@@ -36,14 +36,6 @@ def setUp(self):
3636 application = self .application
3737 )
3838
39- self .another_access_token = AccessToken .objects .create (
40- user = self .user ,
41- scope = 'can_touch_this' ,
42- expires = timezone .now () + timedelta (seconds = 300 ),
43- token = 'secret-access-token-key2' ,
44- application = self .application
45- )
46-
4739 oauth2_settings ._SCOPES = ['read' , 'write' ]
4840
4941 def test_access_denied (self ):
@@ -72,15 +64,17 @@ def scoped_view(request, *args, **kwargs):
7264 self .assertEqual (response , "protected contents" )
7365
7466 # now with scopes
67+ self .access_token .scope = 'can_touch_this'
68+ self .access_token .save ()
7569 auth_headers = {
76- 'HTTP_AUTHORIZATION' : 'Bearer ' + self .another_access_token .token ,
70+ 'HTTP_AUTHORIZATION' : 'Bearer ' + self .access_token .token ,
7771 }
7872 request = self .request_factory .get ("/fake-resource" , ** auth_headers )
7973 response = scoped_view (request )
8074 self .assertEqual (response , "moar protected contents" )
8175
8276 def test_rw_protected (self ):
83- self .access_token .scope = 'read '
77+ self .access_token .scope = 'write '
8478 self .access_token .save ()
8579 auth_headers = {
8680 'HTTP_AUTHORIZATION' : 'Bearer ' + self .access_token .token ,
@@ -92,12 +86,8 @@ def scoped_view(request, *args, **kwargs):
9286
9387 request = self .request_factory .post ("/fake-resource" , ** auth_headers )
9488 response = scoped_view (request )
95- self .assertEqual (response .status_code , 403 )
96-
97- @rw_protected_resource ()
98- def scoped_view (request , * args , ** kwargs ):
99- return 'other protected contents'
89+ self .assertEqual (response , "other protected contents" )
10090
10191 request = self .request_factory .get ("/fake-resource" , ** auth_headers )
10292 response = scoped_view (request )
103- self .assertEqual (response , "other protected contents" )
93+ self .assertEqual (response . status_code , 403 )
0 commit comments