Add login page docs hint (#20619)

* add config field * add endpoint * set config var when onboarding * add no auth exception to nginx config * form changes and i18n * clean up
2026-04-19 23:08:08 +02:00 · 2025-10-22 12:24:53 -05:00
parent d6f5d2b0fa
commit 2387dccc19
6 changed files with 73 additions and 1 deletions
--- a/frigate/api/auth.py
+++ b/frigate/api/auth.py
@@ -35,6 +35,23 @@ logger = logging.getLogger(__name__)
 router = APIRouter(tags=[Tags.auth])


+@router.get("/auth/first_time_login")
+def first_time_login(request: Request):
+    """Return whether the admin first-time login help flag is set in config.
+
+    This endpoint is intentionally unauthenticated so the login page can
+    query it before a user is authenticated.
+    """
+    auth_config = request.app.frigate_config.auth
+
+    return JSONResponse(
+        content={
+            "admin_first_time_login": auth_config.admin_first_time_login
+            or auth_config.reset_admin_password
+        }
+    )
+
+
 class RateLimiter:
    _limit = ""

@@ -515,6 +532,11 @@ def login(request: Request, body: AppPostLoginBody):
        set_jwt_cookie(
            response, JWT_COOKIE_NAME, encoded_jwt, expiration, JWT_COOKIE_SECURE
        )
+        # Clear admin_first_time_login flag after successful admin login so the
+        # UI stops showing the first-time login documentation link.
+        if role == "admin":
+            request.app.frigate_config.auth.admin_first_time_login = False
+
        return response
    return JSONResponse(content={"message": "Login failed"}, status_code=401)

--- a/frigate/app.py
+++ b/frigate/app.py
@@ -488,6 +488,8 @@ class FrigateApp:
                    }
                ).execute()

+                self.config.auth.admin_first_time_login = True
+
                logger.info("********************************************************")
                logger.info("********************************************************")
                logger.info("***    Auth is enabled, but no users exist.          ***")
--- a/frigate/config/auth.py
+++ b/frigate/config/auth.py
@@ -38,6 +38,13 @@ class AuthConfig(FrigateBaseModel):
        default_factory=dict,
        title="Role to camera mappings. Empty list grants access to all cameras.",
    )
+    admin_first_time_login: Optional[bool] = Field(
+        default=False,
+        title="Internal field to expose first-time admin login flag to the UI",
+        description=(
+            "When true the UI may show a help link on the login page informing users how to sign in after an admin password reset. "
+        ),
+    )

    @field_validator("roles")
    @classmethod