bugfix: check if user exists before create a new refresh token (#3076)

check if user exists before create a new refresh token

src/backend/base/langflow/api/v1/login.py

@@ -129,13 +129,14 @@ async def refresh_token(
     request: Request,
     response: Response,
     settings_service: "SettingsService" = Depends(get_settings_service),
+    db: Session = Depends(get_session),
 ):
     auth_settings = settings_service.auth_settings
 
     token = request.cookies.get("refresh_token_lf")
 
     if token:
-        tokens = create_refresh_token(token)
+        tokens = create_refresh_token(token, db)
         response.set_cookie(
             "refresh_token_lf",
             tokens["refresh_token"],

src/backend/base/langflow/services/auth/utils.py

@@ -305,7 +305,13 @@ def create_refresh_token(refresh_token: str, db: Session = Depends(get_session))
             )
         user_id: UUID = payload.get("sub")  # type: ignore
         token_type: str = payload.get("type")  # type: ignore
-        if user_id is None or token_type is None:
+
+        if user_id is None or token_type == "":
+            raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid refresh token")
+
+        user_exists = get_user_by_id(db, user_id)
+
+        if user_exists is None:
             raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid refresh token")
 
         return create_user_tokens(user_id, db)