removed not null constraint on user field of the access token model

Author: synasius

oauth2_provider/models.py

@@ -184,7 +184,7 @@ class AccessToken(models.Model):
                       :data:`settings.ACCESS_TOKEN_EXPIRE_SECONDS`
     * :attr:`scope` Allowed scopes
     """
-    user = models.ForeignKey(AUTH_USER_MODEL)
+    user = models.ForeignKey(AUTH_USER_MODEL, blank=True, null=True)
     token = models.CharField(max_length=255, db_index=True)
     application = models.ForeignKey(oauth2_settings.APPLICATION_MODEL)
     expires = models.DateTimeField()

oauth2_provider/tests/test_models.py

@@ -9,6 +9,7 @@
 from django.test import TestCase
 from django.test.utils import override_settings
 from django.core.exceptions import ValidationError
+from django.utils import timezone
 
 from ..models import AccessToken, get_application_model, Grant, AccessToken, RefreshToken
 from ..compat import get_user_model
@@ -108,11 +109,24 @@ def test_str(self):
 
 
 class TestAccessTokenModel(TestCase):
+    def setUp(self):
+        self.user = UserModel.objects.create_user("test_user", "[email protected]", "123456")
 
     def test_str(self):
         access_token = AccessToken(token="test_token")
         self.assertEqual("%s" % access_token, access_token.token)
 
+    def test_user_can_be_none(self):
+        app = Application.objects.create(
+            name="test_app",
+            redirect_uris="http://localhost http://example.com http://example.it",
+            user=self.user,
+            client_type=Application.CLIENT_CONFIDENTIAL,
+            authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
+        )
+        access_token = AccessToken.objects.create(token="test_token", application=app, expires=timezone.now())
+        self.assertIsNone(access_token.user)
+
 
 class TestRefreshTokenModel(TestCase):