From c3e6f224e5a73706a03e1315a97804165b9141ee Mon Sep 17 00:00:00 2001 From: Asif Saif Uddin Date: Sun, 1 Mar 2020 08:52:54 +0600 Subject: [PATCH] Revert "Auto-authorize if valid refresh tokens exist (#754)" This reverts commit a1dcd37f2fc367b13fc63a751f1fdea48206c191. --- oauth2_provider/views/base.py | 8 +------- tests/test_authorization_code.py | 10 ---------- 2 files changed, 1 insertion(+), 17 deletions(-) diff --git a/oauth2_provider/views/base.py b/oauth2_provider/views/base.py index 41c2a6c67..02c32c6aa 100644 --- a/oauth2_provider/views/base.py +++ b/oauth2_provider/views/base.py @@ -15,7 +15,7 @@ from ..exceptions import OAuthToolkitError from ..forms import AllowForm from ..http import OAuth2ResponseRedirect -from ..models import get_access_token_model, get_application_model, get_refresh_token_model +from ..models import get_access_token_model, get_application_model from ..scopes import get_scopes_backend from ..settings import oauth2_settings from ..signals import app_authorized @@ -194,12 +194,6 @@ def get(self, request, *args, **kwargs): expires__gt=timezone.now() ).all() - refresh_tokens = get_refresh_token_model().objects.filter( - user=request.user, - application=kwargs["application"] - ).exclude(revoked__lt=timezone.now()).all() - tokens = list(tokens) + [r.access_token for r in refresh_tokens] - # check past authorizations regarded the same scopes as the current one for token in tokens: if token.allow_scopes(scopes): diff --git a/tests/test_authorization_code.py b/tests/test_authorization_code.py index 69dcfd93a..793cca2d9 100644 --- a/tests/test_authorization_code.py +++ b/tests/test_authorization_code.py @@ -201,16 +201,6 @@ def test_pre_auth_approval_prompt(self): url = "{url}?{qs}".format(url=reverse("oauth2_provider:authorize"), qs=query_string) response = self.client.get(url) self.assertEqual(response.status_code, 302) - # access token expired but valid refresh token exists - tok.expires = timezone.now() - datetime.timedelta(days=1) - tok.save() - reftok = RefreshToken.objects.create( - user=self.test_user, token="0123456789", - application=self.application, - access_token=tok - ) - response = self.client.get(url) - self.assertEqual(response.status_code, 302) # user already authorized the application, but with different scopes: prompt them. tok.scope = "read" tok.save()