Skip to content

Commit 6bd1f8f

Browse files
IvanAnishchukjleclanche
IvanAnishchuk
authored and
jleclanche
committed
Fix revocation tests (#748)
oauthlib 3.1 comes with a few changes that break certain non-standard behavior, in particular, passing token to revocation endpoint in query instead of body. This fixes the tests so they are not relying on this non-standard behavior.
1 parent 392257a commit 6bd1f8f

File tree

1 file changed

+28
-28
lines changed

1 file changed

+28
-28
lines changed

tests/test_token_revocation.py

Lines changed: 28 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -52,13 +52,13 @@ def test_revoke_access_token(self):
5252
expires=timezone.now() + datetime.timedelta(days=1),
5353
scope="read write"
5454
)
55-
query_string = urlencode({
55+
data = {
5656
"client_id": self.application.client_id,
5757
"client_secret": self.application.client_secret,
5858
"token": tok.token,
59-
})
60-
url = "{url}?{qs}".format(url=reverse("oauth2_provider:revoke-token"), qs=query_string)
61-
response = self.client.post(url)
59+
}
60+
url = reverse("oauth2_provider:revoke-token")
61+
response = self.client.post(url, data=data)
6262
self.assertEqual(response.status_code, 200)
6363
self.assertEqual(response.content, b"")
6464
self.assertFalse(AccessToken.objects.filter(id=tok.id).exists())
@@ -79,13 +79,13 @@ def test_revoke_access_token_public(self):
7979
scope="read write"
8080
)
8181

82-
query_string = urlencode({
82+
data = {
8383
"client_id": public_app.client_id,
8484
"token": tok.token,
85-
})
85+
}
8686

87-
url = "{url}?{qs}".format(url=reverse("oauth2_provider:revoke-token"), qs=query_string)
88-
response = self.client.post(url)
87+
url = reverse("oauth2_provider:revoke-token")
88+
response = self.client.post(url, data=data)
8989
self.assertEqual(response.status_code, 200)
9090

9191
def test_revoke_access_token_with_hint(self):
@@ -98,14 +98,14 @@ def test_revoke_access_token_with_hint(self):
9898
expires=timezone.now() + datetime.timedelta(days=1),
9999
scope="read write"
100100
)
101-
query_string = urlencode({
101+
data = {
102102
"client_id": self.application.client_id,
103103
"client_secret": self.application.client_secret,
104104
"token": tok.token,
105105
"token_type_hint": "access_token"
106-
})
107-
url = "{url}?{qs}".format(url=reverse("oauth2_provider:revoke-token"), qs=query_string)
108-
response = self.client.post(url)
106+
}
107+
url = reverse("oauth2_provider:revoke-token")
108+
response = self.client.post(url, data=data)
109109
self.assertEqual(response.status_code, 200)
110110
self.assertFalse(AccessToken.objects.filter(id=tok.id).exists())
111111

@@ -117,14 +117,14 @@ def test_revoke_access_token_with_invalid_hint(self):
117117
scope="read write"
118118
)
119119
# invalid hint should have no effect
120-
query_string = urlencode({
120+
data = {
121121
"client_id": self.application.client_id,
122122
"client_secret": self.application.client_secret,
123123
"token": tok.token,
124124
"token_type_hint": "bad_hint"
125-
})
126-
url = "{url}?{qs}".format(url=reverse("oauth2_provider:revoke-token"), qs=query_string)
127-
response = self.client.post(url)
125+
}
126+
url = reverse("oauth2_provider:revoke-token")
127+
response = self.client.post(url, data=data)
128128
self.assertEqual(response.status_code, 200)
129129
self.assertFalse(AccessToken.objects.filter(id=tok.id).exists())
130130

@@ -139,13 +139,13 @@ def test_revoke_refresh_token(self):
139139
user=self.test_user, token="999999999",
140140
application=self.application, access_token=tok
141141
)
142-
query_string = urlencode({
142+
data = {
143143
"client_id": self.application.client_id,
144144
"client_secret": self.application.client_secret,
145145
"token": rtok.token,
146-
})
147-
url = "{url}?{qs}".format(url=reverse("oauth2_provider:revoke-token"), qs=query_string)
148-
response = self.client.post(url)
146+
}
147+
url = reverse("oauth2_provider:revoke-token")
148+
response = self.client.post(url, data=data)
149149
self.assertEqual(response.status_code, 200)
150150
refresh_token = RefreshToken.objects.filter(id=rtok.id).first()
151151
self.assertIsNotNone(refresh_token.revoked)
@@ -163,13 +163,13 @@ def test_revoke_refresh_token_with_revoked_access_token(self):
163163
application=self.application, access_token=tok
164164
)
165165
for token in (tok.token, rtok.token):
166-
query_string = urlencode({
166+
data = {
167167
"client_id": self.application.client_id,
168168
"client_secret": self.application.client_secret,
169169
"token": token,
170-
})
171-
url = "{url}?{qs}".format(url=reverse("oauth2_provider:revoke-token"), qs=query_string)
172-
response = self.client.post(url)
170+
}
171+
url = reverse("oauth2_provider:revoke-token")
172+
response = self.client.post(url, data=data)
173173
self.assertEqual(response.status_code, 200)
174174

175175
self.assertFalse(AccessToken.objects.filter(id=tok.id).exists())
@@ -191,13 +191,13 @@ def test_revoke_token_with_wrong_hint(self):
191191
scope="read write"
192192
)
193193

194-
query_string = urlencode({
194+
data = {
195195
"client_id": self.application.client_id,
196196
"client_secret": self.application.client_secret,
197197
"token": tok.token,
198198
"token_type_hint": "refresh_token"
199-
})
200-
url = "{url}?{qs}".format(url=reverse("oauth2_provider:revoke-token"), qs=query_string)
201-
response = self.client.post(url)
199+
}
200+
url = reverse("oauth2_provider:revoke-token")
201+
response = self.client.post(url, data=data)
202202
self.assertEqual(response.status_code, 200)
203203
self.assertFalse(AccessToken.objects.filter(id=tok.id).exists())

0 commit comments

Comments
 (0)