Code review: update docs and test names

akanstantsinau · dopry · commit 37fe08c7aed2 · 2023-10-05T09:47:42.000-04:00
diff --git a/docs/advanced_topics.rst b/docs/advanced_topics.rst
@@ -21,6 +21,7 @@ logo, acceptance of some user agreement and so on.
     * :attr:`user` ref to a Django user
     * :attr:`redirect_uris` The list of allowed redirect uri. The string consists of valid URLs separated by space
     * :attr:`post_logout_redirect_uris` The list of allowed redirect uris after an RP initiated logout. The string consists of valid URLs separated by space
+    * :attr:`allowed_origins` The list of origin URIs to enable CORS for token endpoint. The string consists of valid URLs separated by space
     * :attr:`client_type` Client type as described in :rfc:`2.1`
     * :attr:`authorization_grant_type` Authorization flows available to the Application
     * :attr:`client_secret` Confidential secret issued to the client during the registration process as described in :rfc:`2.2`
diff --git a/tests/test_token_endpoint_cors.py b/tests/test_token_endpoint_cors.py
@@ -25,7 +25,7 @@
 
 @pytest.mark.usefixtures("oauth2_settings")
 @pytest.mark.oauth2_settings(presets.DEFAULT_SCOPES_RW)
-class TestCors(TestCase):
+class TestTokenEndpointCors(TestCase):
     """
     Test that CORS headers can be managed by OAuthLib.
     The objective is: http request 'Origin' header should be passed to OAuthLib
@@ -56,7 +56,7 @@ def tearDown(self):
         self.test_user.delete()
         self.dev_user.delete()
 
-    def test_cors_header(self):
+    def test_valid_origin_with_https(self):
         """
         Test that /token endpoint has Access-Control-Allow-Origin
         """
@@ -87,7 +87,7 @@ def test_cors_header(self):
         self.assertEqual(response.status_code, 200)
         self.assertEqual(response["Access-Control-Allow-Origin"], CLIENT_URI)
 
-    def test_cors_header_no_https(self):
+    def test_valid_origin_no_https(self):
         """
         Test that CORS is not allowed if origin uri does not have https:// schema
         """
@@ -107,7 +107,7 @@ def test_cors_header_no_https(self):
         self.assertEqual(response.status_code, 200)
         self.assertFalse(response.has_header("Access-Control-Allow-Origin"))
 
-    def test_no_cors_header_origin_not_allowed(self):
+    def test_origin_not_from_allowed_origins(self):
         """
         Test that /token endpoint does not have Access-Control-Allow-Origin
         when request origin is not in Application.allowed_origins
@@ -127,7 +127,7 @@ def test_no_cors_header_origin_not_allowed(self):
         self.assertEqual(response.status_code, 200)
         self.assertFalse(response.has_header("Access-Control-Allow-Origin"))
 
-    def test_no_cors_header_no_origin(self):
+    def test_no_origin(self):
         """
         Test that /token endpoint does not have Access-Control-Allow-Origin
         """
