litellm icon indicating copy to clipboard operation
litellm copied to clipboard
verified publisher icon BerriAI

[Bug]: UI ignoring master key

Open VfBfoerst opened this issue 1 year ago • 10 comments

What happened?

In the UI, I login via Username: admin and password: master key which is set in the config.yaml:

general_settings:
  master_key: sk-1234

But I receive a lot of unauthorized messages from the ui which stat that master key must be used:
image

I already use it.

Relevant log output

Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/litellm/proxy/proxy_server.py", line 1057, in user_api_key_auth
    raise Exception(
Exception: Only master key can be used to generate, delete, update info for new keys/users/teams. Route=/user/get_requests
INFO:     10.89.11.62:46552 - "GET /user/get_requests HTTP/1.1" 401 Unauthorized
Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/litellm/proxy/proxy_server.py", line 1057, in user_api_key_auth
    raise Exception(
Exception: Only master key can be used to generate, delete, update info for new keys/users/teams. Route=/user/get_requests
INFO:     10.89.11.62:46552 - "GET /user/get_requests HTTP/1.1" 401 Unauthorized
INFO:     10.89.11.62:33724 - "GET /ui/?userID=admin&token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoiYWRtaW4iLCJrZXkiOiJzay12VFVueXA5dVBKZk5EMDJCZzdiRkx3IiwidXNlcl9lbWFpbCI6ImFkbWluIiwidXNlcl9yb2xlIjoiYXBwX2FkbWluIiwibG9naW5fbWV0aG9kIjoidXNlcm5hbWVfcGFzc3dvcmQifQ.34sD4gpoS4ExX48TpMV6ooz0KFyUzU4bNDsHWk3J-p4 HTTP/1.1" 304 Not Modified
Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/litellm/proxy/proxy_server.py", line 1057, in user_api_key_auth
    raise Exception(
Exception: Only master key can be used to generate, delete, update info for new keys/users/teams. Route=/global/spend
INFO:     10.89.11.62:33724 - "GET /global/spend HTTP/1.1" 401 Unauthorized
Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/litellm/proxy/proxy_server.py", line 1040, in user_api_key_auth
    raise HTTPException(
fastapi.exceptions.HTTPException: 403: key not allowed to access this user's info

Twitter / LinkedIn details

No response

VfBfoerst avatar Apr 22 '24 08:04 VfBfoerst

  • admin ui link on swagger docs does not respect SERVER_ROOT_PATH as well

PrinceBaghel258025 avatar Apr 23 '24 06:04 PrinceBaghel258025

@VfBfoerst unable to repro.

Do you have a UI Username + Password also set as well? we have all 3 and still don't see the problem.

Here's a sample demo app i spun up with just master key, and i don't see the problem:

UI: https://demo-litellm.onrender.com/ui

Admin Credentials:

  • Username: admin
  • Password: sk-1234
Screenshot 2024-04-23 at 1 26 00 PM

@VfBfoerst let me know if there's any changes i need to make, to repro your flow

krrishdholakia avatar Apr 23 '24 20:04 krrishdholakia

@PrinceBaghel258025 please create a separate issue to track the server_root_path problem

krrishdholakia avatar Apr 23 '24 20:04 krrishdholakia

@krrishdholakia I have the exact same issue as reported by @VfBfoerst . @VfBfoerst do you still experience this?

I have UI_USERNAME and UI_PASSWORD configured in environment variables, and general_settings.master_key in config.yaml. I get repeated messages regards "key not allowed to access" and "Only master key can" on every UI page.

image

Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/litellm/proxy/proxy_server.py", line 1062, in user_api_key_auth
    raise Exception(
Exception: Only master key can be used to generate, delete, update info for new keys/users/teams. Route=/global/spend
INFO:     192.168.1.132:55379 - "GET /global/spend HTTP/1.1" 401 Unauthorized
INFO:     192.168.1.132:55380 - "GET /models HTTP/1.1" 200 OK
Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/litellm/proxy/proxy_server.py", line 1040, in user_api_key_auth
    raise HTTPException(
fastapi.exceptions.HTTPException
INFO:     192.168.1.132:55381 - "GET /user/info HTTP/1.1" 403 Forbidden

corticalstack avatar Apr 28 '24 20:04 corticalstack

@corticalstack what does it say when you hover on your user id on the corner right - are you an admin or an app owner? Screenshot 2024-04-28 at 2 10 08 PM

Happy to help debug over a call - https://calendly.com/d/4mp-gd3-k5k/litellm-1-1-onboarding-chat

krrishdholakia avatar Apr 28 '24 21:04 krrishdholakia

@krrishdholakia role: admin, id: admin. I checked in the proxy_server.py code, which checks for the user having the admin role, so....

corticalstack avatar Apr 28 '24 21:04 corticalstack

Modified to return a more detailed error message - https://github.com/BerriAI/litellm/commit/7b617e666decde16b86473875c5cc570ca69bb07

You seem to be entering the non-admin condition block of the auth check

krrishdholakia avatar Apr 29 '24 14:04 krrishdholakia

  • admin ui link on swagger docs does not respect SERVER_ROOT_PATH as well

Bumped into the same issue, created this here - https://github.com/BerriAI/litellm/issues/4691 . @krrishdholakia @PrinceBaghel258025

ashutoshsaboo avatar Jul 13 '24 07:07 ashutoshsaboo

for me, it seems to be fixed. :) I can't reproduce it anymore.

VfBfoerst avatar Jul 31 '24 05:07 VfBfoerst

I got the same issue!

Justin-12138 avatar Sep 29 '24 12:09 Justin-12138