From ac31290a87e8102142386717afb42b60b4fbd2ba Mon Sep 17 00:00:00 2001
From: Nirodan <nirodan.production@gmail.com>
Date: Wed, 6 May 2026 10:33:11 +0200
Subject: [PATCH] Reject tokens missing required fields to prevent KeyError
 crashes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Tokens issued before 'id' was added to the JWT payload pass signature
verification but cause a KeyError when endpoints access user['id'].
verify_token() now returns None for any token missing id/username/role,
triggering a 401 → the frontend interceptor clears localStorage and
redirects to /login so a fresh token is issued automatically.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 backend/auth/token.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/backend/auth/token.py b/backend/auth/token.py
index c636a11..22ab9ed 100644
--- a/backend/auth/token.py
+++ b/backend/auth/token.py
@@ -21,6 +21,11 @@ def verify_token():
     token = auth_header[7:]  # len("Bearer ") == 7; safe because startswith is verified above
     try:
         decoded = decode(token, SECRET_KEY, algorithms=["HS256"])
+        # Reject tokens that are missing required fields (e.g. issued before
+        # 'id' was added to the payload) so callers never get a KeyError.
+        if not all(k in decoded for k in ("id", "username", "role")):
+            logger.warning("🔐 Token missing required fields — forcing re-login")
+            return None
         return decoded
     except ExpiredSignatureError:
         logger.warning("🔐 Token expired")