fix auth

apps/utils/authentication.py

@@ -23,14 +23,24 @@ class GMJWTAuthentication(JWTAuthentication):
     """
 
     def authenticate(self, request):
-        token = get_token_from_cookies(request)
+        try:
-        if token is None:
+            token = get_token_from_cookies(request)
+            # Return non-authorized user if token not in cookies
+            assert token
+
+            raw_token = self.get_raw_token(token)
+            # Return non-authorized user if cant get raw token
+            assert raw_token
+
+            validated_token = self.get_validated_token(raw_token)
+            user = self.get_user(validated_token)
+
+            # Check record in DB
+            token_is_valid = user.access_tokens.valid() \
+                                               .by_jti(jti=validated_token.payload.get('jti'))
+            assert token_is_valid.exists()
+        except:
+            # Return non-authorized user if token is invalid or raised an error when run checks.
             return None
-
+        else:
-        raw_token = self.get_raw_token(token)
+            return user, None
-        if raw_token is None:
-            return None
-
-        validated_token = self.get_validated_token(raw_token)
-
-        return self.get_user(validated_token), None