Updated scope gate

loganbertram · loganbertram · commit 1f5aeb6ffe5e · 2024-10-30T11:27:19.000-04:00
diff --git a/apps/dot_ext/tests/test_views.py b/apps/dot_ext/tests/test_views.py
@@ -202,7 +202,6 @@ def testing_post_with_share_demographic_scopes(self):
         # Loop through test cases in dictionary
         cases = VIEW_OAUTH2_SCOPES_TEST_CASES
         for case in cases:
-            print(case)
             # Setup request parameters for test case
             request_bene_share_demographic_scopes = cases[case][
                 "request_bene_share_demographic_scopes"
diff --git a/apps/dot_ext/views/authorization.py b/apps/dot_ext/views/authorization.py
@@ -6,7 +6,6 @@
 import waffle
 from waffle import get_waffle_flag_model
 
-from django.conf import settings
 from django.http.response import HttpResponse, HttpResponseBadRequest
 from django.template.response import TemplateResponse
 from django.utils.decorators import method_decorator
@@ -23,7 +22,7 @@
 from oauth2_provider.models import get_application_model
 from oauthlib.oauth2.rfc6749.errors import InvalidClientError, InvalidGrantError
 from urllib.parse import urlparse, parse_qs
-import html
+
 from apps.dot_ext.scopes import CapabilitiesScopes
 import apps.logging.request_logger as bb2logging
 
@@ -121,12 +120,12 @@ def sensitive_info_check(self, request):
     def get_template_names(self):
         flag = get_waffle_flag_model().get("limit_data_access")
         if waffle.switch_is_active('require-scopes'):
-            if flag.rollout or (flag.id is not None and self.application and flag.is_active_for_user(self.application.user)):
+            if flag.rollout or (flag.id is not None and flag.is_active_for_user(self.application.user)):
                 return ["design_system/new_authorize_v2.html"]
             else:
                 return ["design_system/authorize_v2.html"]
         else:
-            if flag.rollout or (flag.id is not None and self.user and flag.is_active_for_user(self.user)):
+            if flag.rollout or (flag.id is not None and flag.is_active_for_user(self.user)):
                 return ["design_system/new_authorize_v2.html"]
             else:
                 return ["design_system/authorize.html"]
@@ -171,21 +170,16 @@ def form_valid(self, form):
         application_available_scopes = CapabilitiesScopes().get_available_scopes(application=application)
 
         # Set scopes to those available to application and beneficiary demographic info choices
-        if share_demographic_scopes == "True":
-            scopes = ' '.join(
-                [s for s in scopes.split(" ") if s in application_available_scopes]
-            )
-        else:
-            scopes = ' '.join(
-                [s for s in scopes.split(" ")
-                 if s in application_available_scopes and s not in settings.BENE_PERSONAL_INFO_SCOPES]
-            )
+        scopes = ' '.join([s for s in scopes.split(" ")
+                          if s in application_available_scopes])
 
         # Init deleted counts
         data_access_grant_delete_cnt = 0
         access_token_delete_cnt = 0
         refresh_token_delete_cnt = 0
 
+        if not scopes:
+            return self.error_response("No scopes defined", application)
         try:
             uri, headers, body, status = self.create_authorization_response(
                 request=self.request, scopes=scopes, credentials=credentials, allow=allow
@@ -362,40 +356,6 @@ def post(self, request, *args, **kwargs):
         return super().post(request, args, kwargs)
 
 
-@method_decorator(csrf_exempt, name="dispatch")
-class RevokeView(DotRevokeTokenView):
-
-    @method_decorator(sensitive_post_parameters("password"))
-    def post(self, request, *args, **kwargs):
-        at_model = get_access_token_model()
-        try:
-            app = validate_app_is_active(request)
-        except (InvalidClientError, InvalidGrantError) as error:
-            return json_response_from_oauth2_error(error)
-
-        tkn = request.POST.get('token')
-        if tkn is not None:
-            escaped_tkn = html.escape(tkn)
-        else:
-            escaped_tkn = ""
-
-        try:
-            token = at_model.objects.get(token=tkn)
-        except at_model.DoesNotExist:
-            log.debug(f"Token {escaped_tkn} was not found.")
-
-        try:
-            dag = DataAccessGrant.objects.get(
-                beneficiary=token.user,
-                application=app
-            )
-            dag.delete()
-        except Exception:
-            log.debug(f"DAG lookup failed for token {escaped_tkn}.")
-
-        return super().post(request, args, kwargs)
-
-
 @method_decorator(csrf_exempt, name="dispatch")
 class IntrospectTokenView(DotIntrospectTokenView):
 
