BB2-3256: Updated queryset for auth grants (#1224)

loganbertram · web-flow · commit 8e4d8f623092 · 2024-07-17T11:32:55.000-04:00
* Updated queryset for auth grants

* Added test

* Tests and fixes
diff --git a/apps/authorization/views.py b/apps/authorization/views.py
@@ -1,3 +1,6 @@
+from datetime import datetime
+
+from django.db.models import Q
 from django.http import HttpResponse
 from django.utils.decorators import method_decorator
 from django.views.decorators.csrf import csrf_exempt
@@ -46,7 +49,10 @@ class AuthorizedGrants(viewsets.GenericViewSet,
     serializer_class = DataAccessGrantSerializer
 
     def get_queryset(self):
-        return DataAccessGrant.objects.select_related("application").filter(beneficiary=self.request.user)
+        return DataAccessGrant.objects.select_related("application").filter(
+            Q(expiration_date__gt=datetime.now()) | Q(expiration_date=None),
+            beneficiary=self.request.user
+        )
 
 
 @method_decorator(csrf_exempt, name="dispatch")
diff --git a/apps/dot_ext/tests/test_views.py b/apps/dot_ext/tests/test_views.py
@@ -1,5 +1,7 @@
 import json
 import base64
+from datetime import date, timedelta
+
 from django.conf import settings
 from django.http import HttpRequest
 from django.urls import reverse
@@ -465,6 +467,43 @@ def test_get_tokens_success(self):
         ]
         self.assertEqual(result, expected)
 
+        # Check tokens endpoint doesn't return expired
+        application2 = self._create_application(
+            "an expired app",
+            grant_type=Application.GRANT_AUTHORIZATION_CODE,
+            redirect_uris="http://example.it",
+            user=anna
+        )
+        DataAccessGrant.objects.update_or_create(
+            beneficiary=anna, application=application2, expiration_date=date.today() - timedelta(days=1)
+        )
+        response = self.client.get(
+            "/v1/o/tokens/",
+            headers={
+                "authorization": self._create_authorization_header(
+                    application.client_id, application.client_secret_plain
+                ),
+                "x-authentication": self._create_authentication_header(self.test_uuid),
+            },
+        )
+        self.assertEqual(response.status_code, 200)
+        result = response.json()
+        expected = [
+            {
+                "id": result[0]["id"],
+                "user": anna.id,
+                "application": {
+                    "id": application.id,
+                    "name": "an app",
+                    "logo_uri": "",
+                    "tos_uri": "",
+                    "policy_uri": "",
+                    "contacts": "",
+                },
+            }
+        ]
+        self.assertEqual(result, expected)
+
     def test_get_tokens_on_inactive_app(self):
         anna = self._create_user(self.test_username, "123456")
         # create a couple of capabilities
