diff options
| author | Ib Lundgren <ib.lundgren@gmail.com> | 2014-10-01 13:58:21 +0100 |
|---|---|---|
| committer | Ib Lundgren <ib.lundgren@gmail.com> | 2014-10-01 13:58:21 +0100 |
| commit | 201f9f00ff176c6105142d63b33c85127983b011 (patch) | |
| tree | 227bfd65d02349622e414d9970975dda7dccadd4 | |
| parent | 6ffcc4f2ae6b66e42c1f58b6de634fe969b473a0 (diff) | |
| parent | 2e4e232ade206962b7979e7c0299d7ff0cd4ad41 (diff) | |
| download | oauthlib-201f9f00ff176c6105142d63b33c85127983b011.tar.gz | |
Merge pull request #275 from DavidMuller/resource_owner_password_credential_grant_optional_refresh_token
Resource owner password credential grant optional refresh token
| -rw-r--r-- | oauthlib/oauth2/rfc6749/grant_types/resource_owner_password_credentials.py | 9 | ||||
| -rw-r--r-- | tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py | 26 |
2 files changed, 33 insertions, 2 deletions
diff --git a/oauthlib/oauth2/rfc6749/grant_types/resource_owner_password_credentials.py b/oauthlib/oauth2/rfc6749/grant_types/resource_owner_password_credentials.py index f1e3dd5..27df062 100644 --- a/oauthlib/oauth2/rfc6749/grant_types/resource_owner_password_credentials.py +++ b/oauthlib/oauth2/rfc6749/grant_types/resource_owner_password_credentials.py @@ -70,8 +70,13 @@ class ResourceOwnerPasswordCredentialsGrant(GrantTypeBase): .. _`Resource Owner Password Credentials Grant`: http://tools.ietf.org/html/rfc6749#section-4.3 """ - def __init__(self, request_validator=None): + def __init__(self, request_validator=None, refresh_token=True): + """ + If the refresh_token keyword argument is False, do not return + a refresh token in the response. + """ self.request_validator = request_validator or RequestValidator() + self.refresh_token = refresh_token def create_token_response(self, request, token_handler): """Return token or error in json format. @@ -105,7 +110,7 @@ class ResourceOwnerPasswordCredentialsGrant(GrantTypeBase): log.debug('Client error in token request, %s.', e) return headers, e.json, e.status_code - token = token_handler.create_token(request, refresh_token=True) + token = token_handler.create_token(request, self.refresh_token) log.debug('Issuing token %r to client id %r (%r) and username %s.', token, request.client_id, request.client, request.username) return headers, json.dumps(token), 200 diff --git a/tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py b/tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py index eeb13c1..dad668b 100644 --- a/tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py +++ b/tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py @@ -52,6 +52,32 @@ class ResourceOwnerPasswordCredentialsGrantTest(TestCase): status_code = self.auth.create_token_response(self.request, bearer)[2] self.assertEqual(status_code, 401) + def test_create_token_response_without_refresh_token(self): + # self.auth.refresh_token = False so we don't generate a refresh token + self.auth = ResourceOwnerPasswordCredentialsGrant( + request_validator=self.mock_validator, refresh_token=False) + bearer = BearerToken(self.mock_validator) + headers, body, status_code = self.auth.create_token_response( + self.request, bearer) + token = json.loads(body) + self.assertIn('access_token', token) + self.assertIn('token_type', token) + self.assertIn('expires_in', token) + # ensure no refresh token is generated + self.assertNotIn('refresh_token', token) + # ensure client_authentication_required() is properly called + self.mock_validator.client_authentication_required.assert_called_once_with(self.request) + # fail client authentication + self.mock_validator.validate_user.return_value = True + self.mock_validator.authenticate_client.return_value = False + status_code = self.auth.create_token_response(self.request, bearer)[2] + self.assertEqual(status_code, 401) + # mock client_authentication_required() returning False then fail + self.mock_validator.client_authentication_required.return_value = False + self.mock_validator.authenticate_client_id.return_value = False + status_code = self.auth.create_token_response(self.request, bearer)[2] + self.assertEqual(status_code, 401) + def test_error_response(self): pass |