Fix flow where oidc_expiry is different from token expiry (#1974)

backend/danswer/auth/users.py

@@ -347,6 +347,12 @@ async def double_check_user(
             detail="Access denied. User is not verified.",
         )
 
+    if user.oidc_expiry and user.oidc_expiry < datetime.now(timezone.utc):
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Access denied. User's OIDC token has expired.",
+        )
+
     return user
 
 

backend/danswer/server/manage/users.py

@@ -1,5 +1,6 @@
 import re
 from datetime import datetime
+from datetime import timezone
 
 from fastapi import APIRouter
 from fastapi import Body
@@ -296,6 +297,12 @@ def verify_user_logged_in(
             status_code=status.HTTP_403_FORBIDDEN, detail="User Not Authenticated"
         )
 
+    if user.oidc_expiry and user.oidc_expiry < datetime.now(timezone.utc):
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Access denied. User's OIDC token has expired.",
+        )
+
     token_created_at = get_current_token_creation(user, db_session)
     user_info = UserInfo.from_model(
         user,

backend/danswer/tools/custom/openapi_parsing.py

@@ -1,7 +1,7 @@
 from typing import Any
 from typing import cast
 
-from openai import BaseModel
+from pydantic import BaseModel
 
 REQUEST_BODY = "requestBody"