Fixed issue #424

Girbons · Girbons · commit 5c2c6a2e1865 · 2016-11-24T11:31:30.000+01:00
diff --git a/oauth2_provider/oauth2_validators.py b/oauth2_provider/oauth2_validators.py
@@ -297,6 +297,11 @@ def save_authorization_code(self, client_id, code, request, *args, **kwargs):
                   scope=' '.join(request.scopes))
         g.save()
 
+    def rotate_refresh_token(self, request):
+        """
+        """
+        return oauth2_settings.ROTATE_REFRESH_TOKEN
+
     @transaction.atomic
     def save_bearer_token(self, token, request, *args, **kwargs):
         """
diff --git a/oauth2_provider/settings.py b/oauth2_provider/settings.py
@@ -43,6 +43,7 @@
     'AUTHORIZATION_CODE_EXPIRE_SECONDS': 60,
     'ACCESS_TOKEN_EXPIRE_SECONDS': 36000,
     'REFRESH_TOKEN_EXPIRE_SECONDS': None,
+    'ROTATE_REFRESH_TOKEN': True,
     'APPLICATION_MODEL': getattr(settings, 'OAUTH2_PROVIDER_APPLICATION_MODEL', 'oauth2_provider.Application'),
     'REQUEST_APPROVAL_PROMPT': 'force',
     'ALLOWED_REDIRECT_URI_SCHEMES': ['http', 'https'],
@@ -154,5 +155,4 @@ def validate_setting(self, attr, val):
         if not val and attr in self.mandatory:
             raise AttributeError("OAuth2Provider setting: '%s' is mandatory" % attr)
 
-
 oauth2_settings = OAuth2ProviderSettings(USER_SETTINGS, DEFAULTS, IMPORT_STRINGS, MANDATORY)
diff --git a/oauth2_provider/tests/test_authorization_code.py b/oauth2_provider/tests/test_authorization_code.py
@@ -707,13 +707,14 @@ def test_refresh_repeating_requests_non_rotating_tokens(self):
             'refresh_token': content['refresh_token'],
             'scope': content['scope'],
         }
+        oauth2_settings.ROTATE_REFRESH_TOKEN = False
 
-        with mock.patch('oauthlib.oauth2.rfc6749.request_validator.RequestValidator.rotate_refresh_token',
-                        return_value=False):
-            response = self.client.post(reverse('oauth2_provider:token'), data=token_request_data, **auth_headers)
-            self.assertEqual(response.status_code, 200)
-            response = self.client.post(reverse('oauth2_provider:token'), data=token_request_data, **auth_headers)
-            self.assertEqual(response.status_code, 200)
+        response = self.client.post(reverse('oauth2_provider:token'), data=token_request_data, **auth_headers)
+        self.assertEqual(response.status_code, 200)
+        response = self.client.post(reverse('oauth2_provider:token'), data=token_request_data, **auth_headers)
+        self.assertEqual(response.status_code, 200)
+
+        oauth2_settings.ROTATE_REFRESH_TOKEN = True
 
     def test_basic_auth_bad_authcode(self):
         """
