Merge pull request #14152 from U8F69/fix_user_auth

fix(auth): correctly use password hash when duplicate email records exist

backend/open_webui/models/auths.py

@@ -129,12 +129,16 @@ class AuthsTable:
 
     def authenticate_user(self, email: str, password: str) -> Optional[UserModel]:
         log.info(f"authenticate_user: {email}")
+
+        user = Users.get_user_by_email(email)
+        if not user:
+            return None
+
         try:
             with get_db() as db:
-                auth = db.query(Auth).filter_by(email=email, active=True).first()
+                auth = db.query(Auth).filter_by(id=user.id, active=True).first()
                 if auth:
                     if verify_password(password, auth.password):
-                        user = Users.get_user_by_id(auth.id)
                         return user
                     else:
                         return None

backend/open_webui/retrieval/web/searchapi.py

@@ -42,7 +42,9 @@ def search_searchapi(
         results = get_filtered_results(results, filter_list)
     return [
         SearchResult(
-            link=result["link"], title=result.get("title"), snippet=result.get("snippet")
+            link=result["link"],
+            title=result.get("title"),
+            snippet=result.get("snippet"),
         )
         for result in results[:count]
     ]

backend/open_webui/retrieval/web/serpapi.py

@@ -42,7 +42,9 @@ def search_serpapi(
         results = get_filtered_results(results, filter_list)
     return [
         SearchResult(
-            link=result["link"], title=result.get("title"), snippet=result.get("snippet")
+            link=result["link"],
+            title=result.get("title"),
+            snippet=result.get("snippet"),
         )
         for result in results[:count]
     ]