Revert "Auto-authorize if valid refresh tokens exist"

oauth2_provider/views/base.py

@@ -15,7 +15,7 @@
 from ..exceptions import OAuthToolkitError
 from ..forms import AllowForm
 from ..http import OAuth2ResponseRedirect
-from ..models import get_access_token_model, get_application_model, get_refresh_token_model
+from ..models import get_access_token_model, get_application_model
 from ..scopes import get_scopes_backend
 from ..settings import oauth2_settings
 from ..signals import app_authorized
@@ -194,12 +194,6 @@ def get(self, request, *args, **kwargs):
                     expires__gt=timezone.now()
                 ).all()
 
-                refresh_tokens = get_refresh_token_model().objects.filter(
-                    user=request.user,
-                    application=kwargs["application"]
-                ).exclude(revoked__lt=timezone.now()).all()
-                tokens = list(tokens) + [r.access_token for r in refresh_tokens]
-
                 # check past authorizations regarded the same scopes as the current one
                 for token in tokens:
                     if token.allow_scopes(scopes):

tests/test_authorization_code.py

@@ -201,16 +201,6 @@ def test_pre_auth_approval_prompt(self):
         url = "{url}?{qs}".format(url=reverse("oauth2_provider:authorize"), qs=query_string)
         response = self.client.get(url)
         self.assertEqual(response.status_code, 302)
-        # access token expired but valid refresh token exists
-        tok.expires = timezone.now() - datetime.timedelta(days=1)
-        tok.save()
-        reftok = RefreshToken.objects.create(
-            user=self.test_user, token="0123456789",
-            application=self.application,
-            access_token=tok
-        )
-        response = self.client.get(url)
-        self.assertEqual(response.status_code, 302)
         # user already authorized the application, but with different scopes: prompt them.
         tok.scope = "read"
         tok.save()