Update CORS middleware and tests

Author: rcmurphy

oauth2_provider/middleware.py

@@ -2,7 +2,7 @@
 from django.contrib.auth import authenticate
 from django.utils.cache import patch_vary_headers
 
-from .models import Application
+from .models import AbstractApplication, Application
 
 
 class OAuth2TokenMiddleware:
@@ -45,18 +45,21 @@ def __call__(self, request):
 METHODS = ("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS")
 
 
-class CorsMiddleware(object):
-    def process_request(self, request):
+class CorsMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
         """If this is a preflight-request, we must always return 200"""
         if request.method == "OPTIONS" and "HTTP_ACCESS_CONTROL_REQUEST_METHOD" in request.META:
-            return http.HttpResponse()
-        return None
+            response = http.HttpResponse()
+        else:
+            response = self.get_response(request)
 
-    def process_response(self, request, response):
         """Add cors-headers to request if they can be derived correctly"""
         try:
             cors_allow_origin = _get_cors_allow_origin_header(request)
-        except Application.NoSuitableOriginFoundError:
+        except AbstractApplication.NoSuitableOriginFoundError:
             pass
         else:
             response["Access-Control-Allow-Origin"] = cors_allow_origin

oauth2_provider/models.py

@@ -193,6 +193,16 @@ def clean(self):
             ):
                 raise ValidationError(_("You cannot use HS256 with public grants or clients"))
 
+    def get_absolute_url(self):
+        return reverse("oauth2_provider:detail", args=[str(self.id)])
+
+    def get_allowed_schemes(self):
+        """
+        Returns the list of redirect schemes allowed by the Application.
+        By default, returns `ALLOWED_REDIRECT_URI_SCHEMES`.
+        """
+        return oauth2_settings.ALLOWED_REDIRECT_URI_SCHEMES
+
     def get_cors_header(self, origin):
         """Return a proper cors-header for this origin, in the context of this
         application.
@@ -211,16 +221,6 @@ def get_cors_header(self, origin):
                 return origin
         raise Application.NoSuitableOriginFoundError
 
-    def get_absolute_url(self):
-        return reverse("oauth2_provider:detail", args=[str(self.id)])
-
-    def get_allowed_schemes(self):
-        """
-        Returns the list of redirect schemes allowed by the Application.
-        By default, returns `ALLOWED_REDIRECT_URI_SCHEMES`.
-        """
-        return oauth2_settings.ALLOWED_REDIRECT_URI_SCHEMES
-
     def allows_grant_type(self, *grant_types):
         return self.authorization_grant_type in grant_types
 
@@ -242,6 +242,9 @@ def jwk_key(self):
             return jwk.JWK(kty="oct", k=base64url_encode(self.client_secret))
         raise ImproperlyConfigured("This application does not support signed tokens")
 
+    class NoSuitableOriginFoundError(Exception):
+        pass
+
 
 class ApplicationManager(models.Manager):
     def get_by_natural_key(self, client_id):

tests/mig_settings.py

@@ -42,6 +42,7 @@
 ]
 
 MIDDLEWARE = [
+    "oauth2_provider.middleware.CorsMiddleware",
     "django.middleware.security.SecurityMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
     "django.middleware.common.CommonMiddleware",

tests/settings.py

@@ -63,6 +63,7 @@
 ]
 
 MIDDLEWARE = (
+    "oauth2_provider.middleware.CorsMiddleware",
     "django.middleware.common.CommonMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
     "django.middleware.csrf.CsrfViewMiddleware",

tests/test_cors_middleware.py

@@ -1,11 +1,8 @@
 from datetime import timedelta
 
-from django.conf.urls import patterns, url
 from django.contrib.auth import get_user_model
-from django.http import HttpResponse
 from django.test import Client, TestCase, override_settings
 from django.utils import timezone
-from django.views.generic import View
 
 from oauth2_provider.models import AccessToken, get_application_model
 
@@ -14,19 +11,7 @@
 UserModel = get_user_model()
 
 
-class MockView(View):
-    def post(self, request):
-        return HttpResponse()
-
-
-urlpatterns = patterns(
-    "",
-    url(r"^cors-test/$", MockView.as_view()),
-)
-
-
 @override_settings(
-    ROOT_URLCONF="oauth2_provider.tests.test_cors_middleware",
     AUTHENTICATION_BACKENDS=("oauth2_provider.backends.OAuth2Backend",),
     MIDDLEWARE_CLASSES=(
         "oauth2_provider.middleware.OAuth2TokenMiddleware",

tests/urls.py

@@ -1,11 +1,14 @@
 from django.contrib import admin
 from django.urls import include, path
 
+from .views import MockView
+
 
 admin.autodiscover()
 
 
 urlpatterns = [
     path("o/", include("oauth2_provider.urls", namespace="oauth2_provider")),
     path("admin/", admin.site.urls),
+    path("cors-test/", MockView.as_view()),
 ]

tests/views.py

@@ -0,0 +1,7 @@
+from django.http import HttpResponse
+from django.views.generic import View
+
+
+class MockView(View):
+    def post(self, request):
+        return HttpResponse()