fix(backend): correctly return JSONResponse content on refresh endpoints

hotosm · Dec 11, 2024 · 3a9a50f · 3a9a50f
1 parent 9a936b2
commit 3a9a50f
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 8 deletions.
diff --git a/src/backend/app/auth/auth_deps.py b/src/backend/app/auth/auth_deps.py
@@ -23,7 +23,6 @@
 
 import jwt
 from fastapi import Header, HTTPException, Request, Response
-from fastapi.responses import JSONResponse
 from loguru import logger as log
 
 from app.auth.auth_schemas import AuthUser
@@ -72,7 +71,7 @@ def set_cookies(
     refresh_token: str,
     cookie_name: str = settings.cookie_name,
     refresh_cookie_name: str = f"{settings.cookie_name}_refresh",
-) -> JSONResponse:
+) -> Response:
     """Set cookies for the access and refresh tokens.
 
     Args:
@@ -83,12 +82,12 @@ def set_cookies(
             refresh token.
 
     Returns:
-        JSONResponse: A response with attached cookies (set-cookie headers).
+        Response: A response with attached cookies (set-cookie headers).
     """
     # NOTE if needed we can return the token in the JSON response, but we don't for now
     # response = JSONResponse(status_code=HTTPStatus.OK,
     # content={"token": access_token})
-    response = JSONResponse(status_code=HTTPStatus.OK, content={})
+    response = Response(status_code=HTTPStatus.OK)
 
     secure = not settings.DEBUG
     domain = settings.FMTM_DOMAIN

diff --git a/src/backend/app/auth/auth_routes.py b/src/backend/app/auth/auth_routes.py
@@ -255,8 +255,11 @@ async def refresh_fmtm_cookies(request: Request, current_user: AuthUser):
         # Append the user data to the JSONResponse
         # We use this in the frontend to determine if the token user matches the
         # currently logged in user. If no, we clear the frontend auth state.
-        response.content = access_token_data
-        return response
+        return JSONResponse(
+            status=response.status,
+            headers=response.headers,
+            content=access_token_data,
+        )
 
     except Exception as e:
         raise HTTPException(
@@ -338,5 +341,8 @@ async def refresh_mapper_token(
         f"{settings.cookie_name}_temp",
         f"{settings.cookie_name}_temp_refresh",
     )
-    response.content = jwt_data
-    return response
+    return JSONResponse(
+        status=response.status,
+        headers=response.headers,
+        content=jwt_data,
+    )