Merge branch '244', oauthlib compatibility

Author: masci

oauth2_provider/oauth2_validators.py

@@ -55,7 +55,10 @@ def _authenticate_basic_auth(self, request):
         if not auth_string:
             return False
 
-        encoding = request.encoding or 'utf-8'
+        try:
+            encoding = request.encoding
+        except AttributeError:
+            encoding = 'utf-8'
 
         try:
             b64_decoded = base64.b64decode(auth_string)
@@ -91,10 +94,10 @@ def _authenticate_request_body(self, request):
         directly utilize the HTTP Basic authentication scheme. See rfc:`2.3.1` for more details.
         """
         # TODO: check if oauthlib has already unquoted client_id and client_secret
-        client_id = request.client_id
-        client_secret = request.client_secret
-
-        if not client_id or not client_secret:
+        try:
+            client_id = request.client_id
+            client_secret = request.client_secret
+        except AttributeError:
             return False
 
         if self._load_application(client_id, request) is None:
@@ -143,8 +146,12 @@ def client_authentication_required(self, request, *args, **kwargs):
         if self._extract_basic_auth(request):
             return True
 
-        if request.client_id and request.client_secret:
-            return True
+        try:
+            if request.client_id and request.client_secret:
+                return True
+        except AttributeError:
+            log.debug("Client id or client secret not provided, proceed evaluating if authentication is required...")
+            pass
 
         self._load_application(request.client_id, request)
         if request.client:

oauth2_provider/tests/test_authorization_code.py

@@ -261,7 +261,7 @@ def test_pre_auth_wrong_response_type(self):
 
         response = self.client.get(url)
         self.assertEqual(response.status_code, 302)
-        self.assertIn("error=unauthorized_client", response['Location'])
+        self.assertIn("error=unsupported_response_type", response['Location'])
 
     def test_code_post_auth_allow(self):
         """

oauth2_provider/tests/test_token_revocation.py

@@ -60,6 +60,30 @@ def test_revoke_access_token(self):
         self.assertEqual(response.content, b'')
         self.assertFalse(AccessToken.objects.filter(id=tok.id).exists())
 
+    def test_revoke_access_token_public(self):
+        public_app = Application(
+            name="Test Application",
+            redirect_uris="http://localhost http://example.com http://example.it",
+            user=self.dev_user,
+            client_type=Application.CLIENT_PUBLIC,
+            authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
+        )
+        public_app.save()
+
+        tok = AccessToken.objects.create(user=self.test_user, token='1234567890',
+                                         application=public_app,
+                                         expires=timezone.now() + datetime.timedelta(days=1),
+                                         scope='read write')
+
+        query_string = urlencode({
+            'client_id': public_app.client_id,
+            'token': tok.token,
+        })
+
+        url = "{url}?{qs}".format(url=reverse('oauth2_provider:revoke-token'), qs=query_string)
+        response = self.client.post(url)
+        self.assertEqual(response.status_code, 200)
+
     def test_revoke_access_token_with_hint(self):
         """
 

requirements/base.txt

@@ -1,5 +1,5 @@
 Sphinx==1.3.1
 South==1.0
-oauthlib>=0.6.2
+oauthlib==1.0.1
 django-braces==1.4.0
 six