web: Add a stubbed login option for local dev

This adds a configuration option, ``NULL_AUTH``.  When set to ``True``,
it enables a development/debug mode where all attempts to authenticate
succeed.  This bypasses the need for CalNet credentials (and TLS) on a
local development system.

Implements: AP-506

Author: awilfox

README.rst

@@ -226,7 +226,7 @@ The following keys are available for configuration in the ``.env`` file:
 ``LANGFUSE_PROMPT``, ``LANGFUSE_PROMPT_LABEL``
     The prompt name defined in langfuse for the prompt to be used. The label is the label
     created for the named prompt in Langfuse. The default values are
-    LANGFUSE_PROMPT=default and LANGFUSE_PROMPT_LABEL=production
+    ``LANGFUSE_PROMPT=default`` and ``LANGFUSE_PROMPT_LABEL=production``.
 
     If these values are not supplied or not defined in Langfuse a fallback prompt which is
     defined in ``config/__init__.py`` will be used. 
@@ -238,5 +238,9 @@ The following keys are available for configuration in the ``.env`` file:
 ``K_VALUE``
     Int. The k value used for retrieving context from the vector_store. The default is 4   
 
+``NULL_AUTH``
+    Boolean.  Whether to allow anyone to login with any name and password.  Defaults to ``False``.
+    Never ever set this unless you know what you're doing!
+
 ``ETL_TRACING``
     Boolean.  Whether to trace embedding calls in Langfuse.  Defaults to ``False``.

willa/config/__init__.py

@@ -45,13 +45,14 @@
     'EXTRA_VERSION': '',
     'DEPLOYMENT_ID': 'default',
     'K_VALUE': '4',
+    'NULL_AUTH': 'False',
     'ETL_TRACING': 'False'
 }
 """The defaults for configuration variables not set in the .env file."""
 
 
 VALID_VARS: set[str] = {'TIND_API_KEY', 'TIND_API_URL', 'DEFAULT_STORAGE_DIR', 'ETL_TRACING',
-                        'OLLAMA_URL', 'CHAT_MODEL', 'CHAT_TEMPERATURE', 'CALNET_ENV',
+                        'OLLAMA_URL', 'CHAT_MODEL', 'CHAT_TEMPERATURE', 'CALNET_ENV', 'NULL_AUTH',
                         'CALNET_OIDC_CLIENT_ID', 'CALNET_OIDC_CLIENT_SECRET', 'LANCEDB_URI',
                         'CHAT_BACKEND', 'EMBED_BACKEND', 'LANGFUSE_HOST', 'LANGFUSE_PUBLIC_KEY',
                         'LANGFUSE_SECRET_KEY', 'LANGFUSE_PROMPT', 'LANGFUSE_PROMPT_LABEL',

willa/web/app.py

@@ -6,6 +6,7 @@
 from chainlit.types import ThreadDict, CommandDict
 
 from willa.chatbot import Chatbot
+from willa.config import CONFIG
 from willa.web.cas_provider import CASProvider
 from willa.web.inject_custom_auth import add_custom_oauth_provider
 
@@ -14,8 +15,6 @@
 """The Chatbot instances associated with each thread."""
 
 
-add_custom_oauth_provider('cas', CASProvider())
-
 COMMANDS: list[CommandDict] = [
   {
       "id": "Copy Transcript",
@@ -97,12 +96,20 @@ async def chat(message: cl.Message) -> None:
                              content=reply['no_results']).send()
 
 
-# Chainlit erroneously defines the callback as taking an `id_token` param that is never passed.
-@cl.oauth_callback  # type: ignore[arg-type]
-async def oauth_callback(provider_id: str, _token: str, _raw_user_data: dict[str, str],
-                         default_user: cl.User) -> cl.User | None:
-    """Handle OAuth authentication."""
-    if provider_id != 'cas':
-        return None
+if CONFIG['NULL_AUTH'].lower() == 'true':
+    @cl.password_auth_callback
+    async def password_auth_callback(username: str, _password: str) -> cl.User:
+        """Handle password authentication (null; all login attempts will succeed)."""
+        return cl.User(identifier=username, metadata={'role': 'admin', 'provider': 'null'})
+else:
+    add_custom_oauth_provider('cas', CASProvider())
+
+    # Chainlit erroneously defines the callback as taking an `id_token` param that is never passed.
+    @cl.oauth_callback  # type: ignore[arg-type]
+    async def oauth_callback(provider_id: str, _token: str, _raw_user_data: dict[str, str],
+                             default_user: cl.User) -> cl.User | None:
+        """Handle OAuth authentication."""
+        if provider_id != 'cas':
+            return None
 
-    return default_user
+        return default_user