From 976097657a368ce7e9664d144447b6bf2c02eca4 Mon Sep 17 00:00:00 2001 From: Francisco Date: Wed, 10 Dec 2014 16:45:32 -0300 Subject: [PATCH 1/3] fix get_access_token, multiple tokens created at once --- provider/oauth2/views.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/provider/oauth2/views.py b/provider/oauth2/views.py index 048a4f63..b0d7470f 100644 --- a/provider/oauth2/views.py +++ b/provider/oauth2/views.py @@ -101,6 +101,12 @@ def get_access_token(self, request, user, scope, client): # None found... make a new one! at = self.create_access_token(request, user, scope, client) self.create_refresh_token(request, user, scope, at, client) + except AccessToken.MultipleObjectsReturned: + # Simultaneously created tokens must be destroyeds + at = AccessToken.objects.filter(user=user, client=client, + scope=scope, expires__gt=now()).latest("pk") + AccessToken.objects.filter(user=user, client=client, + scope=scope, expires__gt=now()).exclude(pk=at.pk).delete() return at def create_access_token(self, request, user, scope, client): From 43060b1eed144acbccaa9ef1b833c3423902b9bc Mon Sep 17 00:00:00 2001 From: Diego Kogan Date: Thu, 10 Nov 2016 17:11:58 -0300 Subject: [PATCH 2/3] Update views.py replace mimetype for content_type in Response objects --- provider/views.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/provider/views.py b/provider/views.py index dd1200df..41e0df95 100644 --- a/provider/views.py +++ b/provider/views.py @@ -298,7 +298,7 @@ def error_response(self, error, mimetype='application/json', status=400, Return an error response to the client with default status code of *400* stating the error as outlined in :rfc:`5.2`. """ - return HttpResponse(json.dumps(error), mimetype=mimetype, + return HttpResponse(json.dumps(error), content_type=mimetype, status=status, **kwargs) def get(self, request): @@ -463,7 +463,7 @@ def error_response(self, error, mimetype='application/json', status=400, Return an error response to the client with default status code of *400* stating the error as outlined in :rfc:`5.2`. """ - return HttpResponse(json.dumps(error), mimetype=mimetype, + return HttpResponse(json.dumps(error), content_type=mimetype, status=status, **kwargs) def access_token_response(self, access_token): @@ -488,7 +488,7 @@ def access_token_response(self, access_token): pass return HttpResponse( - json.dumps(response_data), mimetype='application/json' + json.dumps(response_data), content_type='application/json' ) def authorization_code(self, request, data, client): From 377b261d15c64c17f400782fefdd8059b39bce31 Mon Sep 17 00:00:00 2001 From: Diego Kogan Date: Thu, 10 Nov 2016 17:19:38 -0300 Subject: [PATCH 3/3] Update backends.py replace request.REQUEST for request.POST --- provider/oauth2/backends.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/provider/oauth2/backends.py b/provider/oauth2/backends.py index db0fb853..491da6fb 100644 --- a/provider/oauth2/backends.py +++ b/provider/oauth2/backends.py @@ -53,7 +53,7 @@ def authenticate(self, request=None): if request is None: return None - form = ClientAuthForm(request.REQUEST) + form = ClientAuthForm(request.POST) if form.is_valid(): return form.cleaned_data.get('client') @@ -74,7 +74,7 @@ def authenticate(self, request=None): if request is None: return None - form = PublicPasswordGrantForm(request.REQUEST) + form = PublicPasswordGrantForm(request.POST) if form.is_valid(): return form.cleaned_data.get('client')