This is an automated email from the ASF dual-hosted git repository.
vincbeck pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new d0e6222ef8c Handle invalid token in `JWTRefreshMiddleware` (#56904)
d0e6222ef8c is described below
commit d0e6222ef8cabcd4c4add4baf9a0eab7172e5ada
Author: Vincent <[email protected]>
AuthorDate: Mon Oct 20 16:25:15 2025 -0400
Handle invalid token in `JWTRefreshMiddleware` (#56904)
---
.../airflow/api_fastapi/auth/middlewares/refresh_token.py | 7 +++++--
.../api_fastapi/auth/middlewares/test_refresh_token.py | 14 +++++++++++++-
2 files changed, 18 insertions(+), 3 deletions(-)
diff --git
a/airflow-core/src/airflow/api_fastapi/auth/middlewares/refresh_token.py
b/airflow-core/src/airflow/api_fastapi/auth/middlewares/refresh_token.py
index f304eb9517f..81ed8448734 100644
--- a/airflow-core/src/airflow/api_fastapi/auth/middlewares/refresh_token.py
+++ b/airflow-core/src/airflow/api_fastapi/auth/middlewares/refresh_token.py
@@ -17,7 +17,7 @@
# under the License.
from __future__ import annotations
-from fastapi import Request
+from fastapi import HTTPException, Request
from starlette.middleware.base import BaseHTTPMiddleware
from airflow.api_fastapi.app import get_auth_manager
@@ -64,5 +64,8 @@ class JWTRefreshMiddleware(BaseHTTPMiddleware):
@staticmethod
async def _refresh_user(current_token: str) -> BaseUser | None:
- user = await resolve_user_from_token(current_token)
+ try:
+ user = await resolve_user_from_token(current_token)
+ except HTTPException:
+ return None
return get_auth_manager().refresh_user(user=user)
diff --git
a/airflow-core/tests/unit/api_fastapi/auth/middlewares/test_refresh_token.py
b/airflow-core/tests/unit/api_fastapi/auth/middlewares/test_refresh_token.py
index 87648a2be2b..e87b7c3fd2f 100644
--- a/airflow-core/tests/unit/api_fastapi/auth/middlewares/test_refresh_token.py
+++ b/airflow-core/tests/unit/api_fastapi/auth/middlewares/test_refresh_token.py
@@ -20,7 +20,7 @@ from __future__ import annotations
from unittest.mock import AsyncMock, MagicMock, patch
import pytest
-from fastapi import Request, Response
+from fastapi import HTTPException, Request, Response
from airflow.api_fastapi.auth.managers.base_auth_manager import
COOKIE_NAME_JWT_TOKEN
from airflow.api_fastapi.auth.managers.models.base_user import BaseUser
@@ -72,6 +72,18 @@ class TestJWTRefreshMiddleware:
mock_resolve_user_from_token.assert_called_once_with("valid_token")
mock_auth_manager.generate_jwt.assert_not_called()
+
@patch("airflow.api_fastapi.auth.middlewares.refresh_token.resolve_user_from_token")
+ @pytest.mark.asyncio
+ async def test_dispatch_expired_token(self, mock_resolve_user_from_token,
middleware, mock_request):
+ mock_request.cookies = {COOKIE_NAME_JWT_TOKEN: "invalid_token"}
+ mock_resolve_user_from_token.side_effect =
HTTPException(status_code=403)
+
+ call_next = AsyncMock(return_value=Response())
+ await middleware.dispatch(mock_request, call_next)
+
+ call_next.assert_called_once_with(mock_request)
+ mock_resolve_user_from_token.assert_called_once_with("invalid_token")
+
@pytest.mark.asyncio
@patch("airflow.api_fastapi.auth.middlewares.refresh_token.get_auth_manager")
@patch("airflow.api_fastapi.auth.middlewares.refresh_token.resolve_user_from_token")
