Auto-authorize if valid refresh tokens exist (#754)

madprime · auvipy · commit a1dcd37f2fc3 · 2019-10-24T17:21:43.000+06:00
* Auto-authorize if valid refresh tokens exist

* Add test for auto auth from refresh token
diff --git a/oauth2_provider/views/base.py b/oauth2_provider/views/base.py
@@ -12,7 +12,7 @@
 from ..exceptions import OAuthToolkitError
 from ..forms import AllowForm
 from ..http import OAuth2ResponseRedirect
-from ..models import get_access_token_model, get_application_model
+from ..models import get_access_token_model, get_application_model, get_refresh_token_model
 from ..scopes import get_scopes_backend
 from ..settings import oauth2_settings
 from ..signals import app_authorized
@@ -191,6 +191,12 @@ def get(self, request, *args, **kwargs):
                     expires__gt=timezone.now()
                 ).all()
 
+                refresh_tokens = get_refresh_token_model().objects.filter(
+                    user=request.user,
+                    application=kwargs["application"]
+                ).exclude(revoked__lt=timezone.now()).all()
+                tokens = list(tokens) + [r.access_token for r in refresh_tokens]
+
                 # check past authorizations regarded the same scopes as the current one
                 for token in tokens:
                     if token.allow_scopes(scopes):
diff --git a/tests/test_authorization_code.py b/tests/test_authorization_code.py
@@ -197,6 +197,16 @@ def test_pre_auth_approval_prompt(self):
         url = "{url}?{qs}".format(url=reverse("oauth2_provider:authorize"), qs=query_string)
         response = self.client.get(url)
         self.assertEqual(response.status_code, 302)
+        # access token expired but valid refresh token exists
+        tok.expires = timezone.now() - datetime.timedelta(days=1)
+        tok.save()
+        reftok = RefreshToken.objects.create(
+            user=self.test_user, token="0123456789",
+            application=self.application,
+            access_token=tok
+        )
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, 302)
         # user already authorized the application, but with different scopes: prompt them.
         tok.scope = "read"
         tok.save()
