def test_expired_authorization_code(self):
"""
Test for requesting access code when authorization code has been expired
"""
self.client.login(username='******', password='******')
ac = AuthorizationCode(application=self.application,
user=self.test_user,
code='BANANA',
expires=timezone.now(),
redirect_uri='',
scope='')
ac.save()
token_request = {
'grant_type': 'authorization_code',
'code': 'BANANA',
'redirect_uri': 'http://localhost',
}
self.client.credentials(HTTP_AUTHORIZATION=self.get_basic_auth(
self.application.client_id, self.application.client_secret))
response = self.client.post(reverse('oauth_api:token'), token_request)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def save_authorization_code(self, client_id, code, request, *args, **kwargs):
"""
Persist the authorization_code.
"""
expires = timezone.now() + timedelta(seconds=oauth_api_settings.ACCESS_TOKEN_EXPIRATION)
auth_code = AuthorizationCode(application=request.client, user=request.user, code=code['code'],
expires=expires, redirect_uri=request.redirect_uri,
scope=' '.join(request.scopes))
auth_code.save()
return request.redirect_uri
def test_expired_authorization_code(self):
"""
Test for requesting access code when authorization code has been expired
"""
self.client.login(username='******', password='******')
ac = AuthorizationCode(application=self.application, user=self.test_user, code='BANANA', expires=timezone.now(),
redirect_uri='', scope='')
ac.save()
token_request = {
'grant_type': 'authorization_code',
'code': 'BANANA',
'redirect_uri': 'http://localhost',
}
self.client.credentials(HTTP_AUTHORIZATION=self.get_basic_auth(self.application.client_id,
self.application.client_secret))
response = self.client.post(reverse('oauth_api:token'), token_request)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
