From 4f8bc3f07cddb29bcbed04dfc8d3d07b591a5338 Mon Sep 17 00:00:00 2001
From: Mathijs de Bruin <mathijs@mathijsfietst.nl>
Date: Thu, 5 Dec 2024 16:46:15 +0000
Subject: [PATCH] Re-enable user validation for `get_file()`. Closes #1101.

---
 backend/chainlit/server.py | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/backend/chainlit/server.py b/backend/chainlit/server.py
index 5f78d4a17a..5e40ba3909 100644
--- a/backend/chainlit/server.py
+++ b/backend/chainlit/server.py
@@ -948,7 +948,7 @@ def validate_file_size(file: UploadFile):
 async def get_file(
     file_id: str,
     session_id: str,
-    # current_user: UserParam, #TODO: Causes 401 error. See https://github.com/Chainlit/chainlit/issues/1472
+    current_user: UserParam,
 ):
     """Get a file from the session files directory."""
 
@@ -969,13 +969,12 @@ async def get_file(
             detail="Unauthorized",
         )
 
-    # TODO: Causes 401 error. See https://github.com/Chainlit/chainlit/issues/1472
-    # if current_user:
-    #     if not session.user or session.user.identifier != current_user.identifier:
-    #         raise HTTPException(
-    #             status_code=401,
-    #             detail="You are not authorized to download files from this session",
-    #         )
+    if current_user:
+        if not session.user or session.user.identifier != current_user.identifier:
+            raise HTTPException(
+                status_code=401,
+                detail="You are not authorized to download files from this session",
+            )
 
     if file_id in session.files:
         file = session.files[file_id]