@@ -203,7 +203,7 @@ async def refresh(
203203 # Accept int-like strings but reject weird types early
204204 if isinstance (user_id , str ) and user_id .isdigit ():
205205 user_id = int (user_id )
206- if not isinstance (user_id , int ):
206+ if isinstance ( user_id , bool ) or not isinstance (user_id , int ):
207207 raise HTTPException (
208208 status .HTTP_401_UNAUTHORIZED , ResponseMessages .INVALID_TOKEN
209209 )
@@ -283,7 +283,7 @@ async def verify(code: str, session: AsyncSession) -> None:
283283 # Accept int-like strings but reject weird types early
284284 if isinstance (user_id , str ) and user_id .isdigit ():
285285 user_id = int (user_id )
286- if not isinstance (user_id , int ):
286+ if isinstance ( user_id , bool ) or not isinstance (user_id , int ):
287287 raise HTTPException (
288288 status .HTTP_401_UNAUTHORIZED , ResponseMessages .INVALID_TOKEN
289289 )
@@ -421,7 +421,7 @@ async def reset_password(
421421 # Accept int-like strings but reject weird types early
422422 if isinstance (user_id , str ) and user_id .isdigit ():
423423 user_id = int (user_id )
424- if not isinstance (user_id , int ):
424+ if isinstance ( user_id , bool ) or not isinstance (user_id , int ):
425425 raise HTTPException (
426426 status .HTTP_401_UNAUTHORIZED , ResponseMessages .INVALID_TOKEN
427427 )
@@ -578,7 +578,7 @@ async def get_jwt_user( # noqa: C901
578578 # Accept int-like strings but reject weird types early
579579 if isinstance (user_id , str ) and user_id .isdigit ():
580580 user_id = int (user_id )
581- if not isinstance (user_id , int ):
581+ if isinstance ( user_id , bool ) or not isinstance (user_id , int ):
582582 increment_auth_failure ("invalid_token" , "jwt" )
583583 category_logger .warning (
584584 "Authentication attempted with invalid 'sub' claim" ,
0 commit comments