def test_expired_authorization_code(self): """ Test for requesting access code when authorization code has been expired """ self.client.login(username='******', password='******') ac = AuthorizationCode(application=self.application, user=self.test_user, code='BANANA', expires=timezone.now(), redirect_uri='', scope='') ac.save() token_request = { 'grant_type': 'authorization_code', 'code': 'BANANA', 'redirect_uri': 'http://localhost', } self.client.credentials(HTTP_AUTHORIZATION=self.get_basic_auth( self.application.client_id, self.application.client_secret)) response = self.client.post(reverse('oauth_api:token'), token_request) self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def save_authorization_code(self, client_id, code, request, *args, **kwargs): """ Persist the authorization_code. """ expires = timezone.now() + timedelta(seconds=oauth_api_settings.ACCESS_TOKEN_EXPIRATION) auth_code = AuthorizationCode(application=request.client, user=request.user, code=code['code'], expires=expires, redirect_uri=request.redirect_uri, scope=' '.join(request.scopes)) auth_code.save() return request.redirect_uri
def test_expired_authorization_code(self): """ Test for requesting access code when authorization code has been expired """ self.client.login(username='******', password='******') ac = AuthorizationCode(application=self.application, user=self.test_user, code='BANANA', expires=timezone.now(), redirect_uri='', scope='') ac.save() token_request = { 'grant_type': 'authorization_code', 'code': 'BANANA', 'redirect_uri': 'http://localhost', } self.client.credentials(HTTP_AUTHORIZATION=self.get_basic_auth(self.application.client_id, self.application.client_secret)) response = self.client.post(reverse('oauth_api:token'), token_request) self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)