⌚ fix: Debounce setUserContext and Default State Param for OpenID Auth (#7559)

* fix: Add default random state parameter to OpenID auth request for providers that require it; ensure passport strategy uses it * ⌚ refactor: debounce setUserContext to avoid race condition * refactor: Update OpenID authentication to use randomState from openid-client * chore: linting in presetSettings type definition * chore: import order in ModelPanel * refactor: remove `isLegacyOutput` property from AnthropicClient since only used where defined, add latest models to non-legacy patterns, and remove from client cleanup * refactor: adjust grid layout in Parameters component for improved responsiveness * refactor: adjust grid layout in ModelPanel for improved display of model parameters * test: add cases for maxOutputTokens handling in Claude 4 Sonnet and Opus models * ci: mock loadCustomConfig in server tests and refactor OpenID route for improved authentication handling
2026-01-10 04:28:50 +01:00 · 2025-05-25 23:40:37 -04:00 · 2025-05-25 23:40:37 -04:00 · c68cc0a550
commit c68cc0a550
parent deb8a00e27
10 changed files with 90 additions and 48 deletions
--- a/api/server/cleanup.js
+++ b/api/server/cleanup.js
@ -140,9 +140,6 @@ function disposeClient(client) {
    if (client.useMessages !== undefined) {
      client.useMessages = null;
    }
-    if (client.isLegacyOutput !== undefined) {
-      client.isLegacyOutput = null;
-    }
    if (client.supportsCacheControl !== undefined) {
      client.supportsCacheControl = null;
    }
--- a/api/server/index.spec.js
+++ b/api/server/index.spec.js
@ -4,6 +4,10 @@ const request = require('supertest');
 const { MongoMemoryServer } = require('mongodb-memory-server');
 const mongoose = require('mongoose');

+jest.mock('~/server/services/Config/loadCustomConfig', () => {
+  return jest.fn(() => Promise.resolve({}));
+});
+
 describe('Server Configuration', () => {
  // Increase the default timeout to allow for Mongo cleanup
  jest.setTimeout(30_000);
--- a/api/server/routes/oauth.js
+++ b/api/server/routes/oauth.js
@ -1,6 +1,7 @@
 // file deepcode ignore NoRateLimitingForLogin: Rate limiting is handled by the `loginLimiter` middleware
 const express = require('express');
 const passport = require('passport');
+const { randomState } = require('openid-client');
 const {
  checkBan,
  logHeaders,
@ -9,8 +10,8 @@ const {
  checkDomainAllowed,
 } = require('~/server/middleware');
 const { setAuthTokens, setOpenIDAuthTokens } = require('~/server/services/AuthService');
-const { logger } = require('~/config');
 const { isEnabled } = require('~/server/utils');
+const { logger } = require('~/config');

 const router = express.Router();

@ -103,12 +104,12 @@ router.get(
 /**
 * OpenID Routes
 */
-router.get(
-  '/openid',
-  passport.authenticate('openid', {
+router.get('/openid', (req, res, next) => {
+  return passport.authenticate('openid', {
    session: false,
-  }),
-);
+    state: randomState(),
+  })(req, res, next);
+});

 router.get(
  '/openid/callback',