diff --git a/apps/utils/authentication.py b/apps/utils/authentication.py index 044d6d75..e8375ffe 100644 --- a/apps/utils/authentication.py +++ b/apps/utils/authentication.py @@ -23,14 +23,24 @@ class GMJWTAuthentication(JWTAuthentication): """ def authenticate(self, request): - token = get_token_from_cookies(request) - if token is None: + try: + token = get_token_from_cookies(request) + # Return non-authorized user if token not in cookies + assert token + + raw_token = self.get_raw_token(token) + # Return non-authorized user if cant get raw token + assert raw_token + + validated_token = self.get_validated_token(raw_token) + user = self.get_user(validated_token) + + # Check record in DB + token_is_valid = user.access_tokens.valid() \ + .by_jti(jti=validated_token.payload.get('jti')) + assert token_is_valid.exists() + except: + # Return non-authorized user if token is invalid or raised an error when run checks. return None - - raw_token = self.get_raw_token(token) - if raw_token is None: - return None - - validated_token = self.get_validated_token(raw_token) - - return self.get_user(validated_token), None + else: + return user, None diff --git a/project/settings/base.py b/project/settings/base.py index d4090fa7..4618887d 100644 --- a/project/settings/base.py +++ b/project/settings/base.py @@ -284,15 +284,15 @@ SMS_CODE_SHOW = False # SMSC Settings SMS_SERVICE = 'http://smsc.ru/sys/send.php' -SMS_LOGIN = 'GM2019' -SMS_PASSWORD = '}#6%Qe7CYG7n' +SMS_LOGIN = os.environ.get('SMS_LOGIN') +SMS_PASSWORD = os.environ.get('SMS_PASSWORD') SMS_SENDER = 'GM' # EMAIL EMAIL_USE_TLS = True EMAIL_HOST = 'smtp.mandrillapp.com' -EMAIL_HOST_USER = 'bbody@gaultmillau.fr' -EMAIL_HOST_PASSWORD = 'FQghjXmS1FmKmlZEpSg6TA' +EMAIL_HOST_USER = os.environ.get('EMAIL_HOST_USER') +EMAIL_HOST_PASSWORD = os.environ.get('EMAIL_HOST_PASSWORD') EMAIL_PORT = 587 # Django Rest Swagger