fix: DIA-1935: fix JWT feature flag (#7128)

pakelley · web-flow · commit 441679c489bc · 2025-02-26T08:27:27.000-08:00
diff --git a/label_studio/jwt_auth/middleware.py b/label_studio/jwt_auth/middleware.py
@@ -18,27 +18,21 @@ def __call__(self, request):
         from rest_framework_simplejwt.authentication import JWTAuthentication
         from rest_framework_simplejwt.exceptions import AuthenticationFailed, InvalidToken, TokenError
 
-        JWT_ACCESS_TOKEN_ENABLED = flag_set('fflag__feature_develop__prompts__dia_1829_jwt_token_auth')
-        if JWT_ACCESS_TOKEN_ENABLED:
-            try:
-                user_and_token = JWTAuthentication().authenticate(request)
-                if not user_and_token:
-                    logger.debug('JWT auth could not resolve user/token')
-                    return self.get_response(request)
-
+        try:
+            user_and_token = JWTAuthentication().authenticate(request)
+            if user_and_token:
                 user = User.objects.get(pk=user_and_token[0].pk)
-                if user.active_organization.jwt.api_tokens_enabled:
-                    logger.debug('JWT auth resolved user/token')
+                JWT_ACCESS_TOKEN_ENABLED = flag_set(
+                    'fflag__feature_develop__prompts__dia_1829_jwt_token_auth', user=user
+                )
+                if JWT_ACCESS_TOKEN_ENABLED and user.active_organization.jwt.api_tokens_enabled:
                     request.user = user
                     request.is_jwt = True
-                else:
-                    logger.debug('JWT auth resolved user/token, but org does not have jwt enabled')
-
-            except User.DoesNotExist:
-                logger.info('JWT authentication failed: User no longer exists')
-                return JsonResponse({'detail': 'User not found'}, status=status.HTTP_401_UNAUTHORIZED)
-            except (AuthenticationFailed, InvalidToken, TokenError) as e:
-                logger.info('JWT authentication failed: %s', e)
-                # don't raise 401 here, fallback to other auth methods (in case token is valid for them)
-                # (have unit tests verifying that this still results in a 401 if other auth mechanisms fail)
+        except User.DoesNotExist:
+            logger.info('JWT authentication failed: User no longer exists')
+            return JsonResponse({'detail': 'User not found'}, status=status.HTTP_401_UNAUTHORIZED)
+        except (AuthenticationFailed, InvalidToken, TokenError) as e:
+            logger.info('JWT authentication failed: %s', e)
+            # don't raise 401 here, fallback to other auth methods (in case token is valid for them)
+            # (have unit tests verifying that this still results in a 401 if other auth mechanisms fail)
         return self.get_response(request)
