Features: 1) None;

Fixes: 1) Replace direct user access with UUID-based lookup in token mutations; Extra: 1) Updated all three token mutation methods to use User.objects.get by UUID; 2) Added consistent formatting and indentation.
2025-11-17 16:31:24 +03:00 · 2025-11-17 16:31:24 +03:00 · 68890017f6
commit 68890017f6
parent 8caeff538a
1 changed files with 5 additions and 3 deletions
--- a/engine/vibes_auth/graphene/mutations.py
+++ b/engine/vibes_auth/graphene/mutations.py
@ -205,7 +205,7 @@ class ObtainJSONWebToken(BaseMutation):
        try:
            serializer.is_valid(raise_exception=True)
            return ObtainJSONWebToken(
-                user=serializer.validated_data["user"],
+                user=User.objects.get(serializer.validated_data["user"]["uuid"]),
                refresh_token=serializer.validated_data["refresh"],
                access_token=serializer.validated_data["access"],
            )
@ -226,7 +226,7 @@ class RefreshJSONWebToken(BaseMutation):
        try:
            serializer.is_valid(raise_exception=True)
            return RefreshJSONWebToken(
-                user=serializer.validated_data["user"],
+                user=User.objects.get(serializer.validated_data["user"]["uuid"]),
                access_token=serializer.validated_data["access"],
                refresh_token=serializer.validated_data["refresh"],
            )
@ -247,7 +247,9 @@ class VerifyJSONWebToken(BaseMutation):
        with suppress(Exception):
            serializer.is_valid(raise_exception=True)
            # noinspection PyTypeChecker
-            return VerifyJSONWebToken(token_is_valid=True, user=serializer.validated_data["user"])
+            return VerifyJSONWebToken(
+                token_is_valid=True, user=User.objects.get(serializer.validated_data["user"]["uuid"])
+            )
        detail = traceback.format_exc() if settings.DEBUG else ""
        # noinspection PyTypeChecker
        return VerifyJSONWebToken(token_is_valid=False, user=None, detail=detail)