Conform to Oauth expectations better

loganbertram · loganbertram · commit a5906e3a94d4 · 2024-10-15T11:28:02.000-04:00
diff --git a/apps/dot_ext/tests/test_authorization.py b/apps/dot_ext/tests/test_authorization.py
@@ -621,17 +621,17 @@ def test_revoke_endpoint(self):
         self.assertEqual(response.status_code, 200)
         # extract token and use it to make a revoke request
         tkn = response.json()['access_token']
-        revoke_request_data = {
-            'token': tkn,
-            'client_id': application.client_id,
-            'client_secret': application.client_secret_plain,
-        }
+        revoke_request_data = f"token={tkn}&client_id={application.client_id}&client_secret={application.client_secret_plain}"
+        content_type = "application/x-www-form-urlencoded"
         c = Client()
-        rev_response = c.post('/v1/o/revoke/', data=revoke_request_data)
+        rev_response = c.post('/v1/o/revoke/', data=revoke_request_data, content_type=content_type)
         self.assertEqual(rev_response.status_code, 200)
         # check DAG deletion
         dags_count = DataAccessGrant.objects.count()
         self.assertEqual(dags_count, 0)
+        # check token deletion
+        tkn_count = AccessToken.objects.filter(token=tkn).count()
+        self.assertEqual(tkn_count, 0)
 
     def test_refresh_with_revoked_token(self):
         redirect_uri = 'http://localhost'
diff --git a/apps/dot_ext/views/authorization.py b/apps/dot_ext/views/authorization.py
@@ -21,7 +21,6 @@
 )
 from oauth2_provider.models import get_application_model
 from oauthlib.oauth2.rfc6749.errors import InvalidClientError, InvalidGrantError
-from rest_framework import status
 from urllib.parse import urlparse, parse_qs
 import html
 from apps.dot_ext.scopes import CapabilitiesScopes
@@ -366,29 +365,27 @@ def post(self, request, *args, **kwargs):
         except (InvalidClientError, InvalidGrantError) as error:
             return json_response_from_oauth2_error(error)
 
-        try:
-            tkn = json.loads(request.body.decode("UTF-8")).get("token")
-        except Exception:
-            tkn = request.POST.get("token")
-
-        escaped_tkn = html.escape(tkn)
+        tkn = request.POST.get('token')
+        if tkn is not None:
+            escaped_tkn = html.escape(tkn)
+        else:
+            escaped_tkn = ""
 
         try:
             token = at_model.objects.get(token=tkn)
         except at_model.DoesNotExist:
-            return HttpResponse(f"Token {escaped_tkn} was Not Found.  Please check the value and try again.",
-                                status=status.HTTP_404_NOT_FOUND)
+            log.debug(f"Token {escaped_tkn} was not found.")
 
         try:
             dag = DataAccessGrant.objects.get(
                 beneficiary=token.user,
                 application=app
             )
             dag.delete()
-        except DataAccessGrant.DoesNotExist:
-            log.debug(f"Token deleted, but DAG lookup failed for token {escaped_tkn}.")
+        except Exception:
+            log.debug(f"DAG lookup failed for token {escaped_tkn}.")
 
-        return HttpResponse(content="OK", status=200)
+        return super().post(request, args, kwargs)
 
 
 @method_decorator(csrf_exempt, name="dispatch")
