allow user who disable auth to use chat (#2548)

* allow user who disable auth to use chat * only check non user on verify session owner * fix import source * rollback 401 to 403 for unauthorized error due to unit test * change unauthenticated http code error to 401 and fix unit tests
2026-06-17 10:15:27 -04:00 · 2026-06-06 03:54:19 +07:00
parent fb3e89b011
commit 66599b02a2
4 changed files with 6 additions and 6 deletions
@@ -11,7 +11,7 @@ from core.session_manager import SessionManager
 from core.models import ChatMessage
 from src.request_models import SessionResponse
 from core.database import Session as DbSession, SessionLocal, Document, GalleryImage
-from src.auth_helpers import get_current_user, effective_user
+from src.auth_helpers import get_current_user, effective_user, _auth_disabled


 def _sanitize_export_filename(name: str) -> str:
@@ -106,8 +106,8 @@ def _verify_session_owner(request: Request, session_id: str, session_manager=Non
    that only care about persisted sessions keep their exact prior behavior.
    """
    user = effective_user(request)
-    if not user:
-        raise HTTPException(403, "Authentication required")
+    if not user and not _auth_disabled():
+        raise HTTPException(401, "Authentication required")
    db = SessionLocal()
    try:
        row = db.query(DbSession.owner).filter(DbSession.id == session_id).first()