diff --git a/AUTHORS b/AUTHORS index da2570ef7..a81fed695 100644 --- a/AUTHORS +++ b/AUTHORS @@ -46,5 +46,7 @@ Spencer Carroll Stéphane Raimbault Tom Evans Will Beaufoy +Rustem Saiargaliev +Jadiel Teófilo pySilver Łukasz Skarżyński diff --git a/CHANGELOG.md b/CHANGELOG.md index 534ba1c86..660ebefb7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added * #915 Add optional OpenID Connect support. +### Fixed +* #524 Restrict usage of timezone aware expire dates to Django projects with USE_TZ set to True. ### Changed * #942 Help via defunct Google group replaced with using GitHub issues diff --git a/docs/settings.rst b/docs/settings.rst index afca76e01..67ea7b37a 100644 --- a/docs/settings.rst +++ b/docs/settings.rst @@ -310,3 +310,12 @@ OIDC_TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTED Default: ``["client_secret_post", "client_secret_basic"]`` The authentication methods that are advertised to be supported by this server. + + +Settings imported from Django project +-------------------------- + +USE_TZ +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Used to determine whether or not to make token expire dates timezone aware. diff --git a/oauth2_provider/oauth2_validators.py b/oauth2_provider/oauth2_validators.py index f91c06011..25266d04d 100644 --- a/oauth2_provider/oauth2_validators.py +++ b/oauth2_provider/oauth2_validators.py @@ -357,7 +357,7 @@ def _get_token_from_authentication_server( expires = max_caching_time scope = content.get("scope", "") - expires = make_aware(expires) + expires = make_aware(expires) if settings.USE_TZ else expires access_token, _created = AccessToken.objects.update_or_create( token=token, diff --git a/tests/test_introspection_auth.py b/tests/test_introspection_auth.py index 9f871cdea..8b2a6daf0 100644 --- a/tests/test_introspection_auth.py +++ b/tests/test_introspection_auth.py @@ -2,6 +2,7 @@ import datetime import pytest +from django.conf import settings from django.conf.urls import include from django.contrib.auth import get_user_model from django.http import HttpResponse @@ -12,6 +13,7 @@ from oauth2_provider.models import get_access_token_model, get_application_model from oauth2_provider.oauth2_validators import OAuth2Validator +from oauth2_provider.settings import oauth2_settings from oauth2_provider.views import ScopedProtectedResourceView from . import presets @@ -154,6 +156,25 @@ def test_get_token_from_authentication_server_existing_token(self, mock_get): self.assertEqual(token.user.username, "foo_user") self.assertEqual(token.scope, "read write dolphin") + @mock.patch("requests.post", side_effect=mocked_requests_post) + def test_get_token_from_authentication_server_expires_timezone(self, mock_get): + """ + Test method _get_token_from_authentication_server for projects with USE_TZ False + """ + settings_use_tz_backup = settings.USE_TZ + settings.USE_TZ = False + try: + self.validator._get_token_from_authentication_server( + "foo", + oauth2_settings.RESOURCE_SERVER_INTROSPECTION_URL, + oauth2_settings.RESOURCE_SERVER_AUTH_TOKEN, + oauth2_settings.RESOURCE_SERVER_INTROSPECTION_CREDENTIALS, + ) + except ValueError as exception: + self.fail(str(exception)) + finally: + settings.USE_TZ = settings_use_tz_backup + @mock.patch("requests.post", side_effect=mocked_requests_post) def test_validate_bearer_token(self, mock_get): """