fixes-for-inbox-auth-and-startup-faster

auth/authenticate.py

@@ -9,7 +9,7 @@ from auth.credentials import AuthCredentials, AuthUser
 from services.auth.users import UserStorage
 from settings import SESSION_TOKEN_HEADER
 from auth.tokenstorage import SessionToken
-from base.exceptions import InvalidToken
+from base.exceptions import InvalidToken, OperationNotAllowed, Unauthorized
 
 
 class JWTAuthenticate(AuthenticationBackend):
@@ -30,27 +30,26 @@ class JWTAuthenticate(AuthenticationBackend):
         try:
             if len(token.split('.')) > 1:
                 payload = await SessionToken.verify(token)
+                if payload is None:
+                    return AuthCredentials(scopes=[]), AuthUser(user_id=None)
+                user = await UserStorage.get_user(payload.user_id)
+                if not user:
+                    return AuthCredentials(scopes=[]), AuthUser(user_id=None)
+                scopes = await user.get_permission()
+                return (
+                    AuthCredentials(
+                        user_id=payload.user_id,
+                        scopes=scopes,
+                        logged_in=True
+                    ),
+                    user,
+                )
             else:
                 InvalidToken("please try again")
         except Exception as exc:
             print("[auth.authenticate] session token verify error")
             print(exc)
-            return AuthCredentials(scopes=[], error_message=str(exc)), AuthUser(
-                user_id=None
-            )
-
-        if payload is None:
-            return AuthCredentials(scopes=[]), AuthUser(user_id=None)
-
-        user = await UserStorage.get_user(payload.user_id)
-        if not user:
-            return AuthCredentials(scopes=[]), AuthUser(user_id=None)
-
-        scopes = await user.get_permission()
-        return (
-            AuthCredentials(user_id=payload.user_id, scopes=scopes, logged_in=True),
-            user,
-        )
+            return AuthCredentials(scopes=[], error_message=str(exc)), AuthUser(user_id=None)
 
 
 def login_required(func):
@@ -58,10 +57,9 @@ def login_required(func):
     async def wrap(parent, info: GraphQLResolveInfo, *args, **kwargs):
         # print('[auth.authenticate] login required for %r with info %r' % (func, info))  # debug only
         auth: AuthCredentials = info.context["request"].auth
-        if auth and auth.user_id:
-            print(auth)  # debug only
+        # print(auth)
         if not auth.logged_in:
-            return {"error": auth.error_message or "Please login"}
+            raise OperationNotAllowed(auth.error_message or "Please login")
         return await func(parent, info, *args, **kwargs)
 
     return wrap
@@ -73,9 +71,9 @@ def permission_required(resource, operation, func):
         print('[auth.authenticate] permission_required for %r with info %r' % (func, info))  # debug only
         auth: AuthCredentials = info.context["request"].auth
         if not auth.logged_in:
-            return {"error": auth.error_message or "Please login"}
+            raise Unauthorized(auth.error_message or "Please login")
 
-        # TODO: add check permission logix
+        # TODO: add actual check permission logix here
 
         return await func(parent, info, *args, **kwargs)