Fix: Handle AttributeError in IntrospectTokenView

[dawidwolski-identt]

Description of the Change

Handle AttributeError in get_token_response. If there is no token parameter in introspect endpoints they raise AttributeError.

Checklist

• PR only contains one change (considered splitting up PR)
• unit-test added
• documentation updated
• CHANGELOG.md updated (only for user relevant changes)
• author name in AUTHORS

[dawidwolski-identt]

Contribution guideline says

Make sure to request a review by assigning Reviewer jazzband/django-oauth-toolkit.

but I do not have permission to set assignee.

[dopry]

I'm not 100% sure this is the correct handling. Per https://datatracker.ietf.org/doc/html/rfc7662#section-2.3,

Note that a properly formed and authorized query for an inactive or
otherwise invalid token (or a token the protected resource is not
allowed to know about) is not considered an error response by this
specification. In these cases, the authorization server MUST instead
respond with an introspection response with the "active" field set to
"false" as described in Section 2.2.

I'm not sure that a missing token would qualify as properly formed. I feel that a 400 might be the proper response in this case since the request is missing the required 'token' parameter. My instinct says a present, but invalid or blank token, i.e. a body of

token=

would return an active: false, but missing token= altogether would be malformed and we should let the caller know they're sending a malformed request, since there is a bug in their implementation. I feel returning a 200 active: false in the case of a malformed request may give consumers/developers confidence in a broken client implementation.

[dawidwolski-identt]

@dopry I agree with you. I've changed the response to follow https://datatracker.ietf.org/doc/html/rfc6749#section-5.2

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.38%. Comparing base (3fad765) to head (6416c38).

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #1562   +/-   ##
=======================================
  Coverage   97.37%   97.38%           
=======================================
  Files          34       34           
  Lines        2212     2214    +2     
=======================================
+ Hits         2154     2156    +2     
  Misses         58       58           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[merito]

@dopry thanks for taking care of this