Squashed commit of the following:

commit 677f4b5f95544b75ca17afa3539f4260c311455d
Merge: 308d2cb 2b26355
Author: Luke Garceau <ltgarc768@gmail.com>
Date:   Mon Jan 12 13:18:34 2026 -0500

    merge conflicts

commit 308d2cb
Author: Luke Garceau <ltgarc768@gmail.com>
Date:   Wed Dec 31 13:51:48 2025 -0500

    Revert "Merge branch 'dev' of github.com:open-webui/open-webui into feat/google-oauth-groups-lgarceau"

    This reverts commit 6dd6e0c, reversing
    changes made to dd1e2b5.

commit 6dd6e0c
Merge: dd1e2b5 fe3047d
Author: Luke Garceau <ltgarc768@gmail.com>
Date:   Mon Dec 29 17:14:48 2025 -0500

    Merge branch 'dev' of github.com:open-webui/open-webui into feat/google-oauth-groups-lgarceau

commit dd1e2b5
Merge: 943e4ca a727153
Author: Luke Garceau <ltgarc768@gmail.com>
Date:   Mon Dec 29 16:05:54 2025 -0500

    Merge branch 'main' of personal:flexion/open-webui into feat/google-oauth-groups-lgarceau

commit 943e4ca
Author: Luke Garceau <ltgarc768@gmail.com>
Date:   Mon Dec 29 16:05:52 2025 -0500

    resolve oauth issues

commit 4b34300
Merge: 6f1486f 9eb4484
Author: Luke Garceau <ltgarc768@gmail.com>
Date:   Tue Dec 9 16:51:53 2025 -0500

    init implementation commit

commit 9eb4484
Merge: e0d5de1 d277696
Author: Luke Garceau <ltgarc768@gmail.com>
Date:   Thu Nov 27 15:46:49 2025 -0500

    Merge pull request #2 from lgarceau768/main

    Version 0.6.34 Updates

commit d277696
Merge: 6c86ff7 e0d5de1
Author: Luke Garceau <ltgarc768@gmail.com>
Date:   Sat Nov 22 11:24:58 2025 -0500

    Merge branch 'main' into main

commit 6c86ff7
Merge: 7a83e7d 6dbc01c
Author: Luke Garceau <ltgarc768@gmail.com>
Date:   Wed Nov 5 12:05:23 2025 -0500

    Merge pull request #1 from lgarceau768/feat/google-groups

    Google Groups Functionaliity on top of version 0.6.34

commit 6dbc01c
Merge: 7a83e7d cc6a1a7
Author: Luke Garceau <ltgarc768@gmail.com>
Date:   Wed Nov 5 10:44:30 2025 -0500

    - resolve merge conflicts

commit cc6a1a7
Author: Brice Ruth <bruth@flexion.us>
Date:   Mon Jun 16 18:18:52 2025 -0500

    update tests for adjusted query string & payload

commit 64ce040
Author: Brice Ruth <bruth@flexion.us>
Date:   Mon Jun 16 17:49:42 2025 -0500

    fix google cloud identity query string

commit a909fd9
Author: Brice Ruth <bruth@flexion.us>
Date:   Mon Jun 16 11:35:47 2025 -0500

    feat: Add Google Cloud Identity API support for OAuth group-based roles

    Enables Google Workspace group-based role assignment by integrating with
    Google Cloud Identity API to fetch user groups in real-time.

    Key improvements:
    - Fetches groups directly from Google API using cloud-identity.groups.readonly scope
    - Enables admin role assignment based on Google group membership
    - Maintains full backward compatibility with existing OAuth configurations
    - Includes comprehensive test suite with proper async mocking
    - Complete documentation with Google Cloud Console setup guide

    Addresses limitation where Google Workspace doesn't include group membership
    claims in OAuth JWT tokens, preventing group-based role assignment.

    🤖 Generated with [Claude Code](https://claude.ai/code)

    Co-Authored-By: Claude <noreply@anthropic.com>

Author: lgarceau768

Dockerfile

@@ -43,7 +43,7 @@ ENV APP_BUILD_HASH=${BUILD_HASH}
 RUN npm run build
 
 ######## WebUI backend ########
-FROM python:3.11.14-slim-bookworm AS base
+FROM python:3.11-slim-bookworm AS base
 
 # Use args
 ARG USE_CUDA

backend/open_webui/config.py

@@ -19,7 +19,6 @@
 from open_webui.env import (
     DATA_DIR,
     DATABASE_URL,
-    ENABLE_DB_MIGRATIONS,
     ENV,
     REDIS_URL,
     REDIS_KEY_PREFIX,
@@ -68,8 +67,7 @@ def run_migrations():
         log.exception(f"Error running migrations: {e}")
 
 
-if ENABLE_DB_MIGRATIONS:
-    run_migrations()
+run_migrations()
 
 
 class Config(Base):
@@ -2373,51 +2371,6 @@ class BannerModel(BaseModel):
     except Exception:
         PGVECTOR_IVFFLAT_LISTS = 100
 
-# openGauss
-OPENGAUSS_DB_URL = os.environ.get("OPENGAUSS_DB_URL", DATABASE_URL)
-
-OPENGAUSS_INITIALIZE_MAX_VECTOR_LENGTH = int(
-    os.environ.get("OPENGAUSS_INITIALIZE_MAX_VECTOR_LENGTH", "1536")
-)
-
-OPENGAUSS_POOL_SIZE = os.environ.get("OPENGAUSS_POOL_SIZE", None)
-
-if OPENGAUSS_POOL_SIZE != None:
-    try:
-        OPENGAUSS_POOL_SIZE = int(OPENGAUSS_POOL_SIZE)
-    except Exception:
-        OPENGAUSS_POOL_SIZE = None
-
-OPENGAUSS_POOL_MAX_OVERFLOW = os.environ.get("OPENGAUSS_POOL_MAX_OVERFLOW", 0)
-
-if OPENGAUSS_POOL_MAX_OVERFLOW == "":
-    OPENGAUSS_POOL_MAX_OVERFLOW = 0
-else:
-    try:
-        OPENGAUSS_POOL_MAX_OVERFLOW = int(OPENGAUSS_POOL_MAX_OVERFLOW)
-    except Exception:
-        OPENGAUSS_POOL_MAX_OVERFLOW = 0
-
-OPENGAUSS_POOL_TIMEOUT = os.environ.get("OPENGAUSS_POOL_TIMEOUT", 30)
-
-if OPENGAUSS_POOL_TIMEOUT == "":
-    OPENGAUSS_POOL_TIMEOUT = 30
-else:
-    try:
-        OPENGAUSS_POOL_TIMEOUT = int(OPENGAUSS_POOL_TIMEOUT)
-    except Exception:
-        OPENGAUSS_POOL_TIMEOUT = 30
-
-OPENGAUSS_POOL_RECYCLE = os.environ.get("OPENGAUSS_POOL_RECYCLE", 3600)
-
-if OPENGAUSS_POOL_RECYCLE == "":
-    OPENGAUSS_POOL_RECYCLE = 3600
-else:
-    try:
-        OPENGAUSS_POOL_RECYCLE = int(OPENGAUSS_POOL_RECYCLE)
-    except Exception:
-        OPENGAUSS_POOL_RECYCLE = 3600
-
 # Pinecone
 PINECONE_API_KEY = os.environ.get("PINECONE_API_KEY", None)
 PINECONE_ENVIRONMENT = os.environ.get("PINECONE_ENVIRONMENT", None)
@@ -3737,7 +3690,6 @@ class BannerModel(BaseModel):
     os.getenv("WHISPER_MODEL", "base"),
 )
 
-WHISPER_COMPUTE_TYPE = os.getenv("WHISPER_COMPUTE_TYPE", "int8")
 WHISPER_MODEL_DIR = os.getenv("WHISPER_MODEL_DIR", f"{CACHE_DIR}/whisper/models")
 WHISPER_MODEL_AUTO_UPDATE = (
     not OFFLINE_MODE

backend/open_webui/internal/db.py

@@ -77,8 +77,7 @@ def handle_peewee_migration(DATABASE_URL):
         assert db.is_closed(), "Database connection is still open."
 
 
-if ENABLE_DB_MIGRATIONS:
-    handle_peewee_migration(DATABASE_URL)
+handle_peewee_migration(DATABASE_URL)
 
 
 SQLALCHEMY_DATABASE_URL = DATABASE_URL

backend/open_webui/main.py

@@ -102,9 +102,7 @@
     get_rf,
 )
 
-
-from sqlalchemy.orm import Session
-from open_webui.internal.db import ScopedSession, engine, get_session
+from open_webui.internal.db import Session, ScopedSession, engine
 
 from open_webui.models.functions import Functions
 from open_webui.models.models import Models
@@ -2315,13 +2313,8 @@ async def oauth_login(provider: str, request: Request):
 #    - Email addresses are considered unique, so we fail registration if the email address is already taken
 @app.get("/oauth/{provider}/login/callback")
 @app.get("/oauth/{provider}/callback")  # Legacy endpoint
-async def oauth_login_callback(
-    provider: str,
-    request: Request,
-    response: Response,
-    db: Session = Depends(get_session),
-):
-    return await oauth_manager.handle_callback(request, provider, response, db=db)
+async def oauth_login_callback(provider: str, request: Request, response: Response):
+    return await oauth_manager.handle_callback(request, provider, response)
 
 
 @app.get("/manifest.json")
@@ -2380,7 +2373,7 @@ async def healthcheck():
 
 @app.get("/health/db")
 async def healthcheck_with_db():
-    ScopedSession.execute(text("SELECT 1;")).all()
+    Session.execute(text("SELECT 1;")).all()
     return {"status": True}
 
 

backend/open_webui/models/auths.py

@@ -2,8 +2,7 @@
 import uuid
 from typing import Optional
 
-from sqlalchemy.orm import Session
-from open_webui.internal.db import Base, JSONField, get_db, get_db_context
+from open_webui.internal.db import Base, get_db, Session
 from open_webui.models.users import UserModel, UserProfileImageResponse, Users
 from pydantic import BaseModel
 from sqlalchemy import Boolean, Column, String, Text
@@ -88,9 +87,8 @@ def insert_new_auth(
         profile_image_url: str = "/user.png",
         role: str = "pending",
         oauth: Optional[dict] = None,
-        db: Optional[Session] = None,
     ) -> Optional[UserModel]:
-        with get_db_context(db) as db:
+        with get_db() as db:
             log.info("insert_new_auth")
 
             id = str(uuid.uuid4())
@@ -102,7 +100,7 @@ def insert_new_auth(
             db.add(result)
 
             user = Users.insert_new_user(
-                id, name, email, profile_image_url, role, oauth=oauth, db=db
+                id, name, email, profile_image_url, role, oauth=oauth
             )
 
             db.commit()
@@ -114,16 +112,16 @@ def insert_new_auth(
                 return None
 
     def authenticate_user(
-        self, email: str, verify_password: callable, db: Optional[Session] = None
+        self, email: str, verify_password: callable
     ) -> Optional[UserModel]:
         log.info(f"authenticate_user: {email}")
 
-        user = Users.get_user_by_email(email, db=db)
+        user = Users.get_user_by_email(email)
         if not user:
             return None
 
         try:
-            with get_db_context(db) as db:
+            with get_db() as db:
                 auth = db.query(Auth).filter_by(id=user.id, active=True).first()
                 if auth:
                     if verify_password(auth.password):
@@ -144,7 +142,7 @@ def authenticate_user_by_api_key(
             return None
 
         try:
-            user = Users.get_user_by_api_key(api_key, db=db)
+            user = Users.get_user_by_api_key(api_key)
             return user if user else None
         except Exception:
             return False
@@ -154,10 +152,10 @@ def authenticate_user_by_email(
     ) -> Optional[UserModel]:
         log.info(f"authenticate_user_by_email: {email}")
         try:
-            with get_db_context(db) as db:
+            with get_db() as db:
                 auth = db.query(Auth).filter_by(email=email, active=True).first()
                 if auth:
-                    user = Users.get_user_by_id(auth.id, db=db)
+                    user = Users.get_user_by_id(auth.id)
                     return user
         except Exception:
             return None
@@ -166,7 +164,7 @@ def update_user_password_by_id(
         self, id: str, new_password: str, db: Optional[Session] = None
     ) -> bool:
         try:
-            with get_db_context(db) as db:
+            with get_db() as db:
                 result = (
                     db.query(Auth).filter_by(id=id).update({"password": new_password})
                 )
@@ -179,18 +177,18 @@ def update_email_by_id(
         self, id: str, email: str, db: Optional[Session] = None
     ) -> bool:
         try:
-            with get_db_context(db) as db:
+            with get_db() as db:
                 result = db.query(Auth).filter_by(id=id).update({"email": email})
                 db.commit()
                 return True if result == 1 else False
         except Exception:
             return False
 
-    def delete_auth_by_id(self, id: str, db: Optional[Session] = None) -> bool:
+    def delete_auth_by_id(self, id: str) -> bool:
         try:
-            with get_db_context(db) as db:
+            with get_db() as db:
                 # Delete User
-                result = Users.delete_user_by_id(id, db=db)
+                result = Users.delete_user_by_id(id)
 
                 if result:
                     db.query(Auth).filter_by(id=id).delete()

backend/open_webui/models/notes.py

@@ -4,8 +4,7 @@
 from typing import Optional
 from functools import lru_cache
 
-from sqlalchemy.orm import Session
-from open_webui.internal.db import Base, get_db, get_db_context
+from open_webui.internal.db import Base, get_db
 from open_webui.models.groups import Groups
 from open_webui.utils.access_control import has_access
 from open_webui.models.users import User, UserModel, Users, UserResponse
@@ -212,9 +211,11 @@ def _has_permission(self, db, query, filter: dict, permission: str = "read"):
         return query
 
     def insert_new_note(
-        self, user_id: str, form_data: NoteForm, db: Optional[Session] = None
+        self,
+        form_data: NoteForm,
+        user_id: str,
     ) -> Optional[NoteModel]:
-        with get_db_context(db) as db:
+        with get_db() as db:
             note = NoteModel(
                 **{
                     "id": str(uuid.uuid4()),
@@ -232,9 +233,9 @@ def insert_new_note(
             return note
 
     def get_notes(
-        self, skip: int = 0, limit: int = 50, db: Optional[Session] = None
+        self, skip: Optional[int] = None, limit: Optional[int] = None
     ) -> list[NoteModel]:
-        with get_db_context(db) as db:
+        with get_db() as db:
             query = db.query(Note).order_by(Note.updated_at.desc())
             if skip is not None:
                 query = query.offset(skip)
@@ -244,14 +245,9 @@ def get_notes(
             return [NoteModel.model_validate(note) for note in notes]
 
     def search_notes(
-        self,
-        user_id: str,
-        filter: dict = {},
-        skip: int = 0,
-        limit: int = 30,
-        db: Optional[Session] = None,
+        self, user_id: str, filter: dict = {}, skip: int = 0, limit: int = 30
     ) -> NoteListResponse:
-        with get_db_context(db) as db:
+        with get_db() as db:
             query = db.query(Note, User).outerjoin(User, User.id == Note.user_id)
             if filter:
                 query_key = filter.get("query")
@@ -345,13 +341,12 @@ def get_notes_by_user_id(
         self,
         user_id: str,
         permission: str = "read",
-        skip: int = 0,
-        limit: int = 50,
-        db: Optional[Session] = None,
+        skip: Optional[int] = None,
+        limit: Optional[int] = None,
     ) -> list[NoteModel]:
-        with get_db_context(db) as db:
+        with get_db() as db:
             user_group_ids = [
-                group.id for group in Groups.get_groups_by_member_id(user_id, db=db)
+                group.id for group in Groups.get_groups_by_member_id(user_id)
             ]
 
             query = db.query(Note).order_by(Note.updated_at.desc())
@@ -367,17 +362,15 @@ def get_notes_by_user_id(
             notes = query.all()
             return [NoteModel.model_validate(note) for note in notes]
 
-    def get_note_by_id(
-        self, id: str, db: Optional[Session] = None
-    ) -> Optional[NoteModel]:
-        with get_db_context(db) as db:
+    def get_note_by_id(self, id: str) -> Optional[NoteModel]:
+        with get_db() as db:
             note = db.query(Note).filter(Note.id == id).first()
             return NoteModel.model_validate(note) if note else None
 
     def update_note_by_id(
-        self, id: str, form_data: NoteUpdateForm, db: Optional[Session] = None
+        self, id: str, form_data: NoteUpdateForm
     ) -> Optional[NoteModel]:
-        with get_db_context(db) as db:
+        with get_db() as db:
             note = db.query(Note).filter(Note.id == id).first()
             if not note:
                 return None
@@ -399,14 +392,11 @@ def update_note_by_id(
             db.commit()
             return NoteModel.model_validate(note) if note else None
 
-    def delete_note_by_id(self, id: str, db: Optional[Session] = None) -> bool:
-        try:
-            with get_db_context(db) as db:
-                db.query(Note).filter(Note.id == id).delete()
-                db.commit()
-                return True
-        except Exception:
-            return False
+    def delete_note_by_id(self, id: str):
+        with get_db() as db:
+            db.query(Note).filter(Note.id == id).delete()
+            db.commit()
+            return True
 
 
 Notes = NoteTable()