baccenfutter/ohmyapi
1
2
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

🐛 Catch invalid user refresh

Browse source
This commit is contained in:
Brian Wiborg 2025-10-27 11:03:12 +01:00
parent 8c2cf01f40
commit 22ca522615
No known key found for this signature in database
1 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/ohmyapi/builtin/auth/routes.py
View file

@ -6,6 +6,7 @@ from fastapi import APIRouter, Body, Depends, Header, HTTPException, Request, st
from fastapi.security import OAuth2, OAuth2PasswordBearer, OAuth2PasswordRequestForm
from fastapi.security.utils import get_authorization_scheme_param
from pydantic import BaseModel
from tortoise.exceptions import DoesNotExist
from ohmyapi.builtin.auth.models import Group, User
@ -214,7 +215,11 @@ async def refresh_token(refresh_token: TokenRefresh = Body(...)):
)
user_id = payload.get("sub")
try:
user = await User.get(id=user_id)
except DoesNotExist:
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED)
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED, detail="User not found"