diff --git a/src/backend/src/api/APIError.js b/src/backend/src/api/APIError.js index afd1a22fe..413af0a8f 100644 --- a/src/backend/src/api/APIError.js +++ b/src/backend/src/api/APIError.js @@ -356,6 +356,10 @@ module.exports = class APIError { status: 401, message: 'Authentication failed.', }, + 'user_not_found': { + status: 401, + message: 'User not found.', + }, 'token_unsupported': { status: 401, message: 'This authentication token is not supported here.', diff --git a/src/backend/src/helpers.js b/src/backend/src/helpers.js index f721a7e2b..8cacbb44d 100644 --- a/src/backend/src/helpers.js +++ b/src/backend/src/helpers.js @@ -199,7 +199,7 @@ async function get_user(options) { */ function invalidate_cached_user (user) { kv.del('users:username:' + user.username); - // kv.del('users:uuid:' + user.uuid); + kv.del('users:uuid:' + user.uuid); kv.del('users:email:' + user.email); kv.del('users:id:' + user.id); } diff --git a/src/backend/src/services/auth/AuthService.js b/src/backend/src/services/auth/AuthService.js index 8fa9ae856..24c04c0b0 100644 --- a/src/backend/src/services/auth/AuthService.js +++ b/src/backend/src/services/auth/AuthService.js @@ -24,6 +24,7 @@ const { Context } = require("../../util/context"); const APIError = require("../../api/APIError"); const { DB_WRITE } = require("../database/consts"); const { UUIDFPE } = require("../../util/uuidfpe"); +const { nou } = require("../../util/langutil"); // This constant defines the namespace used for generating app UUIDs from their origins const APP_ORIGIN_UUID_NAMESPACE = '33de3768-8ee0-43e9-9e73-db192b97a5d8'; @@ -106,6 +107,10 @@ class AuthService extends BaseService { const user = await get_user({ uuid: decoded.user_uid }); + if ( nou(user) ) { + throw APIError.create('user_not_found'); + } + const actor_type = new UserActorType({ user, session: session.uuid,