From 69d02e7a07eb573d03f6dea0210379677ac2067a Mon Sep 17 00:00:00 2001
From: Anatoly <a.feteleu@spider.ru>
Date: Wed, 9 Oct 2019 10:05:19 +0300
Subject: [PATCH] fix auth

---
 apps/utils/authentication.py | 30 ++++++++++++++++++++----------
 1 file changed, 20 insertions(+), 10 deletions(-)

diff --git a/apps/utils/authentication.py b/apps/utils/authentication.py
index 044d6d75..e8375ffe 100644
--- a/apps/utils/authentication.py
+++ b/apps/utils/authentication.py
@@ -23,14 +23,24 @@ class GMJWTAuthentication(JWTAuthentication):
     """
 
     def authenticate(self, request):
-        token = get_token_from_cookies(request)
-        if token is None:
+        try:
+            token = get_token_from_cookies(request)
+            # Return non-authorized user if token not in cookies
+            assert token
+
+            raw_token = self.get_raw_token(token)
+            # Return non-authorized user if cant get raw token
+            assert raw_token
+
+            validated_token = self.get_validated_token(raw_token)
+            user = self.get_user(validated_token)
+
+            # Check record in DB
+            token_is_valid = user.access_tokens.valid() \
+                                               .by_jti(jti=validated_token.payload.get('jti'))
+            assert token_is_valid.exists()
+        except:
+            # Return non-authorized user if token is invalid or raised an error when run checks.
             return None
-
-        raw_token = self.get_raw_token(token)
-        if raw_token is None:
-            return None
-
-        validated_token = self.get_validated_token(raw_token)
-
-        return self.get_user(validated_token), None
+        else:
+            return user, None