From 5c4e81d5d23b8fb87b682c414ab94dbe9306450e Mon Sep 17 00:00:00 2001
From: Maxime Alves LIRMM <maxime.alves@lirmm.fr>
Date: Mon, 5 Oct 2020 10:19:52 +0200
Subject: [PATCH] [jwt_mw] Refuse DEBUG tokens in PROD mode with websockets

---
 halfapi/lib/jwt_middleware.py | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/halfapi/lib/jwt_middleware.py b/halfapi/lib/jwt_middleware.py
index 044774a..00129db 100644
--- a/halfapi/lib/jwt_middleware.py
+++ b/halfapi/lib/jwt_middleware.py
@@ -110,10 +110,10 @@ class JWTAuthenticationBackend(AuthenticationBackend):
                 raise AuthenticationError(
                     'Trying to connect using *DEBUG* token in *PRODUCTION* mode')
 
-        except jwt.InvalidTokenError as e:
-            raise AuthenticationError(str(e))
-        except Exception as e:
-            print(e)
+        except jwt.InvalidTokenError as exc:
+            raise AuthenticationError(str(exc))
+        except Exception as exc:
+            logger.error('Authentication error : %s', exc)
             raise e
 
 
@@ -142,8 +142,13 @@ class JWTWebSocketAuthenticationBackend(AuthenticationBackend):
         try:
             payload = jwt.decode(token, key=self.secret_key, algorithms=self.algorithm,
                                  audience=self.audience, options=self.options)
-        except jwt.InvalidTokenError as e:
-            raise AuthenticationError(str(e))
+
+            if PRODUCTION and 'debug' in payload.keys() and payload['debug']:
+                raise AuthenticationError(
+                    'Trying to connect using *DEBUG* token in *PRODUCTION* mode')
+
+        except jwt.InvalidTokenError as exc:
+            raise AuthenticationError(str(exc))
 
         return AuthCredentials(["authenticated"]), JWTUser(id = payload['id'],
                                                            token=token, payload=payload)