Spaces:

raylim
/

mosaic

Sleeping

raylim Claude Opus 4.6 commited on Feb 12

Commit

bce9604

1 Parent(s): 9adb105

fix: stop using request.username on HF Spaces (returns Space owner, not visitor)

On HF Spaces, request.username returns the Space owner's username for
all visitors. This caused every user to appear as "raylim" regardless
of who was actually logged in. Now only OAuthProfile from
gr.LoginButton() is used to identify users on HF Spaces.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Files changed (4) hide show

src/mosaic/telemetry/utils.py +9 -31
src/mosaic/ui/user_tabs.py +7 -12
tests/telemetry/test_utils.py +10 -10
tests/test_ui_user_storage.py +13 -2

src/mosaic/telemetry/utils.py CHANGED Viewed

@@ -113,16 +113,17 @@ class UserInfo:
 def extract_user_info(request, is_hf_spaces: bool = False, profile=None) -> UserInfo:
-    """Extract user info from Gradio OAuth profile or request object.
     With gr.LoginButton(), Gradio provides user info via gr.OAuthProfile
     (injected automatically into event handlers). The profile object has
     a `username` attribute with the HuggingFace username.
-    Falls back to request.username for non-OAuth auth setups.
     Args:
-        request: Gradio request object (can be None)
         is_hf_spaces: Whether running on HuggingFace Spaces (only extract on HF)
         profile: Gradio OAuthProfile object (injected by LoginButton OAuth flow)
@@ -137,7 +138,9 @@ def extract_user_info(request, is_hf_spaces: bool = False, profile=None) -> User
     if not is_hf_spaces:
         return UserInfo()
-    # Primary: extract from OAuthProfile (set by gr.LoginButton OAuth flow)
     if profile is not None:
         try:
             username = getattr(profile, "username", None)
@@ -147,30 +150,5 @@ def extract_user_info(request, is_hf_spaces: bool = False, profile=None) -> User
         except Exception as e:
             logger.debug(f"Could not extract username from OAuthProfile: {e}")
-    # Fallback: try request.username (works with Gradio's built-in auth= parameter)
-    if request is None:
-        logger.debug(
-            "Cannot extract user info: request and profile are both None/empty"
-        )
-        return UserInfo()
-    try:
-        username = None
-        try:
-            username = request.username
-        except Exception as auth_error:
-            logger.debug(f"Could not access request.username: {auth_error}")
-        if username:
-            logger.info(f"Extracted user from request.username: {username}")
-            return UserInfo(is_logged_in=True, username=username)
-        else:
-            logger.debug(
-                "User info not available: no OAuthProfile and request.username is None"
-            )
-            return UserInfo()
-    except Exception as e:
-        logger.error(f"Unexpected error extracting user info: {e}")
-        return UserInfo()

 def extract_user_info(request, is_hf_spaces: bool = False, profile=None) -> UserInfo:
+    """Extract user info from Gradio OAuth profile.
     With gr.LoginButton(), Gradio provides user info via gr.OAuthProfile
     (injected automatically into event handlers). The profile object has
     a `username` attribute with the HuggingFace username.
+    Does NOT use request.username, which on HF Spaces returns the Space
+    owner's username rather than the visitor's.
     Args:
+        request: Gradio request object (unused, kept for API compatibility)
         is_hf_spaces: Whether running on HuggingFace Spaces (only extract on HF)
         profile: Gradio OAuthProfile object (injected by LoginButton OAuth flow)
     if not is_hf_spaces:
         return UserInfo()
+    # On HF Spaces, only OAuthProfile reliably identifies the logged-in user.
+    # request.username returns the Space owner's username (not the visitor's),
+    # so we must NOT fall back to it.
     if profile is not None:
         try:
             username = getattr(profile, "username", None)
         except Exception as e:
             logger.debug(f"Could not extract username from OAuthProfile: {e}")
+    logger.debug("User not logged in: no OAuthProfile available")
+    return UserInfo()

src/mosaic/ui/user_tabs.py CHANGED Viewed

@@ -32,18 +32,20 @@ LOCAL_DEBUG_USERNAME = "local_user"
 def _get_username(request: gr.Request = None, profile=None) -> tuple[str, bool]:
     """Get username for storage operations.
-    Uses the same approach as telemetry's extract_user_info: try
-    OAuthProfile first (reliable on HF Spaces), then fall back to
-    request.username.
     Returns:
         Tuple of (username, is_local_mode)
-        - In HF Spaces: (profile.username or request.username, False) if logged in
         - Locally: (LOCAL_DEBUG_USERNAME, True)
         - HF Spaces not logged in: (None, False)
     """
     if IS_HF_SPACES:
-        # Primary: OAuthProfile (set by gr.LoginButton OAuth flow)
         if profile is not None:
             try:
                 username = getattr(profile, "username", None)
@@ -52,13 +54,6 @@ def _get_username(request: gr.Request = None, profile=None) -> tuple[str, bool]:
             except Exception:
                 pass
-        # Fallback: request.username
-        try:
-            if request and request.username:
-                return (request.username, False)
-        except Exception:
-            pass
         return (None, False)
     else:
         # Local mode - use debug username

 def _get_username(request: gr.Request = None, profile=None) -> tuple[str, bool]:
     """Get username for storage operations.
+    On HF Spaces, uses OAuthProfile from gr.LoginButton() to identify
+    the logged-in user. Does NOT use request.username, which returns
+    the Space owner's username rather than the visitor's.
     Returns:
         Tuple of (username, is_local_mode)
+        - In HF Spaces: (profile.username, False) if logged in
         - Locally: (LOCAL_DEBUG_USERNAME, True)
         - HF Spaces not logged in: (None, False)
     """
     if IS_HF_SPACES:
+        # On HF Spaces, only OAuthProfile reliably identifies the logged-in user.
+        # request.username returns the Space owner's username (not the visitor's),
+        # so we must NOT fall back to it.
         if profile is not None:
             try:
                 username = getattr(profile, "username", None)
             except Exception:
                 pass
         return (None, False)
     else:
         # Local mode - use debug username

tests/telemetry/test_utils.py CHANGED Viewed

@@ -182,9 +182,9 @@ class TestExtractUserInfo:
         return MockRequest(username)
     def test_extract_user_info_with_logged_in_user(self):
-        """Test extraction with a logged-in user."""
-        request = self._create_mock_request("testuser123")
-        user_info = extract_user_info(request, is_hf_spaces=True)
         assert user_info.is_logged_in is True
         assert user_info.username == "testuser123"
@@ -229,9 +229,9 @@ class TestExtractUserInfo:
     def test_extract_user_info_with_special_characters(self):
         """Test extraction with username containing special characters."""
-        request = self._create_mock_request("user-name_123")
-        user_info = extract_user_info(request, is_hf_spaces=True)
         assert user_info.is_logged_in is True
         assert user_info.username == "user-name_123"
@@ -274,14 +274,14 @@ class TestExtractUserInfo:
         assert user_info.is_logged_in is True
         assert user_info.username == "oauth_user"
-    def test_extract_user_info_falls_back_to_request(self):
-        """Test fallback to request.username when no OAuthProfile."""
-        request = self._create_mock_request("request_user")
         user_info = extract_user_info(request, is_hf_spaces=True, profile=None)
-        assert user_info.is_logged_in is True
-        assert user_info.username == "request_user"
     def test_extract_user_info_no_profile_not_hf_spaces(self):
         """Test that profile is ignored when not on HF Spaces."""

         return MockRequest(username)
     def test_extract_user_info_with_logged_in_user(self):
+        """Test extraction with a logged-in user via OAuthProfile."""
+        profile = self._create_mock_profile("testuser123")
+        user_info = extract_user_info(None, is_hf_spaces=True, profile=profile)
         assert user_info.is_logged_in is True
         assert user_info.username == "testuser123"
     def test_extract_user_info_with_special_characters(self):
         """Test extraction with username containing special characters."""
+        profile = self._create_mock_profile("user-name_123")
+        user_info = extract_user_info(None, is_hf_spaces=True, profile=profile)
         assert user_info.is_logged_in is True
         assert user_info.username == "user-name_123"
         assert user_info.is_logged_in is True
         assert user_info.username == "oauth_user"
+    def test_extract_user_info_ignores_request_username(self):
+        """Test that request.username is NOT used (it returns Space owner, not visitor)."""
+        request = self._create_mock_request("space_owner")
         user_info = extract_user_info(request, is_hf_spaces=True, profile=None)
+        assert user_info.is_logged_in is False
+        assert user_info.username is None
     def test_extract_user_info_no_profile_not_hf_spaces(self):
         """Test that profile is ignored when not on HF Spaces."""

tests/test_ui_user_storage.py CHANGED Viewed

@@ -86,11 +86,22 @@ class TestUsernameExtraction:
     @patch("mosaic.ui.user_tabs.IS_HF_SPACES", True)
     def test_hf_logged_in_returns_username(self, mock_request_hf_logged_in):
-        """HF Spaces logged in should return request username."""
-        username, is_local = _get_username(mock_request_hf_logged_in)
         assert username == "test_user"
         assert is_local is False
     @patch("mosaic.ui.user_tabs.IS_HF_SPACES", True)
     def test_hf_not_logged_in_returns_none(self, mock_request_hf_not_logged_in):
         """HF Spaces not logged in should return None."""

     @patch("mosaic.ui.user_tabs.IS_HF_SPACES", True)
     def test_hf_logged_in_returns_username(self, mock_request_hf_logged_in):
+        """HF Spaces logged in should return OAuthProfile username, not request.username."""
+        class MockProfile:
+            username = "test_user"
+        username, is_local = _get_username(mock_request_hf_logged_in, profile=MockProfile())
         assert username == "test_user"
         assert is_local is False
+    @patch("mosaic.ui.user_tabs.IS_HF_SPACES", True)
+    def test_hf_request_username_ignored(self, mock_request_hf_logged_in):
+        """HF Spaces should NOT use request.username (returns Space owner)."""
+        username, is_local = _get_username(mock_request_hf_logged_in, profile=None)
+        assert username is None
+        assert is_local is False
     @patch("mosaic.ui.user_tabs.IS_HF_SPACES", True)
     def test_hf_not_logged_in_returns_none(self, mock_request_hf_not_logged_in):
         """HF Spaces not logged in should return None."""