAmin commented 2 months ago

What features would you like to see added?

Discovery:

The current implementation of LibreChat includes a login step that needs to be bypassed programmatically or disabled entirely to streamline the user experience and automatically link chats to specific users and cases. Problem Definition:

Users need to manually log in to LibreChat to access their chat sessions. However, the application requires the chat to be immediately available without any login step, relying on the system to programmatically authenticate and redirect users directly to their personalized or case-specific chat instance. Motivations:

Bypassing or disabling the login in LibreChat will provide a smoother user experience by eliminating unnecessary steps and ensuring that users are directly connected to their chat instances upon access. This will reduce friction in user interaction with the chat system. Proposed Solution:

Bypass the LibreChat login step programmatically by authenticating users through the main system and directly linking their sessions to their assigned chat instances.
Alternatively, disable the login functionality in LibreChat entirely and integrate it with the main authentication layer of the application.
Ensure that when a user accesses their chat URL, they are seamlessly redirected to the correct chat instance without any login prompts.

Definition of Done:

The login step is successfully bypassed or disabled in LibreChat. Users are programmatically authenticated and directly connected to their user or case-specific chat instances. Authentication happens securely and correctly through the main application, without exposing vulnerabilities. Tested to ensure that users are always redirected to the correct chat instance without needing to log in manually.

More details

Example Scenario (BDD):

Feature: Programmatically bypass LibreChat login As a developer, I want to bypass or disable the login process in LibreChat, so that users can access their chat instances directly without the need to log in. Scenario 1: Bypassing the login for user chat

Given a user accesses their chat via chat.atticusai.org/user/ID/threadID, When they arrive at the chat page, Then the system authenticates the user programmatically, And the user is connected directly to their chat instance without needing to log in. Scenario 2: Bypassing the login for case-specific chat

Given a user accesses their case-specific chat via chat.atticusai.org/user/ID/case/ID/threadID, When they arrive at the case chat page, Then the system authenticates the user programmatically, And the user is connected directly to the case-specific chat without a login prompt. Scenario 3: Disabling the login entirely

Given LibreChat is integrated with the main application, When a user accesses any chat instance, Then the login screen is disabled or skipped entirely, And the user is authenticated automatically via the main application's authentication layer. Scenario 4: Ensuring security while bypassing login

Given login has been bypassed, When a user accesses their chat, Then the system verifies the user's authentication status securely, And ensures that unauthorized access is prevented.

Which components are impacted by your request?

No response

Pictures

No response

Code of Conduct

tomasvalererealms commented 1 month ago

time 4

I've included the user creation logic and updated the environment variables to allow a longer expiration time. Will proceed to generate a docker image with the changes and deploy into ECS

tomasvalererealms commented 1 month ago

This issue also affected the creation of the user when does not exist