mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-16 14:39:31 -05:00
[PR #23626] [MERGED] fix: prevent first-user admin race in LDAP and OAuth registration #114595
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/open-webui/open-webui/pull/23626
Author: @Classic298
Created: 4/12/2026
Status: ✅ Merged
Merged: 4/12/2026
Merged by: @tjbck
Base:
dev← Head:fix/first-user-admin-race📝 Commits (1)
7ae8b0bfix: prevent first-user admin race in LDAP and OAuth registration📊 Changes
2 files changed (+25 additions, -6 deletions)
View changed files
📝
backend/open_webui/routers/auths.py(+9 -3)📝
backend/open_webui/utils/oauth.py(+16 -3)📄 Description
Both LDAP and OAuth registration checked user count before insert to determine whether to assign admin role. With multiple workers, concurrent first-user registrations could each see zero users and both create admin accounts.
Applies the insert-first-check-after pattern already used by signup_handler: insert with DEFAULT_USER_ROLE, then atomically check get_num_users()==1 and promote only the sole user to admin.
Contributor License Agreement
🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.