bugfix: check if user exists before create a new refresh token (#3076)

check if user exists before create a new refresh token
2024-07-31 16:50:10 -03:00 · 2024-07-31 16:50:10 -03:00 · d7aed90e5d
commit d7aed90e5d
parent 61c921e1ae
3 changed files with 35 additions and 19 deletions
--- a/src/backend/base/langflow/api/v1/login.py
+++ b/src/backend/base/langflow/api/v1/login.py
@ -129,13 +129,14 @@ async def refresh_token(
    request: Request,
    response: Response,
    settings_service: "SettingsService" = Depends(get_settings_service),
+    db: Session = Depends(get_session),
 ):
    auth_settings = settings_service.auth_settings

    token = request.cookies.get("refresh_token_lf")

    if token:
-        tokens = create_refresh_token(token)
+        tokens = create_refresh_token(token, db)
        response.set_cookie(
            "refresh_token_lf",
            tokens["refresh_token"],
--- a/src/backend/base/langflow/services/auth/utils.py
+++ b/src/backend/base/langflow/services/auth/utils.py
@ -305,7 +305,13 @@ def create_refresh_token(refresh_token: str, db: Session = Depends(get_session))
            )
        user_id: UUID = payload.get("sub")  # type: ignore
        token_type: str = payload.get("type")  # type: ignore
-        if user_id is None or token_type is None:
+
+        if user_id is None or token_type == "":
+            raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid refresh token")
+
+        user_exists = get_user_by_id(db, user_id)
+
+        if user_exists is None:
            raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid refresh token")

        return create_user_tokens(user_id, db)
--- a/src/frontend/src/controllers/API/api.tsx
+++ b/src/frontend/src/controllers/API/api.tsx
@ -46,18 +46,18 @@ function ApiInterceptor() {
            await tryToRenewAccessToken(error);

            const accessToken = cookies.get(LANGFLOW_ACCESS_TOKEN);
-
            if (!accessToken && error?.config?.url?.includes("login")) {
              return Promise.reject(error);
            }
-
-            await remakeRequest(error);
-            setSaveLoading(false);
-            authenticationErrorCount = 0;
          }
        }
        await clearBuildVerticesState(error);
-        return Promise.reject(error);
+        if (
+          error?.response?.status !== 401 &&
+          error?.response?.status !== 403
+        ) {
+          return Promise.reject(error);
+        }
      },
    );

@ -141,21 +141,30 @@ function ApiInterceptor() {
  }

  async function tryToRenewAccessToken(error: AxiosError) {
-    try {
-      if (window.location.pathname.includes("/login")) return;
-      mutationRenewAccessToken({});
-    } catch (error) {
-      clearBuildVerticesState(error);
-      mutationLogout(undefined, {
-        onSuccess: () => {
-          logout();
+    if (window.location.pathname.includes("/login")) return;
+    mutationRenewAccessToken(
+      {},
+      {
+        onSuccess: async (data) => {
+          authenticationErrorCount = 0;
+          await remakeRequest(error);
+          setSaveLoading(false);
+          authenticationErrorCount = 0;
        },
        onError: (error) => {
          console.error(error);
+          mutationLogout(undefined, {
+            onSuccess: () => {
+              logout();
+            },
+            onError: (error) => {
+              console.error(error);
+            },
+          });
+          return Promise.reject("Authentication error");
        },
-      });
-      return Promise.reject("Authentication error");
-    }
+      },
+    );
  }

  async function clearBuildVerticesState(error) {