Add default permissions for users to address serialization bug

Explicitly handle old refresh tokens which fail Pydantic validation
NeonGeckoCom · Dec 27, 2024 · 62b21c9 · 62b21c9
1 parent 108dfae
commit 62b21c9
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/neon_hana/auth/client_manager.py b/neon_hana/auth/client_manager.py
@@ -52,7 +52,8 @@
                                               diana=AccessRoles.USER,
                                               node=AccessRoles.USER,
                                               hub=AccessRoles.USER,
-                                              llm=AccessRoles.USER)
+                                              llm=AccessRoles.USER,
+                                              users=AccessRoles.NONE)
 
 
 class ClientManager:
@@ -274,6 +275,10 @@ def check_refresh_request(self, access_token: Optional[str],
         except ExpiredSignatureError:
             raise HTTPException(status_code=401,
                                 detail="Refresh token is expired")
+        except ValidationError:
+            raise HTTPException(status_code=400,
+                                detail=f"Invalid token data received from "
+                                       f"client: {client_id}.")
         if refresh_data.jti != token_data.jti + ".refresh":
             raise HTTPException(status_code=403,
                                 detail="Refresh and access token mismatch")