Skip to content

Commit

Permalink
Merge branch '244', oauthlib compatibility
Browse files Browse the repository at this point in the history
  • Loading branch information
masci committed Jul 28, 2015
2 parents b92bfc6 + 166308f commit 768e4ff
Show file tree
Hide file tree
Showing 4 changed files with 40 additions and 9 deletions.
21 changes: 14 additions & 7 deletions oauth2_provider/oauth2_validators.py
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,10 @@ def _authenticate_basic_auth(self, request):
if not auth_string:
return False

encoding = request.encoding or 'utf-8'
try:
encoding = request.encoding
except AttributeError:
encoding = 'utf-8'

try:
b64_decoded = base64.b64decode(auth_string)
Expand Down Expand Up @@ -91,10 +94,10 @@ def _authenticate_request_body(self, request):
directly utilize the HTTP Basic authentication scheme. See rfc:`2.3.1` for more details.
"""
# TODO: check if oauthlib has already unquoted client_id and client_secret
client_id = request.client_id
client_secret = request.client_secret

if not client_id or not client_secret:
try:
client_id = request.client_id
client_secret = request.client_secret
except AttributeError:
return False

if self._load_application(client_id, request) is None:
Expand Down Expand Up @@ -143,8 +146,12 @@ def client_authentication_required(self, request, *args, **kwargs):
if self._extract_basic_auth(request):
return True

if request.client_id and request.client_secret:
return True
try:
if request.client_id and request.client_secret:
return True
except AttributeError:
log.debug("Client id or client secret not provided, proceed evaluating if authentication is required...")
pass

self._load_application(request.client_id, request)
if request.client:
Expand Down
2 changes: 1 addition & 1 deletion oauth2_provider/tests/test_authorization_code.py
Original file line number Diff line number Diff line change
Expand Up @@ -261,7 +261,7 @@ def test_pre_auth_wrong_response_type(self):

response = self.client.get(url)
self.assertEqual(response.status_code, 302)
self.assertIn("error=unauthorized_client", response['Location'])
self.assertIn("error=unsupported_response_type", response['Location'])

def test_code_post_auth_allow(self):
"""
Expand Down
24 changes: 24 additions & 0 deletions oauth2_provider/tests/test_token_revocation.py
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,30 @@ def test_revoke_access_token(self):
self.assertEqual(response.content, b'')
self.assertFalse(AccessToken.objects.filter(id=tok.id).exists())

def test_revoke_access_token_public(self):
public_app = Application(
name="Test Application",
redirect_uris="http://localhost http://example.com http://example.it",
user=self.dev_user,
client_type=Application.CLIENT_PUBLIC,
authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
)
public_app.save()

tok = AccessToken.objects.create(user=self.test_user, token='1234567890',
application=public_app,
expires=timezone.now() + datetime.timedelta(days=1),
scope='read write')

query_string = urlencode({
'client_id': public_app.client_id,
'token': tok.token,
})

url = "{url}?{qs}".format(url=reverse('oauth2_provider:revoke-token'), qs=query_string)
response = self.client.post(url)
self.assertEqual(response.status_code, 200)

def test_revoke_access_token_with_hint(self):
"""
Expand Down
2 changes: 1 addition & 1 deletion requirements/base.txt
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
Sphinx==1.3.1
South==1.0
oauthlib>=0.6.2
oauthlib==1.0.1
django-braces==1.4.0
six

0 comments on commit 768e4ff

Please sign in to comment.