[PR #16720] [CLOSED] Feat/fix: enable initial signup and allow force display of login form with ENABLE_LOGIN_FORM=false #39849

New Issue

GiteaMirror · 2026-04-25T12:16:48-05:00

GiteaMirror commented

2026-04-25 12:16:48 -05:00

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/16720
Author: @DmitriyAlergant
Created: 8/19/2025
Status: ❌ Closed

Base: dev ← Head: feat/auth-bootstrap-enhancements

📝 Commits (7)

54caf70 Force display of login form via ?force_form=true URL param even if ENABLE_LOGIN_FORM is false. Also show login for for the initial first user signup even if ENABLE_LOGIN_FORM is false.
8f6d51d Allow first-time admin user signup even if ENABLE_LOGIN_FORM is false
890e411 fix: remove trailing whitespace in auth page
d04dca7 Merge branch 'dev' into feat/auth-bootstrap-enhancements
407dc9a Merge pull request #16507 from open-webui/dev
cfd2a19 Pull up to 0.6.23
34df5c7 Fix after merging in 0.6.23 (remove duplicate querystringValue declaration)

📊 Changes

2 files changed (+25 additions, -5 deletions)

View changed files

📝 backend/open_webui/routers/auths.py (+2 -1)
📝 src/routes/auth/+page.svelte (+23 -4)

📄 Description

Force display of login form via ?force_form=true URL param even if ENABLE_LOGIN_FORM is false
Allow for the initial first user signup even if ENABLE_LOGIN_FORM is false

Pull Request Checklist

Note to first-time contributors: Please open a discussion post in Discussions and describe your changes before submitting a pull request.

Before submitting, make sure you've checked the following:

Target branch: Please verify that the pull request targets the dev branch.
Description: Provide a concise description of the changes made in this pull request.
Changelog: Ensure a changelog entry following the format of Keep a Changelog is added at the bottom of the PR description.
Documentation: Have you updated relevant documentation Open WebUI Docs, or other documentation sources?
[n/a] Dependencies: Are there any new dependencies? Have you updated the dependency versions in the documentation?
Testing: Have you written and run sufficient tests to validate the changes?
Code review: Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards?
Prefix: To clearly categorize this pull request, prefix the pull request title using one of the following:
- feat: Introduces a new feature or enhancement to the codebase
- fix: Bug fix or error correction

Changelog Entry

Description

Allows forceful invocation of a Login Form via url query parameter ?force_form=true in situation where the login form is generally disabled (and users normally rely on SSO/OAuth). Sometimes an admin still needs to log in manually using login/password. This is a frontend-only change not impacting security The /signin API always worked even if the form was disabled, so it was always possible to bypass the form and login via curl get a token and store it in the browser, just inconvenient.
Displays login form for the initial first user setup AND allow the /signup process to go through even if if the form is normally disabled by ENABLE_LOGIN_FORM=false. First admin user setup is essential for proper OpenWebUI initialization especially in scripted deployment scenarios e.g. to create its API key. Until now, the admin user could not be created (neither manually nor by a scripted curl request) if the login form was disabled via the env var, which complicated the initial deployment (basically had to start with ENABLE_LOGIN_FORM=true, signup the initial admin user, then change ENABLE_LOGIN_FORM=false). This is a backend change.

Changed

Changed login Form (username/password) and initial first-user sign-up form display conditions, allowing to see the form in some conditions even if the form is normally disabled by ENABLE_LOGIN_FORM=false.

Changed /signup route to allow initial admin user creation even when ENABLE_LOGIN_FORM=false.

Contributor License Agreement

By submitting this pull request, I confirm that I have read and fully agree to the Contributor License Agreement (CLA), and I am providing my contributions under its terms.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/16720 **Author:** [@DmitriyAlergant](https://github.com/DmitriyAlergant) **Created:** 8/19/2025 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `feat/auth-bootstrap-enhancements` --- ### 📝 Commits (7) - [`54caf70`](https://github.com/open-webui/open-webui/commit/54caf708c19f09075bfd614bb9e6adfc17a07a42) Force display of login form via ?force_form=true URL param even if ENABLE_LOGIN_FORM is false. Also show login for for the initial first user signup even if ENABLE_LOGIN_FORM is false. - [`8f6d51d`](https://github.com/open-webui/open-webui/commit/8f6d51decb16627a7613a781ea5dbdf7d58e8d5c) Allow first-time admin user signup even if ENABLE_LOGIN_FORM is false - [`890e411`](https://github.com/open-webui/open-webui/commit/890e41177a8bb39be64b8027b5fe269a86361d58) fix: remove trailing whitespace in auth page - [`d04dca7`](https://github.com/open-webui/open-webui/commit/d04dca7cccae74a8e6e85ecb1afaabd8502dd070) Merge branch 'dev' into feat/auth-bootstrap-enhancements - [`407dc9a`](https://github.com/open-webui/open-webui/commit/407dc9a401fc2382df06d776dbd8ba95dffda38a) Merge pull request #16507 from open-webui/dev - [`cfd2a19`](https://github.com/open-webui/open-webui/commit/cfd2a1936379e51d264b103dc5be71e43d0eebb6) Pull up to 0.6.23 - [`34df5c7`](https://github.com/open-webui/open-webui/commit/34df5c7f76f145dad1552dbb70cb757556923111) Fix after merging in 0.6.23 (remove duplicate querystringValue declaration) ### 📊 Changes **2 files changed** (+25 additions, -5 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/routers/auths.py` (+2 -1) 📝 `src/routes/auth/+page.svelte` (+23 -4) </details> ### 📄 Description 1) Force display of login form via ?force_form=true URL param even if ENABLE_LOGIN_FORM is false 2) Allow for the initial first user signup even if ENABLE_LOGIN_FORM is false # Pull Request Checklist ### Note to first-time contributors: Please open a discussion post in [Discussions](https://github.com/open-webui/open-webui/discussions) and describe your changes before submitting a pull request. **Before submitting, make sure you've checked the following:** - [x] **Target branch:** Please verify that the pull request targets the `dev` branch. - [x] **Description:** Provide a concise description of the changes made in this pull request. - [x] **Changelog:** Ensure a changelog entry following the format of [Keep a Changelog](https://keepachangelog.com/) is added at the bottom of the PR description. - [ ] **Documentation:** Have you updated relevant documentation [Open WebUI Docs](https://github.com/open-webui/docs), or other documentation sources? - [n/a] **Dependencies:** Are there any new dependencies? Have you updated the dependency versions in the documentation? - [x] **Testing:** Have you written and run sufficient tests to validate the changes? - [x] **Code review:** Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards? - [x] **Prefix:** To clearly categorize this pull request, prefix the pull request title using one of the following: - **feat**: Introduces a new feature or enhancement to the codebase - **fix**: Bug fix or error correction # Changelog Entry ### Description 1) Allows forceful invocation of a Login Form via url query parameter ?force_form=true in situation where the login form is generally disabled (and users normally rely on SSO/OAuth). Sometimes an admin still needs to log in manually using login/password. This is a frontend-only change not impacting security The /signin API always worked even if the form was disabled, so it was always possible to bypass the form and login via curl get a token and store it in the browser, just inconvenient. 2) Displays login form for the initial first user setup AND allow the /signup process to go through even if if the form is normally disabled by ENABLE_LOGIN_FORM=false. First admin user setup is essential for proper OpenWebUI initialization especially in scripted deployment scenarios e.g. to create its API key. Until now, the admin user could not be created (neither manually nor by a scripted curl request) if the login form was disabled via the env var, which complicated the initial deployment (basically had to start with ENABLE_LOGIN_FORM=true, signup the initial admin user, then change ENABLE_LOGIN_FORM=false). This is a backend change. ### Changed Changed login Form (username/password) and initial first-user sign-up form display conditions, allowing to see the form in some conditions even if the form is normally disabled by ENABLE_LOGIN_FORM=false. Changed /signup route to allow initial admin user creation even when ENABLE_LOGIN_FORM=false. ### Contributor License Agreement By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2026-04-25 12:16:48 -05:00

GiteaMirror closed this issue

2026-04-25 12:16:48 -05:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#39849