This is an automated email from the ASF dual-hosted git repository. pierrejeambrun pushed a commit to branch revert-47791-aip-38-redirect-to-login-on-invalid-token in repository https://gitbox.apache.org/repos/asf/airflow.git
commit 4bd88dbb3902633ba26a974804340795629c083e Author: Pierre Jeambrun <[email protected]> AuthorDate: Fri Mar 14 18:44:28 2025 +0100 Revert "AIP-38 Redirect to login page on invalid JWT token (#47791)" This reverts commit ddbf4dcbcf5f603bb3a97e23743d070ed7c12584. --- airflow/api_fastapi/core_api/security.py | 2 +- airflow/ui/src/main.tsx | 8 ++------ tests/api_fastapi/core_api/test_security.py | 2 +- 3 files changed, 4 insertions(+), 8 deletions(-) diff --git a/airflow/api_fastapi/core_api/security.py b/airflow/api_fastapi/core_api/security.py index 94cb749e1c8..954615a9304 100644 --- a/airflow/api_fastapi/core_api/security.py +++ b/airflow/api_fastapi/core_api/security.py @@ -59,7 +59,7 @@ async def get_user(token_str: Annotated[str, Depends(oauth2_scheme)]) -> BaseUse except ExpiredSignatureError: raise HTTPException(status.HTTP_401_UNAUTHORIZED, "Token Expired") except InvalidTokenError: - raise HTTPException(status.HTTP_403_FORBIDDEN, "JWT token is not valid") + raise HTTPException(status.HTTP_403_FORBIDDEN, "Forbidden") GetUserDep = Annotated[BaseUser, Depends(get_user)] diff --git a/airflow/ui/src/main.tsx b/airflow/ui/src/main.tsx index df95bf88751..e80a74ef192 100644 --- a/airflow/ui/src/main.tsx +++ b/airflow/ui/src/main.tsx @@ -23,7 +23,6 @@ import { StrictMode } from "react"; import { createRoot } from "react-dom/client"; import { RouterProvider } from "react-router-dom"; -import type { HTTPExceptionResponse } from "openapi/requests/types.gen"; import { ColorModeProvider } from "src/context/colorMode"; import { TimezoneProvider } from "src/context/timezone"; import { router } from "src/router"; @@ -35,11 +34,8 @@ import { tokenHandler } from "./utils/tokenHandler"; // redirect to login page if the API responds with unauthorized or forbidden errors axios.interceptors.response.use( (response) => response, - (error: AxiosError<HTTPExceptionResponse>) => { - if ( - error.response?.status === 401 || - (error.response?.status === 403 && error.response.data.detail === "JWT token is not valid") - ) { + (error: AxiosError) => { + if (error.response?.status === 401) { const params = new URLSearchParams(); params.set("next", globalThis.location.href); diff --git a/tests/api_fastapi/core_api/test_security.py b/tests/api_fastapi/core_api/test_security.py index 3c0afcfd485..736afa6050a 100644 --- a/tests/api_fastapi/core_api/test_security.py +++ b/tests/api_fastapi/core_api/test_security.py @@ -66,7 +66,7 @@ class TestFastApiSecurity: auth_manager.get_user_from_token.side_effect = InvalidTokenError() mock_get_auth_manager.return_value = auth_manager - with pytest.raises(HTTPException, match="JWT token is not valid"): + with pytest.raises(HTTPException, match="Forbidden"): await get_user(token_str) auth_manager.get_user_from_token.assert_called_once_with(token_str)
