Disable 255 chars length limit for redirect uri (#902) (#903)

* Disable 255 chars length limit for redirect uri (#902)

RFC 7230 recommends to design system to be capable to work with URI at least
to 8000 chars long. This commit allows handle redirect_uri that is over 255
chars.

Author: shaddeus

AUTHORS

@@ -26,6 +26,7 @@ Jens Timmerman
 Jerome Leclanche
 Jim Graham
 Paul Oswald
+Pavel Tvrdík
 pySilver
 Rodney Richardson
 Silvano Cerza

CHANGELOG.md

@@ -17,6 +17,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [unreleased]
 
 * #898 Added the ability to customize classes for django admin
+* #903 Disable `redirect_uri` field length limit for `AbstractGrant`
 
 ### Added
 * #884 Added support for Python 3.9

oauth2_provider/migrations/0003_auto_20201211_1314.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.1.4 on 2020-12-11 13:14
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('oauth2_provider', '0002_auto_20190406_1805'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='grant',
+            name='redirect_uri',
+            field=models.TextField(),
+        ),
+    ]

oauth2_provider/models.py

@@ -220,7 +220,7 @@ class AbstractGrant(models.Model):
     code = models.CharField(max_length=255, unique=True)  # code comes from oauthlib
     application = models.ForeignKey(oauth2_settings.APPLICATION_MODEL, on_delete=models.CASCADE)
     expires = models.DateTimeField()
-    redirect_uri = models.CharField(max_length=255)
+    redirect_uri = models.TextField()
     scope = models.TextField(blank=True)
 
     created = models.DateTimeField(auto_now_add=True)

tests/test_models.py

@@ -22,10 +22,15 @@
 UserModel = get_user_model()
 
 
-class TestModels(TestCase):
+class BaseTestModels(TestCase):
     def setUp(self):
         self.user = UserModel.objects.create_user("test_user", "[email protected]", "123456")
 
+    def tearDown(self):
+        self.user.delete()
+
+
+class TestModels(BaseTestModels):
     def test_allow_scopes(self):
         self.client.login(username="test_user", password="123456")
         app = Application.objects.create(
@@ -103,10 +108,7 @@ def test_scopes_property(self):
     OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL="tests.SampleRefreshToken",
     OAUTH2_PROVIDER_GRANT_MODEL="tests.SampleGrant",
 )
-class TestCustomModels(TestCase):
-    def setUp(self):
-        self.user = UserModel.objects.create_user("test_user", "[email protected]", "123456")
-
+class TestCustomModels(BaseTestModels):
     def test_custom_application_model(self):
         """
         If a custom application model is installed, it should be present in
@@ -237,7 +239,21 @@ def test_custom_grant_model_not_installed(self):
         oauth2_settings.GRANT_MODEL = "oauth2_provider.Grant"
 
 
-class TestGrantModel(TestCase):
+class TestGrantModel(BaseTestModels):
+    def setUp(self):
+        super().setUp()
+        self.application = Application.objects.create(
+            name="Test Application",
+            redirect_uris="",
+            user=self.user,
+            client_type=Application.CLIENT_CONFIDENTIAL,
+            authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
+        )
+
+    def tearDown(self):
+        self.application.delete()
+        super().tearDown()
+
     def test_str(self):
         grant = Grant(code="test_code")
         self.assertEqual("%s" % grant, grant.code)
@@ -247,11 +263,26 @@ def test_expires_can_be_none(self):
         self.assertIsNone(grant.expires)
         self.assertTrue(grant.is_expired())
 
+    def test_redirect_uri_can_be_longer_than_255_chars(self):
+        long_redirect_uri = "http://example.com/{}".format("authorized/" * 25)
+        self.assertTrue(len(long_redirect_uri) > 255)
+        grant = Grant.objects.create(
+            user=self.user,
+            code="test_code",
+            application=self.application,
+            expires=timezone.now(),
+            redirect_uri=long_redirect_uri,
+            scope="",
+        )
+        grant.refresh_from_db()
+
+        # It would be necessary to run test using another DB engine than sqlite
+        # that transform varchar(255) into text data type.
+        # https://sqlite.org/datatype3.html#affinity_name_examples
+        self.assertEqual(grant.redirect_uri, long_redirect_uri)
 
-class TestAccessTokenModel(TestCase):
-    def setUp(self):
-        self.user = UserModel.objects.create_user("test_user", "[email protected]", "123456")
 
+class TestAccessTokenModel(BaseTestModels):
     def test_str(self):
         access_token = AccessToken(token="test_token")
         self.assertEqual("%s" % access_token, access_token.token)
@@ -273,15 +304,15 @@ def test_expires_can_be_none(self):
         self.assertTrue(access_token.is_expired())
 
 
-class TestRefreshTokenModel(TestCase):
+class TestRefreshTokenModel(BaseTestModels):
     def test_str(self):
         refresh_token = RefreshToken(token="test_token")
         self.assertEqual("%s" % refresh_token, refresh_token.token)
 
 
-class TestClearExpired(TestCase):
+class TestClearExpired(BaseTestModels):
     def setUp(self):
-        self.user = UserModel.objects.create_user("test_user", "[email protected]", "123456")
+        super().setUp()
         # Insert two tokens on database.
         app = Application.objects.create(
             name="test_app",