Fix: Handle AttributeError in IntrospectTokenView

Author: dawidwolski-identt

oauth2_provider/views/introspect.py

@@ -33,7 +33,7 @@ def get_token_response(token_value=None):
                 .objects.select_related("user", "application")
                 .get(token_checksum=token_checksum)
             )
-        except ObjectDoesNotExist:
+        except (AttributeError, ObjectDoesNotExist):
             return JsonResponse({"active": False}, status=200)
         else:
             if token.is_valid():

tests/test_introspection_view.py

@@ -278,6 +278,28 @@ def test_view_post_notexisting_token(self):
                 "active": False,
             },
         )
+    
+    def test_view_post_no_token(self):
+        """
+        Test that when you pass an empty token as form parameter,
+        a json with an inactive token state is provided
+        """
+        auth_headers = {
+            "HTTP_AUTHORIZATION": "Bearer " + self.resource_server_token.token,
+        }
+        response = self.client.post(
+            reverse("oauth2_provider:introspect"), **auth_headers
+        )
+
+        self.assertEqual(response.status_code, 200)
+        content = response.json()
+        self.assertIsInstance(content, dict)
+        self.assertDictEqual(
+            content,
+            {
+                "active": False,
+            },
+        )
 
     def test_view_post_valid_client_creds_basic_auth(self):
         """Test HTTP basic auth working"""

tox.ini

@@ -5,10 +5,10 @@ envlist =
     docs,
     lint,
     sphinxlint,
-    py{38,39,310,311,312}-dj42,
-    py{310,311,312}-dj50,
-    py{310,311,312}-dj51,
-    py{310,311,312}-djmain,
+    py{38,39,310,311,312,313}-dj42,
+    py{310,311,312,313}-dj50,
+    py{310,311,312,313}-dj51,
+    py{310,311,312,313}-djmain,
     py39-multi-db-dj-42
 
 [gh-actions]
@@ -18,6 +18,7 @@ python =
     3.10: py310
     3.11: py311
     3.12: py312
+    3.13: py313
 
 [gh-actions:env]
 DJANGO =
@@ -54,7 +55,7 @@ deps =
 passenv =
     PYTEST_ADDOPTS
 
-[testenv:py{310,311,312}-djmain]
+[testenv:py{310,311,312,313}-djmain]
 ignore_errors = true
 ignore_outcome = true