From 69d02e7a07eb573d03f6dea0210379677ac2067a Mon Sep 17 00:00:00 2001
From: Anatoly <a.feteleu@spider.ru>
Date: Wed, 9 Oct 2019 10:05:19 +0300
Subject: [PATCH 1/2] fix auth

---
 apps/utils/authentication.py | 30 ++++++++++++++++++++----------
 1 file changed, 20 insertions(+), 10 deletions(-)

diff --git a/apps/utils/authentication.py b/apps/utils/authentication.py
index 044d6d75..e8375ffe 100644
--- a/apps/utils/authentication.py
+++ b/apps/utils/authentication.py
@@ -23,14 +23,24 @@ class GMJWTAuthentication(JWTAuthentication):
     """
 
     def authenticate(self, request):
-        token = get_token_from_cookies(request)
-        if token is None:
+        try:
+            token = get_token_from_cookies(request)
+            # Return non-authorized user if token not in cookies
+            assert token
+
+            raw_token = self.get_raw_token(token)
+            # Return non-authorized user if cant get raw token
+            assert raw_token
+
+            validated_token = self.get_validated_token(raw_token)
+            user = self.get_user(validated_token)
+
+            # Check record in DB
+            token_is_valid = user.access_tokens.valid() \
+                                               .by_jti(jti=validated_token.payload.get('jti'))
+            assert token_is_valid.exists()
+        except:
+            # Return non-authorized user if token is invalid or raised an error when run checks.
             return None
-
-        raw_token = self.get_raw_token(token)
-        if raw_token is None:
-            return None
-
-        validated_token = self.get_validated_token(raw_token)
-
-        return self.get_user(validated_token), None
+        else:
+            return user, None

From 31f8b5abd12ad2a6b195cc1c1ed21a97eb7168e7 Mon Sep 17 00:00:00 2001
From: Anatoly <a.feteleu@spider.ru>
Date: Wed, 9 Oct 2019 15:19:46 +0300
Subject: [PATCH 2/2] refactored base settings

---
 project/settings/base.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/project/settings/base.py b/project/settings/base.py
index cec6a4d1..2a6f4aea 100644
--- a/project/settings/base.py
+++ b/project/settings/base.py
@@ -275,15 +275,15 @@ SMS_CODE_SHOW = False
 
 # SMSC Settings
 SMS_SERVICE = 'http://smsc.ru/sys/send.php'
-SMS_LOGIN = 'GM2019'
-SMS_PASSWORD = '}#6%Qe7CYG7n'
+SMS_LOGIN = os.environ.get('SMS_LOGIN')
+SMS_PASSWORD = os.environ.get('SMS_PASSWORD')
 SMS_SENDER = 'GM'
 
 # EMAIL
 EMAIL_USE_TLS = True
-EMAIL_HOST = 'smtp.yandex.ru'
-EMAIL_HOST_USER = 't3st.t3stov.t3stovich@yandex.ru'
-EMAIL_HOST_PASSWORD = 'ylhernyutkfbylgk'
+EMAIL_HOST = 'smtp.mandrillapp.com'
+EMAIL_HOST_USER = os.environ.get('EMAIL_HOST_USER')
+EMAIL_HOST_PASSWORD = os.environ.get('EMAIL_HOST_PASSWORD')
 EMAIL_PORT = 587
 
 # Django Rest Swagger