From 9beabfc0b1fbe0946653d3df1e0b976d51b9c057 Mon Sep 17 00:00:00 2001
From: Sam Collins <sam@scollins.co>
Date: Wed, 24 Oct 2018 19:17:30 +0100
Subject: [PATCH] Increased length of RFID code and improved logging (#202)

---
 config/settings/local.py                       |  4 ++++
 mhackspace/rfid/views.py                       | 14 +++++++++++---
 .../migrations/0013_increased_rfid_length.py   | 18 ++++++++++++++++++
 3 files changed, 33 insertions(+), 3 deletions(-)
 create mode 100644 mhackspace/users/migrations/0013_increased_rfid_length.py

diff --git a/config/settings/local.py b/config/settings/local.py
index 50b157e..0781e92 100644
--- a/config/settings/local.py
+++ b/config/settings/local.py
@@ -84,6 +84,10 @@ LOGGING = {
         },
     },
     'loggers': {
+        'mhackspace': {
+          'level': 'DEBUG',
+            'handlers': ['console']
+        },
         'django.request': {
             'handlers': ['mail_admins', 'logfile'],
             'level': 'ERROR',
diff --git a/mhackspace/rfid/views.py b/mhackspace/rfid/views.py
index 2920534..00757db 100644
--- a/mhackspace/rfid/views.py
+++ b/mhackspace/rfid/views.py
@@ -38,16 +38,24 @@ class AuthUserWithDeviceViewSet(viewsets.ViewSet):
             data = jwt.decode(request.data["data"], settings.RFID_SECRET, algorithms=['HS256'])
         except ExpiredSignatureError:
             data = jwt.decode(request.data["data"], settings.RFID_SECRET, algorithms=['HS256'], verify=False)
-            logger.warn(f"Signature expired for {data.get('rfid_code')} on device {data.get('device_id')}")
+            logger.warning(f"Signature expired for {data.get('rfid_code')} on device {data.get('device_id')}")
             return Response(jwt.encode({"authenticated": False}, settings.RFID_SECRET), status=status.HTTP_403_FORBIDDEN)
+        except jwt.exceptions.InvalidTokenError as e:
+            logger.warning(f'Invalid JWT {e} : {request.data["data"]}')
+            return Response(jwt.encode({"authenticated": False}, settings.RFID_SECRET),
+                            status=status.HTTP_403_FORBIDDEN)
 
         if data.get("rfid_code") is None or data.get("rfid_code") is None:
             return Response(status=status.HTTP_400_BAD_REQUEST)
-        # print(data)
         try:
             rfid = Rfid.objects.get(code=data["rfid_code"])
+        except Rfid.DoesNotExist:
+            logger.warning(f"Unable to find valid rfid {data['rfid_code']}")
+            return Response(status=status.HTTP_404_NOT_FOUND)
+        try:
             device = Device.objects.get(identifier=data["device_id"])
-        except ObjectDoesNotExist:
+        except Device.DoesNotExist:
+            logger.warning(f"Unable to find valid device {data['device_id']}")
             return Response(status=status.HTTP_404_NOT_FOUND)
 
         try:
diff --git a/mhackspace/users/migrations/0013_increased_rfid_length.py b/mhackspace/users/migrations/0013_increased_rfid_length.py
new file mode 100644
index 0000000..09630ee
--- /dev/null
+++ b/mhackspace/users/migrations/0013_increased_rfid_length.py
@@ -0,0 +1,18 @@
+# Generated by Django 2.1.2 on 2018-10-24 18:12
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('users', '0012_rfid_users'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='rfid',
+            name='code',
+            field=models.CharField(max_length=200, unique=True),
+        ),
+    ]