[bug 950358] Beefen up the token auth code

This adds some exception handling and other things that beefen up the
token auth code to be more resilient. It'd be super if this alleviates
whatever problem is occurring that's then causing Raven to get all fussy
mcfussypants.

kitsune/users/auth.py

@@ -22,7 +22,11 @@ class TokenLoginBackend(object):
     """
 
     def authenticate(self, auth):
-        decoded = base64.b64decode(auth)
+        try:
+            decoded = base64.b64decode(auth)
+        except (TypeError, UnicodeDecodeError):
+            return None
+
         if ':' not in decoded:
             return None
         username, token = decoded.split(':')
@@ -47,6 +51,7 @@ def get_user(self, user_id):
 
 
 def get_auth_str(user):
+    """Creates an auth string based on {username}:{token}"""
     token = default_token_generator.make_token(user)
     auth = '{0}:{1}'.format(user.username, token)
     return base64.b64encode(auth)

kitsune/users/middleware.py

@@ -1,5 +1,5 @@
-from django.contrib.auth import authenticate, login
 from django.contrib import messages
+from django.contrib.auth import authenticate, login
 
 from tower import ugettext_lazy as _lazy
 
@@ -8,9 +8,14 @@ class TokenLoginMiddleware(object):
     """Allows users to be logged in via one time tokens."""
 
     def process_request(self, request):
+        try:
+            auth = request.GET.get('auth')
+        except IOError:
+            # Django can throw an IOError when trying to read the GET
+            # data.
+            return
 
-        auth = request.GET.get('auth')
-        if auth is None or request.user.is_authenticated():
+        if auth is None or (request.user and request.user.is_authenticated()):
             return
         user = authenticate(auth=auth)
         if user and user.is_active: