From 68890017f6b2169b1436eb5ff18f28f4f9e9be46 Mon Sep 17 00:00:00 2001 From: Egor fureunoir Gorbunov Date: Mon, 17 Nov 2025 16:31:24 +0300 Subject: [PATCH] Features: 1) None; Fixes: 1) Replace direct user access with UUID-based lookup in token mutations; Extra: 1) Updated all three token mutation methods to use User.objects.get by UUID; 2) Added consistent formatting and indentation. --- engine/vibes_auth/graphene/mutations.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/engine/vibes_auth/graphene/mutations.py b/engine/vibes_auth/graphene/mutations.py index bcdb6c5f..4ec6a070 100644 --- a/engine/vibes_auth/graphene/mutations.py +++ b/engine/vibes_auth/graphene/mutations.py @@ -205,7 +205,7 @@ class ObtainJSONWebToken(BaseMutation): try: serializer.is_valid(raise_exception=True) return ObtainJSONWebToken( - user=serializer.validated_data["user"], + user=User.objects.get(serializer.validated_data["user"]["uuid"]), refresh_token=serializer.validated_data["refresh"], access_token=serializer.validated_data["access"], ) @@ -226,7 +226,7 @@ class RefreshJSONWebToken(BaseMutation): try: serializer.is_valid(raise_exception=True) return RefreshJSONWebToken( - user=serializer.validated_data["user"], + user=User.objects.get(serializer.validated_data["user"]["uuid"]), access_token=serializer.validated_data["access"], refresh_token=serializer.validated_data["refresh"], ) @@ -247,7 +247,9 @@ class VerifyJSONWebToken(BaseMutation): with suppress(Exception): serializer.is_valid(raise_exception=True) # noinspection PyTypeChecker - return VerifyJSONWebToken(token_is_valid=True, user=serializer.validated_data["user"]) + return VerifyJSONWebToken( + token_is_valid=True, user=User.objects.get(serializer.validated_data["user"]["uuid"]) + ) detail = traceback.format_exc() if settings.DEBUG else "" # noinspection PyTypeChecker return VerifyJSONWebToken(token_is_valid=False, user=None, detail=detail)