diff options
author | Jonathan Huot <jonathan.huot@thomsonreuters.com> | 2018-12-13 10:43:12 +0100 |
---|---|---|
committer | Jonathan Huot <jonathan.huot@thomsonreuters.com> | 2018-12-13 10:43:12 +0100 |
commit | 61458583d83959a37e56c20eb09546aaa63b4829 (patch) | |
tree | bbd31c8613d2642bc9c3e4ded1323d43ffa3998f | |
parent | a9ec83a40477e6b5b460b6f203607199f5f16779 (diff) | |
download | oauthlib-61458583d83959a37e56c20eb09546aaa63b4829.tar.gz |
Add Content-Type and Cache headers to introspect/revocation errors
4 files changed, 47 insertions, 15 deletions
diff --git a/oauthlib/oauth2/rfc6749/endpoints/introspect.py b/oauthlib/oauth2/rfc6749/endpoints/introspect.py index 4db1bdc..4a531e4 100644 --- a/oauthlib/oauth2/rfc6749/endpoints/introspect.py +++ b/oauthlib/oauth2/rfc6749/endpoints/introspect.py @@ -57,24 +57,25 @@ class IntrospectEndpoint(BaseEndpoint): an introspection response indicating the token is not active as described in Section 2.2. """ + headers = { + 'Content-Type': 'application/json', + 'Cache-Control': 'no-store', + 'Pragma': 'no-cache', + } request = Request(uri, http_method, body, headers) try: self.validate_introspect_request(request) log.debug('Token introspect valid for %r.', request) except OAuth2Error as e: log.debug('Client error during validation of %r. %r.', request, e) - return e.headers, e.json, e.status_code + headers.update(e.headers) + return headers, e.json, e.status_code claims = self.request_validator.introspect_token( request.token, request.token_type_hint, request ) - headers = { - 'Content-Type': 'application/json', - 'Cache-Control': 'no-store', - 'Pragma': 'no-cache', - } if claims is None: return headers, json.dumps(dict(active=False)), 200 if "active" in claims: diff --git a/oauthlib/oauth2/rfc6749/endpoints/revocation.py b/oauthlib/oauth2/rfc6749/endpoints/revocation.py index 6c59a1e..f7e591d 100644 --- a/oauthlib/oauth2/rfc6749/endpoints/revocation.py +++ b/oauthlib/oauth2/rfc6749/endpoints/revocation.py @@ -59,6 +59,11 @@ class RevocationEndpoint(BaseEndpoint): An invalid token type hint value is ignored by the authorization server and does not influence the revocation response. """ + headers = { + 'Content-Type': 'application/json', + 'Cache-Control': 'no-store', + 'Pragma': 'no-cache', + } request = Request( uri, http_method=http_method, body=body, headers=headers) try: @@ -69,7 +74,8 @@ class RevocationEndpoint(BaseEndpoint): response_body = e.json if self.enable_jsonp and request.callback: response_body = '%s(%s);' % (request.callback, response_body) - return e.headers, response_body, e.status_code + headers.update(e.headers) + return headers, response_body, e.status_code self.request_validator.revoke_token(request.token, request.token_type_hint, request) diff --git a/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py b/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py index e41b83f..f92652b 100644 --- a/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py +++ b/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py @@ -86,7 +86,12 @@ class IntrospectEndpointTest(TestCase): ('token_type_hint', 'access_token')]) h, b, s = self.endpoint.create_introspect_response(self.uri, headers=self.headers, body=body) - self.assertEqual(h, {"WWW-Authenticate": 'Bearer, error="invalid_client"'}) + self.assertEqual(h, { + 'Content-Type': 'application/json', + 'Cache-Control': 'no-store', + 'Pragma': 'no-cache', + "WWW-Authenticate": 'Bearer, error="invalid_client"' + }) self.assertEqual(loads(b)['error'], 'invalid_client') self.assertEqual(s, 401) @@ -109,7 +114,12 @@ class IntrospectEndpointTest(TestCase): ('token_type_hint', 'access_token')]) h, b, s = self.endpoint.create_introspect_response(self.uri, headers=self.headers, body=body) - self.assertEqual(h, {"WWW-Authenticate": 'Bearer, error="invalid_client"'}) + self.assertEqual(h, { + 'Content-Type': 'application/json', + 'Cache-Control': 'no-store', + 'Pragma': 'no-cache', + "WWW-Authenticate": 'Bearer, error="invalid_client"' + }) self.assertEqual(loads(b)['error'], 'invalid_client') self.assertEqual(s, 401) @@ -121,12 +131,12 @@ class IntrospectEndpointTest(TestCase): ('token_type_hint', 'refresh_token')]) h, b, s = endpoint.create_introspect_response(self.uri, headers=self.headers, body=body) - self.assertEqual(h, {}) + self.assertEqual(h, self.resp_h) self.assertEqual(loads(b)['error'], 'unsupported_token_type') self.assertEqual(s, 400) h, b, s = endpoint.create_introspect_response(self.uri, headers=self.headers, body='') - self.assertEqual(h, {}) + self.assertEqual(h, self.resp_h) self.assertEqual(loads(b)['error'], 'invalid_request') self.assertEqual(s, 400) diff --git a/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py b/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py index a6a5cb2..2a24177 100644 --- a/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py +++ b/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py @@ -24,6 +24,11 @@ class RevocationEndpointTest(TestCase): self.headers = { 'Content-Type': 'application/x-www-form-urlencoded', } + self.resp_h = { + 'Cache-Control': 'no-store', + 'Content-Type': 'application/json', + 'Pragma': 'no-cache' + } def test_revoke_token(self): for token_type in ('access_token', 'refresh_token', 'invalid'): @@ -49,7 +54,12 @@ class RevocationEndpointTest(TestCase): ('token_type_hint', 'access_token')]) h, b, s = self.endpoint.create_revocation_response(self.uri, headers=self.headers, body=body) - self.assertEqual(h, {"WWW-Authenticate": 'Bearer, error="invalid_client"'}) + self.assertEqual(h, { + 'Content-Type': 'application/json', + 'Cache-Control': 'no-store', + 'Pragma': 'no-cache', + "WWW-Authenticate": 'Bearer, error="invalid_client"' + }) self.assertEqual(loads(b)['error'], 'invalid_client') self.assertEqual(s, 401) @@ -72,7 +82,12 @@ class RevocationEndpointTest(TestCase): ('token_type_hint', 'access_token')]) h, b, s = self.endpoint.create_revocation_response(self.uri, headers=self.headers, body=body) - self.assertEqual(h, {"WWW-Authenticate": 'Bearer, error="invalid_client"'}) + self.assertEqual(h, { + 'Content-Type': 'application/json', + 'Cache-Control': 'no-store', + 'Pragma': 'no-cache', + "WWW-Authenticate": 'Bearer, error="invalid_client"' + }) self.assertEqual(loads(b)['error'], 'invalid_client') self.assertEqual(s, 401) @@ -96,12 +111,12 @@ class RevocationEndpointTest(TestCase): ('token_type_hint', 'refresh_token')]) h, b, s = endpoint.create_revocation_response(self.uri, headers=self.headers, body=body) - self.assertEqual(h, {}) + self.assertEqual(h, self.resp_h) self.assertEqual(loads(b)['error'], 'unsupported_token_type') self.assertEqual(s, 400) h, b, s = endpoint.create_revocation_response(self.uri, headers=self.headers, body='') - self.assertEqual(h, {}) + self.assertEqual(h, self.resp_h) self.assertEqual(loads(b)['error'], 'invalid_request') self.assertEqual(s, 400) |