From d7aed90e5dd771963bcdadf40e852a35ecb9906b Mon Sep 17 00:00:00 2001 From: Cristhian Zanforlin Lousa <72977554+Cristhianzl@users.noreply.github.com> Date: Wed, 31 Jul 2024 16:50:10 -0300 Subject: [PATCH] bugfix: check if user exists before create a new refresh token (#3076) check if user exists before create a new refresh token --- src/backend/base/langflow/api/v1/login.py | 3 +- .../base/langflow/services/auth/utils.py | 8 +++- src/frontend/src/controllers/API/api.tsx | 43 +++++++++++-------- 3 files changed, 35 insertions(+), 19 deletions(-) diff --git a/src/backend/base/langflow/api/v1/login.py b/src/backend/base/langflow/api/v1/login.py index 92370cbce..a966ea446 100644 --- a/src/backend/base/langflow/api/v1/login.py +++ b/src/backend/base/langflow/api/v1/login.py @@ -129,13 +129,14 @@ async def refresh_token( request: Request, response: Response, settings_service: "SettingsService" = Depends(get_settings_service), + db: Session = Depends(get_session), ): auth_settings = settings_service.auth_settings token = request.cookies.get("refresh_token_lf") if token: - tokens = create_refresh_token(token) + tokens = create_refresh_token(token, db) response.set_cookie( "refresh_token_lf", tokens["refresh_token"], diff --git a/src/backend/base/langflow/services/auth/utils.py b/src/backend/base/langflow/services/auth/utils.py index 7db158b01..bf12c9a91 100644 --- a/src/backend/base/langflow/services/auth/utils.py +++ b/src/backend/base/langflow/services/auth/utils.py @@ -305,7 +305,13 @@ def create_refresh_token(refresh_token: str, db: Session = Depends(get_session)) ) user_id: UUID = payload.get("sub") # type: ignore token_type: str = payload.get("type") # type: ignore - if user_id is None or token_type is None: + + if user_id is None or token_type == "": + raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid refresh token") + + user_exists = get_user_by_id(db, user_id) + + if user_exists is None: raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid refresh token") return create_user_tokens(user_id, db) diff --git a/src/frontend/src/controllers/API/api.tsx b/src/frontend/src/controllers/API/api.tsx index d6a89901c..66b7334ae 100644 --- a/src/frontend/src/controllers/API/api.tsx +++ b/src/frontend/src/controllers/API/api.tsx @@ -46,18 +46,18 @@ function ApiInterceptor() { await tryToRenewAccessToken(error); const accessToken = cookies.get(LANGFLOW_ACCESS_TOKEN); - if (!accessToken && error?.config?.url?.includes("login")) { return Promise.reject(error); } - - await remakeRequest(error); - setSaveLoading(false); - authenticationErrorCount = 0; } } await clearBuildVerticesState(error); - return Promise.reject(error); + if ( + error?.response?.status !== 401 && + error?.response?.status !== 403 + ) { + return Promise.reject(error); + } }, ); @@ -141,21 +141,30 @@ function ApiInterceptor() { } async function tryToRenewAccessToken(error: AxiosError) { - try { - if (window.location.pathname.includes("/login")) return; - mutationRenewAccessToken({}); - } catch (error) { - clearBuildVerticesState(error); - mutationLogout(undefined, { - onSuccess: () => { - logout(); + if (window.location.pathname.includes("/login")) return; + mutationRenewAccessToken( + {}, + { + onSuccess: async (data) => { + authenticationErrorCount = 0; + await remakeRequest(error); + setSaveLoading(false); + authenticationErrorCount = 0; }, onError: (error) => { console.error(error); + mutationLogout(undefined, { + onSuccess: () => { + logout(); + }, + onError: (error) => { + console.error(error); + }, + }); + return Promise.reject("Authentication error"); }, - }); - return Promise.reject("Authentication error"); - } + }, + ); } async function clearBuildVerticesState(error) {