Merge branch 'oauthlib_server_class'

Author: Psykopear

docs/settings.rst

@@ -59,6 +59,11 @@ CLIENT_SECRET_GENERATOR_LENGTH
 The length of the generated secrets, in characters. If this value is too low,
 secrets may become subject to bruteforce guessing.
 
+OAUTH2_SERVER_CLASS
+~~~~~~~~~~~~~~~~~~~~
+The import string for the ``server_class`` (or ``oauthlib.oauth2.Server`` subclass)
+used in the ``OAuthLibMixin`` that implements OAuth2 grant types.
+
 OAUTH2_VALIDATOR_CLASS
 ~~~~~~~~~~~~~~~~~~~~~~
 The import string of the ``oauthlib.oauth2.RequestValidator`` subclass that

oauth2_provider/oauth2_backends.py

@@ -18,7 +18,7 @@ def __init__(self, server=None):
         """
         :params server: An instance of oauthlib.oauth2.Server class
         """
-        self.server = server or oauth2.Server(oauth2_settings.OAUTH2_VALIDATOR_CLASS())
+        self.server = server or oauth2_settings.OAUTH2_SERVER_CLASS(oauth2_settings.OAUTH2_VALIDATOR_CLASS())
 
     def _get_escaped_full_path(self, request):
         """
@@ -191,7 +191,6 @@ def get_oauthlib_core():
     Utility function that take a request and returns an instance of
     `oauth2_provider.backends.OAuthLibCore`
     """
-    from oauthlib.oauth2 import Server
-
-    server = Server(oauth2_settings.OAUTH2_VALIDATOR_CLASS())
+    validator = oauth2_settings.OAUTH2_VALIDATOR_CLASS()
+    server = oauth2_settings.OAUTH2_SERVER_CLASS(validator)
     return oauth2_settings.OAUTH2_BACKEND_CLASS(server)

oauth2_provider/settings.py

@@ -33,6 +33,7 @@
     'CLIENT_ID_GENERATOR_CLASS': 'oauth2_provider.generators.ClientIdGenerator',
     'CLIENT_SECRET_GENERATOR_CLASS': 'oauth2_provider.generators.ClientSecretGenerator',
     'CLIENT_SECRET_GENERATOR_LENGTH': 128,
+    'OAUTH2_SERVER_CLASS': 'oauthlib.oauth2.Server',
     'OAUTH2_VALIDATOR_CLASS': 'oauth2_provider.oauth2_validators.OAuth2Validator',
     'OAUTH2_BACKEND_CLASS': 'oauth2_provider.oauth2_backends.OAuthLibCore',
     'SCOPES': {"read": "Reading scope", "write": "Writing scope"},
@@ -52,6 +53,7 @@
 MANDATORY = (
     'CLIENT_ID_GENERATOR_CLASS',
     'CLIENT_SECRET_GENERATOR_CLASS',
+    'OAUTH2_SERVER_CLASS',
     'OAUTH2_VALIDATOR_CLASS',
     'OAUTH2_BACKEND_CLASS',
     'SCOPES',
@@ -62,6 +64,7 @@
 IMPORT_STRINGS = (
     'CLIENT_ID_GENERATOR_CLASS',
     'CLIENT_SECRET_GENERATOR_CLASS',
+    'OAUTH2_SERVER_CLASS',
     'OAUTH2_VALIDATOR_CLASS',
     'OAUTH2_BACKEND_CLASS',
 )

oauth2_provider/tests/test_oauth2_backends.py

@@ -2,16 +2,23 @@
 import mock
 
 from django.test import TestCase, RequestFactory
+from django.test.utils import override_settings
 
 from ..backends import get_oauthlib_core
 from ..oauth2_backends import OAuthLibCore, JSONOAuthLibCore
 
 
 class TestOAuthLibCoreBackend(TestCase):
+
     def setUp(self):
         self.factory = RequestFactory()
         self.oauthlib_core = OAuthLibCore()
 
+    def test_swappable_serer_class(self):
+        with mock.patch('oauth2_provider.oauth2_backends.oauth2_settings.OAUTH2_SERVER_CLASS'):
+            oauthlib_core = OAuthLibCore()
+            self.assertTrue(isinstance(oauthlib_core.server, mock.MagicMock))
+
     def test_form_urlencoded_extract_params(self):
         payload = "grant_type=password&username=john&password=123456"
         request = self.factory.post("/o/token/", payload, content_type="application/x-www-form-urlencoded")

oauth2_provider/views/base.py

@@ -6,8 +6,6 @@
 from django.utils import timezone
 from django.utils.decorators import method_decorator
 
-from oauthlib.oauth2 import Server
-
 from braces.views import LoginRequiredMixin, CsrfExemptMixin
 
 from ..settings import oauth2_settings
@@ -71,7 +69,7 @@ class AuthorizationView(BaseAuthorizationView, FormView):
     template_name = 'oauth2_provider/authorize.html'
     form_class = AllowForm
 
-    server_class = Server
+    server_class = oauth2_settings.OAUTH2_SERVER_CLASS
     validator_class = oauth2_settings.OAUTH2_VALIDATOR_CLASS
     oauthlib_backend_class = oauth2_settings.OAUTH2_BACKEND_CLASS
 
@@ -163,7 +161,7 @@ class TokenView(CsrfExemptMixin, OAuthLibMixin, View):
     * Password
     * Client credentials
     """
-    server_class = Server
+    server_class = oauth2_settings.OAUTH2_SERVER_CLASS
     validator_class = oauth2_settings.OAUTH2_VALIDATOR_CLASS
     oauthlib_backend_class = oauth2_settings.OAUTH2_BACKEND_CLASS
 
@@ -181,7 +179,7 @@ class RevokeTokenView(CsrfExemptMixin, OAuthLibMixin, View):
     """
     Implements an endpoint to revoke access or refresh tokens
     """
-    server_class = Server
+    server_class = oauth2_settings.OAUTH2_SERVER_CLASS
     validator_class = oauth2_settings.OAUTH2_VALIDATOR_CLASS
     oauthlib_backend_class = oauth2_settings.OAUTH2_BACKEND_CLASS
 

oauth2_provider/views/generic.py

@@ -1,7 +1,5 @@
 from django.views.generic import View
 
-from oauthlib.oauth2 import Server
-
 from ..settings import oauth2_settings
 from .mixins import ProtectedResourceMixin, ScopedResourceMixin, ReadWriteScopedResourceMixin
 
@@ -10,7 +8,7 @@ class ProtectedResourceView(ProtectedResourceMixin, View):
     """
     Generic view protecting resources by providing OAuth2 authentication out of the box
     """
-    server_class = Server
+    server_class = oauth2_settings.OAUTH2_SERVER_CLASS
     validator_class = oauth2_settings.OAUTH2_VALIDATOR_CLASS
     oauthlib_backend_class = oauth2_settings.OAUTH2_BACKEND_CLASS