Fix error in ClientCredentialsGrant when no expiration of a token is set in the handler

Author: wndhydrnt

CHANGELOG.md

@@ -1,5 +1,11 @@
 ## 1.1.0 (unreleased)
 
+## 1.0.1
+
+Bugfixes:
+
+  - Fix error in `ClientCredentialsGrant` when no expiration of a token is set in the handler ([@wndhydrnt][])
+
 ## 1.0.0
 
 Features:

oauth2/grant.py

@@ -343,14 +343,14 @@ def create_token(self, client_id, data, grant_type, scopes, user_id):
                 raise UserIdentifierMissingError
 
             try:
-                access_token = self.access_token_store.\
+                access_token = self.access_token_store. \
                     fetch_existing_token_of_user(
-                        client_id,
-                        grant_type,
-                        user_id)
+                    client_id,
+                    grant_type,
+                    user_id)
 
                 if (access_token.scopes == scopes
-                        and access_token.is_expired() is False):
+                    and access_token.is_expired() is False):
                     token_data = {"access_token": access_token.token,
                                   "token_type": "Bearer"}
 
@@ -396,7 +396,7 @@ def __init__(self, site_adapter, **kwargs):
         if isinstance(site_adapter, self.site_adapter_class) is False:
             raise InvalidSiteAdapter(
                 "Site adapter must inherit from class '{0}'"
-                .format(self.site_adapter_class.__name__)
+                    .format(self.site_adapter_class.__name__)
             )
 
         self.site_adapter = site_adapter
@@ -621,8 +621,8 @@ def __call__(self, request, server):
            Check the HTTP method of a request
         """
         if (request.method == "POST"
-                and request.post_param("grant_type") == "authorization_code"
-                and request.path == server.token_path):
+            and request.post_param("grant_type") == "authorization_code"
+            and request.path == server.token_path):
             return AuthorizationCodeTokenHandler(
                 access_token_store=server.access_token_store,
                 auth_token_store=server.auth_code_store,
@@ -631,8 +631,8 @@ def __call__(self, request, server):
                 unique_token=self.unique_token)
 
         if (request.method == "GET"
-                and request.get_param("response_type") == "code"
-                and request.path == server.authorize_path):
+            and request.get_param("response_type") == "code"
+            and request.path == server.authorize_path):
             scope_handler = self._create_scope_handler()
 
             return AuthorizationCodeAuthHandler(
@@ -670,7 +670,7 @@ def __call__(self, request, server):
         response_type = request.get_param("response_type")
 
         if (response_type == "token"
-                and request.path == server.authorize_path):
+            and request.path == server.authorize_path):
             return ImplicitGrantHandler(
                 access_token_store=server.access_token_store,
                 client_authenticator=server.client_authenticator,
@@ -1002,7 +1002,7 @@ def read_validate_params(self, request):
         self.refresh_grant_type = access_token.grant_type
 
         if refresh_token_expires_at != 0 and \
-           refresh_token_expires_at < int(time.time()):
+                        refresh_token_expires_at < int(time.time()):
             raise OAuthInvalidError(error="invalid_request",
                                     explanation="Invalid refresh token")
 
@@ -1048,8 +1048,11 @@ def process(self, request, response, environ):
         body = {"token_type": "Bearer"}
 
         token = self.token_generator.generate()
-        expires_in = self.token_generator.expires_in[ClientCredentialsGrant.grant_type]
-        expires_at = int(time.time()) + expires_in
+        expires_in = self.token_generator.expires_in.get(ClientCredentialsGrant.grant_type, None)
+        if expires_in is None:
+            expires_at = None
+        else:
+            expires_at = int(time.time()) + expires_in
 
         access_token = AccessToken(
             client_id=self.client.identifier,
@@ -1061,7 +1064,7 @@ def process(self, request, response, environ):
 
         body["access_token"] = token
 
-        if expires_in > 0:
+        if expires_in is not None:
             body["expires_in"] = expires_in
 
         if self.scope_handler.send_back:

oauth2/test/test_grant.py

@@ -579,6 +579,7 @@ def test_process_no_refresh_token(self):
                                                    call("Cache-Control",
                                                         "no-store"),
                                                    call("Pragma", "no-cache")])
+
     @patch("time.time", mock_time)
     def test_process_with_refresh_token(self):
         token_data = {"access_token": "abcd", "token_type": "Bearer",
@@ -670,12 +671,12 @@ def test_process_with_unique_access_token_not_found(self):
         response = Response()
 
         access_token_store_mock = Mock(spec=AccessTokenStore)
-        access_token_store_mock.fetch_existing_token_of_user.\
+        access_token_store_mock.fetch_existing_token_of_user. \
             side_effect = AccessTokenNotFound
 
         token_generator_mock = Mock(spec=TokenGenerator)
         token_generator_mock.refresh_expires_in = 10000
-        token_generator_mock.create_access_token_data.\
+        token_generator_mock.create_access_token_data. \
             return_value = token_data
 
         handler = AuthorizationCodeTokenHandler(
@@ -866,7 +867,6 @@ def test_process_redirect_with_token(self):
         self.assertEqual(responseMock.content, "")
         self.assertEqual(result_response, responseMock)
 
-
     def test_process_redirect_with_state(self):
         """
         ImplicitGrantHandler should include the value of the "state" query parameter from request in redirect
@@ -916,7 +916,8 @@ def test_process_with_scope(self):
         state = "XHGFI"
         token = "tokencode"
 
-        expected_redirect_uri = "%s#access_token=%s&token_type=bearer&state=%s&scope=%s" % (redirect_uri, token, state, scopes_uri)
+        expected_redirect_uri = "%s#access_token=%s&token_type=bearer&state=%s&scope=%s" % (
+            redirect_uri, token, state, scopes_uri)
 
         response_mock = Mock(spec=Response)
 
@@ -1516,6 +1517,7 @@ def test_call_other_grant_type(self):
 
         self.assertEqual(grant_handler, None)
 
+
 class RefreshTokenHandlerTestCase(unittest.TestCase):
     @patch("time.time", mock_time)
     def test_process_no_reissue(self):
@@ -1537,7 +1539,7 @@ def test_process_no_reissue(self):
         scope_handler_mock = Mock(spec=Scope)
         scope_handler_mock.scopes = scopes
 
-        token_data = {"access_token": token, "expires_in":expires_in, "token_type": "Bearer", "refresh_token":"gafc"}
+        token_data = {"access_token": token, "expires_in": expires_in, "token_type": "Bearer", "refresh_token": "gafc"}
         token_generator_mock = Mock(spec=TokenGenerator)
         token_generator_mock.create_access_token_data.return_value = token_data
         token_generator_mock.refresh_expires_in = 1200
@@ -1588,7 +1590,8 @@ def test_process_with_reissue(self):
         scope_handler_mock = Mock(spec=Scope)
         scope_handler_mock.scopes = scopes
 
-        token_data = {"access_token": token, "expires_in":expires_in, "token_type": "Bearer", "refresh_token":refresh_token}
+        token_data = {"access_token": token, "expires_in": expires_in, "token_type": "Bearer",
+                      "refresh_token": refresh_token}
         token_generator_mock = Mock(spec=TokenGenerator)
         token_generator_mock.create_access_token_data.return_value = token_data
         token_generator_mock.refresh_expires_in = 1200
@@ -1618,7 +1621,6 @@ def test_process_with_reissue(self):
         self.assertDictContainsSubset(expected_headers, result.headers)
         self.assertDictEqual(expected_response_body, json.loads(result.body))
 
-
     @patch("time.time", mock_time)
     def test_read_validate_params(self):
         client_id = "client"
@@ -1645,7 +1647,7 @@ def test_read_validate_params(self):
         request_mock = Mock(spec=Request)
         request_mock.post_param.side_effect = [refresh_token]
 
-        token_generator_mock = Mock(expires_in={'test_grant_type':600})
+        token_generator_mock = Mock(expires_in={'test_grant_type': 600})
         token_generator_mock.refresh_expires_in = 0
 
         scope_handler_mock = Mock(spec=Scope)
@@ -1738,7 +1740,7 @@ def test_read_validate_params_expired_refresh_token(self):
             access_token_store=access_token_store_mock,
             client_authenticator=client_auth_mock,
             scope_handler=Mock(),
-            token_generator=Mock(expires_in={'test_grant_type':600}))
+            token_generator=Mock(expires_in={'test_grant_type': 600}))
 
         with self.assertRaises(OAuthInvalidError) as expected:
             handler.read_validate_params(request_mock)
@@ -1811,7 +1813,6 @@ def test_call_other_grant_type(self):
 class ClientCredentialsHandlerTestCase(unittest.TestCase):
     def test_process(self):
         client_id = "abc"
-        expires_in = 0
         token = "abcd"
 
         expected_response_body = {"access_token": token,
@@ -1827,7 +1828,7 @@ def test_process(self):
 
         token_generator_mock = Mock(spec=TokenGenerator)
         token_generator_mock.generate.return_value = token
-        token_generator_mock.expires_in = {ClientCredentialsGrant.grant_type:expires_in}
+        token_generator_mock.expires_in = {}
         handler = ClientCredentialsHandler(
             access_token_store=access_token_store_mock,
             client_authenticator=Mock(),
@@ -1862,7 +1863,7 @@ def test_process_with_refresh_token(self):
 
         token_generator_mock = Mock(spec=TokenGenerator)
         token_generator_mock.generate.return_value = token
-        token_generator_mock.expires_in = {ClientCredentialsGrant.grant_type:expires_in}
+        token_generator_mock.expires_in = {ClientCredentialsGrant.grant_type: expires_in}
 
         handler = ClientCredentialsHandler(
             access_token_store=access_token_store_mock,
@@ -1916,5 +1917,6 @@ def test_read_validate_params(self):
         scope_handler_mock.parse.assert_called_with(request=request_mock,
                                                     source="body")
 
+
 if __name__ == "__main__":
     unittest.main()