Rebase fixing conflicts and tests

Author: wiliamsouza

oauth2_provider/oauth2_validators.py

@@ -854,3 +854,24 @@ def validate_user_match(self, id_token_hint, scopes, claims, request):
         # https://github.com/idan/oauthlib/blob/master/oauthlib/oauth2/rfc6749/request_validator.py#L556
         # http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest id_token_hint section
         return True
+
+    def get_authorization_code_nonce(self, client_id, code, redirect_uri, request):
+        """ Extracts nonce from saved authorization code.
+        If present in the Authentication Request, Authorization
+        Servers MUST include a nonce Claim in the ID Token with the
+        Claim Value being the nonce value sent in the Authentication
+        Request. Authorization Servers SHOULD perform no other
+        processing on nonce values used. The nonce value is a
+        case-sensitive string.
+        Only code param should be sufficient to retrieve grant code from
+        any storage you are using. However, `client_id` and `redirect_uri`
+        have been validated and can be used also.
+        :param client_id: Unicode client identifier
+        :param code: Unicode authorization code grant
+        :param redirect_uri: Unicode absolute URI
+        :return: Unicode nonce
+        Method is used by:
+            - Authorization Token Grant Dispatcher
+        """
+        # TODO: Fix this ;)
+        return  ""

oauth2_provider/views/base.py

@@ -145,7 +145,7 @@ def form_valid(self, form):
         except OAuthToolkitError as error:
             return self.error_response(error, application)
 
-        self.success_url = redirect_uri
+        self.success_url = uri
         log.debug("Success url for the request: {0}".format(self.success_url))
         return self.redirect(self.success_url, application)
 
@@ -174,9 +174,9 @@ def get(self, request, *args, **kwargs):
             client_id=credentials["client_id"]
         )
 
-        uri_query = parse.urlparse(self.request.get_raw_uri()).query
+        uri_query = urllib.parse.urlparse(self.request.get_raw_uri()).query
         uri_query_params = dict(
-            parse.parse_qsl(uri_query, keep_blank_values=True, strict_parsing=True)
+            urllib.parse.parse_qsl(uri_query, keep_blank_values=True, strict_parsing=True)
         )
 
         kwargs["application"] = application
@@ -212,7 +212,7 @@ def get(self, request, *args, **kwargs):
                     credentials=credentials,
                     allow=True,
                 )
-                return self.redirect(redirect_uri, application)
+                return self.redirect(uri, application)
 
             elif require_approval == "auto":
                 tokens = (
@@ -235,7 +235,7 @@ def get(self, request, *args, **kwargs):
                             credentials=credentials,
                             allow=True,
                         )
-                        return self.redirect(redirect_uri, application)
+                        return self.redirect(uri, application)
 
         except OAuthToolkitError as error:
             return self.error_response(error, application)

tests/test_models.py

@@ -1,5 +1,3 @@
-from datetime import datetime as dt
-
 import pytest
 from django.contrib.auth import get_user_model
 from django.core.exceptions import ImproperlyConfigured, ValidationError
@@ -8,30 +6,23 @@
 from django.utils import timezone
 
 from oauth2_provider.models import (
-    clear_expired,
-    get_access_token_model,
-    get_application_model,
-    get_grant_model,
-    get_refresh_token_model,
-    get_id_token_model,
+    clear_expired, get_access_token_model, get_application_model,
+    get_grant_model, get_refresh_token_model
 )
 from oauth2_provider.settings import oauth2_settings
 
-from .models import SampleRefreshToken
 
 Application = get_application_model()
 Grant = get_grant_model()
 AccessToken = get_access_token_model()
 RefreshToken = get_refresh_token_model()
 UserModel = get_user_model()
-IDToken = get_id_token_model()
 
 
 class TestModels(TestCase):
+
     def setUp(self):
-        self.user = UserModel.objects.create_user(
-            "test_user", "[email protected]", "123456"
-        )
+        self.user = UserModel.objects.create_user("test_user", "[email protected]", "123456")
 
     def test_allow_scopes(self):
         self.client.login(username="test_user", password="123456")
@@ -44,7 +35,11 @@ def test_allow_scopes(self):
         )
 
         access_token = AccessToken(
-            user=self.user, scope="read write", expires=0, token="", application=app
+            user=self.user,
+            scope="read write",
+            expires=0,
+            token="",
+            application=app
         )
 
         self.assertTrue(access_token.allow_scopes(["read", "write"]))
@@ -99,30 +94,35 @@ def test_scopes_property(self):
         )
 
         access_token = AccessToken(
-            user=self.user, scope="read write", expires=0, token="", application=app
+            user=self.user,
+            scope="read write",
+            expires=0,
+            token="",
+            application=app
         )
 
         access_token2 = AccessToken(
-            user=self.user, scope="write", expires=0, token="", application=app
+            user=self.user,
+            scope="write",
+            expires=0,
+            token="",
+            application=app
         )
 
-        self.assertEqual(
-            access_token.scopes, {"read": "Reading scope", "write": "Writing scope"}
-        )
+        self.assertEqual(access_token.scopes, {"read": "Reading scope", "write": "Writing scope"})
         self.assertEqual(access_token2.scopes, {"write": "Writing scope"})
 
 
 @override_settings(
     OAUTH2_PROVIDER_APPLICATION_MODEL="tests.SampleApplication",
     OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL="tests.SampleAccessToken",
     OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL="tests.SampleRefreshToken",
-    OAUTH2_PROVIDER_GRANT_MODEL="tests.SampleGrant",
+    OAUTH2_PROVIDER_GRANT_MODEL="tests.SampleGrant"
 )
 class TestCustomModels(TestCase):
+
     def setUp(self):
-        self.user = UserModel.objects.create_user(
-            "test_user", "[email protected]", "123456"
-        )
+        self.user = UserModel.objects.create_user("test_user", "[email protected]", "123456")
 
     def test_custom_application_model(self):
         """
@@ -132,8 +132,7 @@ def test_custom_application_model(self):
         See issue #90 (https://github.com/jazzband/django-oauth-toolkit/issues/90)
         """
         related_object_names = [
-            f.name
-            for f in UserModel._meta.get_fields()
+            f.name for f in UserModel._meta.get_fields()
             if (f.one_to_many or f.one_to_one) and f.auto_created and not f.concrete
         ]
         self.assertNotIn("oauth2_provider:application", related_object_names)
@@ -164,8 +163,7 @@ def test_custom_access_token_model(self):
         """
         # Django internals caches the related objects.
         related_object_names = [
-            f.name
-            for f in UserModel._meta.get_fields()
+            f.name for f in UserModel._meta.get_fields()
             if (f.one_to_many or f.one_to_one) and f.auto_created and not f.concrete
         ]
         self.assertNotIn("oauth2_provider:access_token", related_object_names)
@@ -196,8 +194,7 @@ def test_custom_refresh_token_model(self):
         """
         # Django internals caches the related objects.
         related_object_names = [
-            f.name
-            for f in UserModel._meta.get_fields()
+            f.name for f in UserModel._meta.get_fields()
             if (f.one_to_many or f.one_to_one) and f.auto_created and not f.concrete
         ]
         self.assertNotIn("oauth2_provider:refresh_token", related_object_names)
@@ -228,8 +225,7 @@ def test_custom_grant_model(self):
         """
         # Django internals caches the related objects.
         related_object_names = [
-            f.name
-            for f in UserModel._meta.get_fields()
+            f.name for f in UserModel._meta.get_fields()
             if (f.one_to_many or f.one_to_one) and f.auto_created and not f.concrete
         ]
         self.assertNotIn("oauth2_provider:grant", related_object_names)
@@ -255,6 +251,7 @@ def test_custom_grant_model_not_installed(self):
 
 
 class TestGrantModel(TestCase):
+
     def test_str(self):
         grant = Grant(code="test_code")
         self.assertEqual("%s" % grant, grant.code)
@@ -266,10 +263,9 @@ def test_expires_can_be_none(self):
 
 
 class TestAccessTokenModel(TestCase):
+
     def setUp(self):
-        self.user = UserModel.objects.create_user(
-            "test_user", "[email protected]", "123456"
-        )
+        self.user = UserModel.objects.create_user("test_user", "[email protected]", "123456")
 
     def test_str(self):
         access_token = AccessToken(token="test_token")
@@ -283,9 +279,7 @@ def test_user_can_be_none(self):
             client_type=Application.CLIENT_CONFIDENTIAL,
             authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
         )
-        access_token = AccessToken.objects.create(
-            token="test_token", application=app, expires=timezone.now()
-        )
+        access_token = AccessToken.objects.create(token="test_token", application=app, expires=timezone.now())
         self.assertIsNone(access_token.user)
 
     def test_expires_can_be_none(self):
@@ -295,58 +289,16 @@ def test_expires_can_be_none(self):
 
 
 class TestRefreshTokenModel(TestCase):
+
     def test_str(self):
         refresh_token = RefreshToken(token="test_token")
         self.assertEqual("%s" % refresh_token, refresh_token.token)
 
 
 class TestClearExpired(TestCase):
+
     def setUp(self):
-        self.user = UserModel.objects.create_user(
-            "test_user", "[email protected]", "123456"
-        )
-        app1 = Application.objects.create(
-            name="Test Application",
-            redirect_uris=(
-                "http://localhost http://example.com http://example.org custom-scheme://example.com"
-            ),
-            user=self.user,
-            client_type=Application.CLIENT_CONFIDENTIAL,
-            authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
-        )
-        app2 = Application.objects.create(
-            name="Test Application",
-            redirect_uris=(
-                "http://localhost http://example.com http://example.org custom-scheme://example.com"
-            ),
-            user=self.user,
-            client_type=Application.CLIENT_CONFIDENTIAL,
-            authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
-        )
-        id1 = IDToken.objects.create(
-            token="666",
-            expires=dt.now(),
-            scope=2,
-            application=app1,
-            user=self.user,
-            created=dt.now(),
-            updated=dt.now(),
-        )
-        id2 = IDToken.objects.create(
-            token="999",
-            expires=dt.now(),
-            scope=2,
-            application=app2,
-            user=self.user,
-            created=dt.now(),
-            updated=dt.now(),
-        )
-        refresh_token1 = SampleRefreshToken.objects.create(
-            token="test_token", application=app1, user=self.user,
-        )
-        refresh_token2 = SampleRefreshToken.objects.create(
-            token="test_token2", application=app2, user=self.user,
-        )
+        self.user = UserModel.objects.create_user("test_user", "[email protected]", "123456")
         # Insert two tokens on database.
         app = Application.objects.create(
             name="test_app",
@@ -359,24 +311,20 @@ def setUp(self):
             token="555",
             expires=timezone.now(),
             scope=2,
-            application=app1,
-            id_token=id1,
+            application=app,
             user=self.user,
-            created=dt.now(),
-            updated=dt.now(),
-            refresh_token=refresh_token1,
-        )
+            created=timezone.now(),
+            updated=timezone.now(),
+            )
         AccessToken.objects.create(
             token="666",
             expires=timezone.now(),
             scope=2,
-            application=app2,
+            application=app,
             user=self.user,
-            id_token=id2,
-            created=dt.now(),
-            updated=dt.now(),
-            refresh_token=refresh_token2,
-        )
+            created=timezone.now(),
+            updated=timezone.now(),
+            )
 
     def test_clear_expired_tokens(self):
         oauth2_settings.REFRESH_TOKEN_EXPIRE_SECONDS = 60