From 7ebc83dd8c2c92592302e383f87c74ad83a440b1 Mon Sep 17 00:00:00 2001
From: David Bruno Vontor <bruno.vontor@vitkovice.com>
Date: Wed, 7 Jan 2026 13:03:32 +0100
Subject: [PATCH] Update tokens.py

---
 backend/account/tokens.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/backend/account/tokens.py b/backend/account/tokens.py
index 4813243..8fe0b16 100644
--- a/backend/account/tokens.py
+++ b/backend/account/tokens.py
@@ -18,15 +18,22 @@ password_reset_token = PasswordResetTokenGenerator()
 
 
 from rest_framework_simplejwt.authentication import JWTAuthentication
+from rest_framework_simplejwt.exceptions import InvalidToken, TokenError
 
 #NEMĚNIT CUSTOM SBÍRANÍ COOKIE TOKENU
 class CookieJWTAuthentication(JWTAuthentication):
     def authenticate(self, request):
+
         raw_token = request.COOKIES.get('access_token')
 
         if not raw_token:
             return None
         
-        validated_token = self.get_validated_token(raw_token)
-        return self.get_user(validated_token), validated_token
+        try:
+            validated_token = self.get_validated_token(raw_token)
+            return self.get_user(validated_token), validated_token
+        except (InvalidToken, TokenError):
+            # Invalid/expired token - return None instead of raising exception
+            # This allows AllowAny endpoints to work even with bad cookies!!
+            return None