bugfix: check if user exists before create a new refresh token (#3076)

check if user exists before create a new refresh token
langflow-ai · Jul 31, 2024 · d7aed90 · d7aed90
1 parent 61c921e
commit d7aed90
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 19 deletions.
diff --git a/src/backend/base/langflow/api/v1/login.py b/src/backend/base/langflow/api/v1/login.py
@@ -129,13 +129,14 @@ async def refresh_token(
     request: Request,
     response: Response,
     settings_service: "SettingsService" = Depends(get_settings_service),
+    db: Session = Depends(get_session),
 ):
     auth_settings = settings_service.auth_settings
 
     token = request.cookies.get("refresh_token_lf")
 
     if token:
-        tokens = create_refresh_token(token)
+        tokens = create_refresh_token(token, db)
         response.set_cookie(
             "refresh_token_lf",
             tokens["refresh_token"],

diff --git a/src/backend/base/langflow/services/auth/utils.py b/src/backend/base/langflow/services/auth/utils.py
@@ -305,7 +305,13 @@ def create_refresh_token(refresh_token: str, db: Session = Depends(get_session))
             )
         user_id: UUID = payload.get("sub")  # type: ignore
         token_type: str = payload.get("type")  # type: ignore
-        if user_id is None or token_type is None:
+
+        if user_id is None or token_type == "":
+            raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid refresh token")
+
+        user_exists = get_user_by_id(db, user_id)
+
+        if user_exists is None:
             raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid refresh token")
 
         return create_user_tokens(user_id, db)

diff --git a/src/frontend/src/controllers/API/api.tsx b/src/frontend/src/controllers/API/api.tsx
@@ -46,18 +46,18 @@ function ApiInterceptor() {
             await tryToRenewAccessToken(error);
 
             const accessToken = cookies.get(LANGFLOW_ACCESS_TOKEN);
-
             if (!accessToken && error?.config?.url?.includes("login")) {
               return Promise.reject(error);
             }
-
-            await remakeRequest(error);
-            setSaveLoading(false);
-            authenticationErrorCount = 0;
           }
         }
         await clearBuildVerticesState(error);
-        return Promise.reject(error);
+        if (
+          error?.response?.status !== 401 &&
+          error?.response?.status !== 403
+        ) {
+          return Promise.reject(error);
+        }
       },
     );
 
@@ -141,21 +141,30 @@ function ApiInterceptor() {
   }
 
   async function tryToRenewAccessToken(error: AxiosError) {
-    try {
-      if (window.location.pathname.includes("/login")) return;
-      mutationRenewAccessToken({});
-    } catch (error) {
-      clearBuildVerticesState(error);
-      mutationLogout(undefined, {
-        onSuccess: () => {
-          logout();
+    if (window.location.pathname.includes("/login")) return;
+    mutationRenewAccessToken(
+      {},
+      {
+        onSuccess: async (data) => {
+          authenticationErrorCount = 0;
+          await remakeRequest(error);
+          setSaveLoading(false);
+          authenticationErrorCount = 0;
         },
         onError: (error) => {
           console.error(error);
+          mutationLogout(undefined, {
+            onSuccess: () => {
+              logout();
+            },
+            onError: (error) => {
+              console.error(error);
+            },
+          });
+          return Promise.reject("Authentication error");
         },
-      });
-      return Promise.reject("Authentication error");
-    }
+      },
+    );
   }
 
   async function clearBuildVerticesState(error) {