diff options
author | Jonathan Huot <jonathan.huot@thomsonreuters.com> | 2018-12-05 10:59:06 +0100 |
---|---|---|
committer | Jonathan Huot <jonathan.huot@thomsonreuters.com> | 2018-12-05 10:59:06 +0100 |
commit | cd8aa3a42483ae797d7a283ded5699cc4f2a444e (patch) | |
tree | bbdd224fa6b7ef5dd52d576b9cc1c79cc750b2a5 | |
parent | 51c927b0641adcef6e5944c9a67ba1d7edc2eb68 (diff) | |
download | oauthlib-568-remove-expires_at.tar.gz |
Removed expires_at and TokenExpiredError exception568-remove-expires_at
expires_at is not RFC, and must be managed on the implementation side, based on expires_in. The oauthlib should
-rw-r--r-- | docs/oauth2/server.rst | 4 | ||||
-rw-r--r-- | oauthlib/oauth2/__init__.py | 2 | ||||
-rw-r--r-- | oauthlib/oauth2/rfc6749/clients/base.py | 13 | ||||
-rw-r--r-- | oauthlib/oauth2/rfc6749/errors.py | 4 | ||||
-rw-r--r-- | oauthlib/oauth2/rfc6749/parameters.py | 6 | ||||
-rw-r--r-- | tests/oauth2/rfc6749/clients/test_backend_application.py | 1 | ||||
-rw-r--r-- | tests/oauth2/rfc6749/clients/test_base.py | 35 | ||||
-rw-r--r-- | tests/oauth2/rfc6749/clients/test_legacy_application.py | 1 | ||||
-rw-r--r-- | tests/oauth2/rfc6749/clients/test_mobile_application.py | 1 | ||||
-rw-r--r-- | tests/oauth2/rfc6749/clients/test_service_application.py | 3 | ||||
-rw-r--r-- | tests/oauth2/rfc6749/clients/test_web_application.py | 1 | ||||
-rw-r--r-- | tests/oauth2/rfc6749/test_parameters.py | 4 |
12 files changed, 6 insertions, 69 deletions
diff --git a/docs/oauth2/server.rst b/docs/oauth2/server.rst index 35a58aa..bf29f69 100644 --- a/docs/oauth2/server.rst +++ b/docs/oauth2/server.rst @@ -188,7 +188,7 @@ tokens as text. .. code-block:: python - expires_at = django.db.models.DateTimeField() + expires = django.db.models.DateTimeField() Authorization Code ^^^^^^^^^^^^^^^^^^ @@ -244,7 +244,7 @@ the token. .. code-block:: python - expires_at = django.db.models.DateTimeField() + expires = django.db.models.DateTimeField() 2. Implement a validator ------------------------ diff --git a/oauthlib/oauth2/__init__.py b/oauthlib/oauth2/__init__.py index 3f43755..16b63e1 100644 --- a/oauthlib/oauth2/__init__.py +++ b/oauthlib/oauth2/__init__.py @@ -25,7 +25,7 @@ from .rfc6749.endpoints import WebApplicationServer from .rfc6749.endpoints import MobileApplicationServer from .rfc6749.endpoints import LegacyApplicationServer from .rfc6749.endpoints import BackendApplicationServer -from .rfc6749.errors import AccessDeniedError, OAuth2Error, FatalClientError, InsecureTransportError, InvalidClientError, InvalidClientIdError, InvalidGrantError, InvalidRedirectURIError, InvalidRequestError, InvalidRequestFatalError, InvalidScopeError, MismatchingRedirectURIError, MismatchingStateError, MissingClientIdError, MissingCodeError, MissingRedirectURIError, MissingResponseTypeError, MissingTokenError, MissingTokenTypeError, ServerError, TemporarilyUnavailableError, TokenExpiredError, UnauthorizedClientError, UnsupportedGrantTypeError, UnsupportedResponseTypeError, UnsupportedTokenTypeError +from .rfc6749.errors import AccessDeniedError, OAuth2Error, FatalClientError, InsecureTransportError, InvalidClientError, InvalidClientIdError, InvalidGrantError, InvalidRedirectURIError, InvalidRequestError, InvalidRequestFatalError, InvalidScopeError, MismatchingRedirectURIError, MismatchingStateError, MissingClientIdError, MissingCodeError, MissingRedirectURIError, MissingResponseTypeError, MissingTokenError, MissingTokenTypeError, ServerError, TemporarilyUnavailableError, UnauthorizedClientError, UnsupportedGrantTypeError, UnsupportedResponseTypeError, UnsupportedTokenTypeError from .rfc6749.grant_types import AuthorizationCodeGrant from .rfc6749.grant_types import ImplicitGrant from .rfc6749.grant_types import ResourceOwnerPasswordCredentialsGrant diff --git a/oauthlib/oauth2/rfc6749/clients/base.py b/oauthlib/oauth2/rfc6749/clients/base.py index d8ded50..5a027d2 100644 --- a/oauthlib/oauth2/rfc6749/clients/base.py +++ b/oauthlib/oauth2/rfc6749/clients/base.py @@ -13,8 +13,7 @@ import warnings from oauthlib.common import generate_token from oauthlib.oauth2.rfc6749 import tokens -from oauthlib.oauth2.rfc6749.errors import (InsecureTransportError, - TokenExpiredError) +from oauthlib.oauth2.rfc6749.errors import InsecureTransportError from oauthlib.oauth2.rfc6749.parameters import (parse_token_response, prepare_token_request, prepare_token_revocation_request) @@ -87,7 +86,7 @@ class Client(object): :param mac_algorithm: Hashing algorithm for MAC tokens. :param token: A dict of token attributes such as ``access_token``, - ``token_type`` and ``expires_at``. + ``token_type`` and ``expires_in``. :param scope: A list of default scopes to request authorization for. @@ -114,7 +113,6 @@ class Client(object): self.redirect_url = redirect_url self.code = None self.expires_in = None - self._expires_at = None self.populate_token_attributes(self.token) @property @@ -193,9 +191,6 @@ class Client(object): if not (self.access_token or self.token.get('access_token')): raise ValueError("Missing access token.") - if self._expires_at and self._expires_at < time.time(): - raise TokenExpiredError() - return case_insensitive_token_types[self.token_type.lower()](uri, http_method, body, headers, token_placement, **kwargs) @@ -490,10 +485,6 @@ class Client(object): if 'expires_in' in response: self.expires_in = response.get('expires_in') - self._expires_at = time.time() + int(self.expires_in) - - if 'expires_at' in response: - self._expires_at = int(response.get('expires_at')) if 'mac_key' in response: self.mac_key = response.get('mac_key') diff --git a/oauthlib/oauth2/rfc6749/errors.py b/oauthlib/oauth2/rfc6749/errors.py index 678fcff..bad5ecf 100644 --- a/oauthlib/oauth2/rfc6749/errors.py +++ b/oauthlib/oauth2/rfc6749/errors.py @@ -97,10 +97,6 @@ class OAuth2Error(Exception): return json.dumps(dict(self.twotuples)) -class TokenExpiredError(OAuth2Error): - error = 'token_expired' - - class InsecureTransportError(OAuth2Error): error = 'insecure_transport' description = 'OAuth 2 MUST utilize https.' diff --git a/oauthlib/oauth2/rfc6749/parameters.py b/oauthlib/oauth2/rfc6749/parameters.py index 4d0baee..734d5ab 100644 --- a/oauthlib/oauth2/rfc6749/parameters.py +++ b/oauthlib/oauth2/rfc6749/parameters.py @@ -331,9 +331,6 @@ def parse_implicit_response(uri, state=None, scope=None): if 'scope' in params: params['scope'] = scope_to_list(params['scope']) - if 'expires_in' in params: - params['expires_at'] = time.time() + int(params['expires_in']) - if state and params.get('state', None) != state: raise ValueError("Mismatching or missing state in params.") @@ -418,9 +415,6 @@ def parse_token_response(body, scope=None): if 'scope' in params: params['scope'] = scope_to_list(params['scope']) - if 'expires_in' in params: - params['expires_at'] = time.time() + int(params['expires_in']) - params = OAuth2Token(params, old_scope=scope) validate_token_parameters(params) return params diff --git a/tests/oauth2/rfc6749/clients/test_backend_application.py b/tests/oauth2/rfc6749/clients/test_backend_application.py index aa2ba2b..b17564b 100644 --- a/tests/oauth2/rfc6749/clients/test_backend_application.py +++ b/tests/oauth2/rfc6749/clients/test_backend_application.py @@ -36,7 +36,6 @@ class BackendApplicationClientTest(TestCase): "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": 3600, - "expires_at": 4600, "scope": ["/profile"], "example_parameter": "example_value" } diff --git a/tests/oauth2/rfc6749/clients/test_base.py b/tests/oauth2/rfc6749/clients/test_base.py index d48a944..a9144ce 100644 --- a/tests/oauth2/rfc6749/clients/test_base.py +++ b/tests/oauth2/rfc6749/clients/test_base.py @@ -4,7 +4,7 @@ from __future__ import absolute_import, unicode_literals import datetime from oauthlib import common -from oauthlib.oauth2 import Client, InsecureTransportError, TokenExpiredError +from oauthlib.oauth2 import Client, InsecureTransportError from oauthlib.oauth2.rfc6749 import utils from oauthlib.oauth2.rfc6749.clients import AUTH_HEADER, BODY, URI_QUERY @@ -62,15 +62,6 @@ class ClientTest(TestCase): client = Client(self.client_id) self.assertRaises(ValueError, client.add_token, self.uri) - # Expired token - expired = 523549800 - expired_token = { - 'expires_at': expired, - } - client = Client(self.client_id, token=expired_token, access_token=self.access_token, token_type="Bearer") - self.assertRaises(TokenExpiredError, client.add_token, self.uri, - body=self.body, headers=self.headers) - # The default token placement, bearer in auth header client = Client(self.client_id, access_token=self.access_token) uri, headers, body = client.add_token(self.uri, body=self.body, @@ -172,18 +163,6 @@ class ClientTest(TestCase): body=self.body, headers=self.headers, issue_time=datetime.datetime.now()) - # Expired Token - expired = 523549800 - expired_token = { - 'expires_at': expired, - } - client = Client(self.client_id, token=expired_token, token_type="MAC", - access_token=self.access_token, mac_key=self.mac_key, - mac_algorithm="hmac-sha-1") - self.assertRaises(TokenExpiredError, client.add_token, self.uri, - body=self.body, - headers=self.headers, - issue_time=datetime.datetime.now()) # Add the Authorization header (draft 01) client = Client(self.client_id, token_type="MAC", @@ -200,18 +179,6 @@ class ClientTest(TestCase): body=self.body, headers=self.headers, draft=1) - # Expired Token - expired = 523549800 - expired_token = { - 'expires_at': expired, - } - client = Client(self.client_id, token=expired_token, token_type="MAC", - access_token=self.access_token, mac_key=self.mac_key, - mac_algorithm="hmac-sha-1") - self.assertRaises(TokenExpiredError, client.add_token, self.uri, - body=self.body, - headers=self.headers, - draft=1) def test_revocation_request(self): client = Client(self.client_id) diff --git a/tests/oauth2/rfc6749/clients/test_legacy_application.py b/tests/oauth2/rfc6749/clients/test_legacy_application.py index 21af4a3..c914572 100644 --- a/tests/oauth2/rfc6749/clients/test_legacy_application.py +++ b/tests/oauth2/rfc6749/clients/test_legacy_application.py @@ -45,7 +45,6 @@ class LegacyApplicationClientTest(TestCase): "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": 3600, - "expires_at": 4600, "scope": scope, "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter": "example_value" diff --git a/tests/oauth2/rfc6749/clients/test_mobile_application.py b/tests/oauth2/rfc6749/clients/test_mobile_application.py index 622b275..8782a7b 100644 --- a/tests/oauth2/rfc6749/clients/test_mobile_application.py +++ b/tests/oauth2/rfc6749/clients/test_mobile_application.py @@ -41,7 +41,6 @@ class MobileApplicationClientTest(TestCase): "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": 3600, - "expires_at": 4600, "scope": scope, "example_parameter": "example_value" } diff --git a/tests/oauth2/rfc6749/clients/test_service_application.py b/tests/oauth2/rfc6749/clients/test_service_application.py index dc337cf..725494b 100644 --- a/tests/oauth2/rfc6749/clients/test_service_application.py +++ b/tests/oauth2/rfc6749/clients/test_service_application.py @@ -78,7 +78,6 @@ mfvGGg3xNjTMO7IdrwIDAQAB @patch('time.time') def test_request_body(self, t): t.return_value = time() - self.token['expires_at'] = self.token['expires_in'] + t.return_value client = ServiceApplicationClient( self.client_id, private_key=self.private_key) @@ -139,7 +138,6 @@ mfvGGg3xNjTMO7IdrwIDAQAB @patch('time.time') def test_request_body_no_initial_private_key(self, t): t.return_value = time() - self.token['expires_at'] = self.token['expires_in'] + t.return_value client = ServiceApplicationClient( self.client_id, private_key=None) @@ -168,7 +166,6 @@ mfvGGg3xNjTMO7IdrwIDAQAB @patch('time.time') def test_parse_token_response(self, t): t.return_value = time() - self.token['expires_at'] = self.token['expires_in'] + t.return_value client = ServiceApplicationClient(self.client_id) diff --git a/tests/oauth2/rfc6749/clients/test_web_application.py b/tests/oauth2/rfc6749/clients/test_web_application.py index 092f93e..a6699cb 100644 --- a/tests/oauth2/rfc6749/clients/test_web_application.py +++ b/tests/oauth2/rfc6749/clients/test_web_application.py @@ -63,7 +63,6 @@ class WebApplicationClientTest(TestCase): "access_token": "2YotnFZFEjr1zCsicMWpAA", "token_type": "example", "expires_in": 3600, - "expires_at": 4600, "scope": scope, "refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter": "example_value" diff --git a/tests/oauth2/rfc6749/test_parameters.py b/tests/oauth2/rfc6749/test_parameters.py index c42f516..64dfa11 100644 --- a/tests/oauth2/rfc6749/test_parameters.py +++ b/tests/oauth2/rfc6749/test_parameters.py @@ -87,7 +87,6 @@ class ParameterTests(TestCase): 'state': state, 'token_type': 'example', 'expires_in': 3600, - 'expires_at': 4600, 'scope': ['abc'] } @@ -120,7 +119,6 @@ class ParameterTests(TestCase): 'access_token': '2YotnFZFEjr1zCsicMWpAA', 'token_type': 'example', 'expires_in': 3600, - 'expires_at': 4600, 'refresh_token': 'tGzv3JOkF0XG5Qx2TlKWIA', 'example_parameter': 'example_value', 'scope': ['abc', 'def'] @@ -130,7 +128,6 @@ class ParameterTests(TestCase): 'access_token': '2YotnFZFEjr1zCsicMWpAA', 'token_type': 'example', 'expires_in': 3600, - 'expires_at': 4600, 'refresh_token': 'tGzv3JOkF0XG5Qx2TlKWIA', 'example_parameter': 'example_value' } @@ -138,7 +135,6 @@ class ParameterTests(TestCase): json_notype_dict = { 'access_token': '2YotnFZFEjr1zCsicMWpAA', 'expires_in': 3600, - 'expires_at': 4600, 'refresh_token': 'tGzv3JOkF0XG5Qx2TlKWIA', 'example_parameter': 'example_value', } |