diff --git a/api/auth/auth_jwt.py b/api/auth/auth_jwt.py index c3639e92e6..c8b0297f4f 100644 --- a/api/auth/auth_jwt.py +++ b/api/auth/auth_jwt.py @@ -32,8 +32,12 @@ def __init__(self, auto_error: bool = True): async def __call__(self, request: Request) -> Optional[schemas.CurrentContext]: if request.url.path in ["/refresh", "/api/refresh"]: - refresh_token = request.cookies.get("refreshToken") - jwt_payload = authorizers.jwt_refresh_authorizer(scheme="Bearer", token=refresh_token) + if "refreshToken" not in request.cookies: + logger.warning("Missing refreshToken cookie.") + jwt_payload = None + else: + jwt_payload = authorizers.jwt_refresh_authorizer(scheme="Bearer", token=request.cookies["refreshToken"]) + if jwt_payload is None or jwt_payload.get("jti") is None: raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Invalid token or expired token.") auth_exists = users.refresh_auth_exists(user_id=jwt_payload.get("userId", -1), diff --git a/ee/api/auth/auth_jwt.py b/ee/api/auth/auth_jwt.py index 776f06a6d8..96aa5f4c0f 100644 --- a/ee/api/auth/auth_jwt.py +++ b/ee/api/auth/auth_jwt.py @@ -36,8 +36,12 @@ def __init__(self, auto_error: bool = True): async def __call__(self, request: Request) -> Optional[schemas.CurrentContext]: if request.url.path in ["/refresh", "/api/refresh"]: - refresh_token = request.cookies.get("refreshToken") - jwt_payload = authorizers.jwt_refresh_authorizer(scheme="Bearer", token=refresh_token) + if "refreshToken" not in request.cookies: + logger.warning("Missing refreshToken cookie.") + jwt_payload = None + else: + jwt_payload = authorizers.jwt_refresh_authorizer(scheme="Bearer", token=request.cookies["refreshToken"]) + if jwt_payload is None or jwt_payload.get("jti") is None: raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Invalid token or expired token.") auth_exists = users.refresh_auth_exists(user_id=jwt_payload.get("userId", -1),