Added possibility to specify a default list of scopes

Psykopear · synasius · commit d0393b30b640 · 2015-12-14T15:58:17.000+01:00
diff --git a/oauth2_provider/forms.py b/oauth2_provider/forms.py
@@ -4,7 +4,7 @@
 class AllowForm(forms.Form):
     allow = forms.BooleanField(required=False)
     redirect_uri = forms.CharField(widget=forms.HiddenInput())
-    scope = forms.CharField(required=False, widget=forms.HiddenInput())
+    scope = forms.CharField(widget=forms.HiddenInput())
     client_id = forms.CharField(widget=forms.HiddenInput())
     state = forms.CharField(required=False, widget=forms.HiddenInput())
     response_type = forms.CharField(widget=forms.HiddenInput())
diff --git a/oauth2_provider/oauth2_validators.py b/oauth2_provider/oauth2_validators.py
@@ -278,7 +278,7 @@ def validate_scopes(self, client_id, scopes, client, request, *args, **kwargs):
         return set(scopes).issubset(set(oauth2_settings._SCOPES))
 
     def get_default_scopes(self, client_id, request, *args, **kwargs):
-        return oauth2_settings._SCOPES
+        return oauth2_settings._DEFAULT_SCOPES or oauth2_settings._SCOPES
 
     def validate_redirect_uri(self, client_id, redirect_uri, request, *args, **kwargs):
         return request.client.redirect_uri_allowed(redirect_uri)
diff --git a/oauth2_provider/settings.py b/oauth2_provider/settings.py
@@ -26,7 +26,6 @@
 except ImportError:
     from django.utils import importlib
 
-
 USER_SETTINGS = getattr(settings, 'OAUTH2_PROVIDER', None)
 
 DEFAULTS = {
@@ -37,6 +36,7 @@
     'OAUTH2_VALIDATOR_CLASS': 'oauth2_provider.oauth2_validators.OAuth2Validator',
     'OAUTH2_BACKEND_CLASS': 'oauth2_provider.oauth2_backends.OAuthLibCore',
     'SCOPES': {"read": "Reading scope", "write": "Writing scope"},
+    'DEFAULT_SCOPES': {},
     'READ_SCOPE': 'read',
     'WRITE_SCOPE': 'write',
     'AUTHORIZATION_CODE_EXPIRE_SECONDS': 60,
@@ -48,6 +48,7 @@
 
     # Special settings that will be evaluated at runtime
     '_SCOPES': [],
+    '_DEFAULT_SCOPES': [],
 }
 
 # List of settings that cannot be empty
@@ -129,6 +130,8 @@ def __getattr__(self, attr):
         # Overriding special settings
         if attr == '_SCOPES':
             val = list(six.iterkeys(self.SCOPES))
+        if attr == '_DEFAULT_SCOPES':
+            val = list(six.iterkeys(self.DEFAULT_SCOPES))
 
         self.validate_setting(attr, val)
 
diff --git a/oauth2_provider/tests/test_authorization_code.py b/oauth2_provider/tests/test_authorization_code.py
@@ -7,6 +7,7 @@
 
 from django.test import TestCase, RequestFactory
 from django.core.urlresolvers import reverse
+from django.test.utils import override_settings
 from django.utils import timezone
 
 from ..compat import urlparse, parse_qs, urlencode, get_user_model
@@ -1003,3 +1004,34 @@ def test_resource_access_deny(self):
         view = ResourceView.as_view()
         response = view(request)
         self.assertEqual(response.status_code, 403)
+
+
+class TestDefaultScopes(BaseTest):
+
+    def test_pre_auth_deafult_scopes(self):
+        """
+        Test response for a valid client_id with response_type: code using default scopes
+        """
+        self.client.login(username="test_user", password="123456")
+        oauth2_settings._DEFAULT_SCOPES = ['read']
+
+        query_string = urlencode({
+            'client_id': self.application.client_id,
+            'response_type': 'code',
+            'state': 'random_state_string',
+            'redirect_uri': 'http://example.it',
+        })
+        url = "{url}?{qs}".format(url=reverse('oauth2_provider:authorize'), qs=query_string)
+
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, 200)
+
+        # check form is in context and form params are valid
+        self.assertIn("form", response.context)
+
+        form = response.context["form"]
+        self.assertEqual(form['redirect_uri'].value(), "http://example.it")
+        self.assertEqual(form['state'].value(), "random_state_string")
+        self.assertEqual(form['scope'].value(), 'read')
+        self.assertEqual(form['client_id'].value(), self.application.client_id)
+        oauth2_settings._DEFAULT_SCOPES = []
