[Bug]: Set Password option not disabled when auth is disabled

[josh23french]

Checklist

• I have updated to the latest available Frigate version.
• I have cleared the cache of my browser.
• I have tried a different browser to see if it is related to my browser.
• I have tried reproducing the issue in incognito mode to rule out problems with any third party extensions or plugins I have installed.
• I have asked the AI at https://docs.frigate.video about my issue.

Describe the problem you are having

When auth is disabled and users are authenticated via headers, the UI still shows a "Set Password" function.

The Set Password dialog may misguide users into thinking there is a problem with their account when they get a "User not found" error after submitting the valid form.

Steps to reproduce

1. Configure Frigate to accept proxy headers and disable auth, following documentation at https://docs.frigate.video/configuration/authentication#proxy-configuration.
2. Configure a reverse proxy to send the expected secret, user, and role headers.
3. User can access Frigate via the reverse proxy, but can see a "Set Password" menu item in the account/user menu at the bottom left of the page.
4. User is confused when they get "User not found" when trying to update their password.

Version

0.17.0-f0d69f7

In which browser(s) are you experiencing the issue with?

Google Chrome 145.0.7632.159, Any

Frigate config file

# semi-relevant config sections:
auth:
  enabled: false
  trusted_proxies:
    - 10.1.1.0/24

proxy:
  auth_secret: "REDACTED"
  separator: "|"
  default_role: "viewer"
  header_map:
    user: X-Forwarded-User
    role: X-Forwarded-Groups
    role_map:
      admin:
        - "sysadmins@domain.org-02lwamvv3hidity"
        - "security-video-admins@domain.org-01t3h5sf3suej6x"
      viewer:
        - "security-video-viewers@domain.org-0319y80a0z918y9"

docker-compose file or Docker CLI command

N/A

Relevant Frigate log output

N/A

Relevant go2rtc log output

N/A

Operating system

Debian

Install method

Docker Compose

Network connection

Wired

Camera make and model

N/A

Screenshots of the Frigate UI's System metrics pages

N/A

Any other information that may be helpful

I added an additional !(config?.auth?.enabled === false) condition to the two places I saw the set password menu item and that solves it well enough for me.

But there are also similar auth disabled oddities that might need a broader review, like if you don't set a logout url you still see the user/pass login form even if auth is disabled.

[inkeep-ai-assistant[bot]]

This appears to be a valid UI bug. When Frigate's authentication is disabled (auth.enabled: false) and you're using proxy-based authentication with header mapping, the "Set Password" menu item shouldn't be displayed since users authenticated via proxy headers don't exist in Frigate's internal user database.(1)

Your configuration is correct for proxy authentication:

auth:
  enabled: false

proxy:
  auth_secret: "REDACTED"
  header_map:
    user: X-Forwarded-User
    role: X-Forwarded-Groups

(1), (2)

The documentation confirms that when leveraging upstream proxy authentication, you should disable Frigate's authentication because "there is no correspondence between users in Frigate's database and users authenticated via the proxy."(1)

The "User not found" error occurs because the proxy-authenticated user doesn't exist in Frigate's internal database—this is expected behavior for the backend, but the UI shouldn't be offering the password change option in the first place.(1)

Your fix adding a condition to check !(config?.auth?.enabled === false) is a reasonable approach. You may want to consider filing this as a bug report on the Frigate GitHub repository if you haven't already, as the UI should ideally hide password-related functionality when native authentication is disabled.

The related issue you mentioned about the login form appearing when auth.enabled: false without a logout_url configured is another manifestation of the same category of UI/UX inconsistency when using proxy-based authentication.(1)

📚 Sources:

1. Authentication
2. Full Reference Config

---

Have another question? Just tag @inkeep.

[hawkeye217]

Thanks, this is fixed in #22439