fix auth

2019-10-09 10:05:19 +03:00 · 2019-10-09 10:05:19 +03:00 · 69d02e7a07
commit 69d02e7a07
parent 861daf8871
1 changed files with 20 additions and 10 deletions
--- a/apps/utils/authentication.py
+++ b/apps/utils/authentication.py
@ -23,14 +23,24 @@ class GMJWTAuthentication(JWTAuthentication):
    """

    def authenticate(self, request):
+        try:
            token = get_token_from_cookies(request)
-        if token is None:
-            return None
+            # Return non-authorized user if token not in cookies
+            assert token

            raw_token = self.get_raw_token(token)
-        if raw_token is None:
-            return None
+            # Return non-authorized user if cant get raw token
+            assert raw_token

            validated_token = self.get_validated_token(raw_token)
+            user = self.get_user(validated_token)

-        return self.get_user(validated_token), None
+            # Check record in DB
+            token_is_valid = user.access_tokens.valid() \
+                                               .by_jti(jti=validated_token.payload.get('jti'))
+            assert token_is_valid.exists()
+        except:
+            # Return non-authorized user if token is invalid or raised an error when run checks.
+            return None
+        else:
+            return user, None