Merge branch 'release/0.5.7'

libris · Nov 8, 2017 · 87f6321 · 87f6321
2 parents 86f8596 + a5b3431
commit 87f6321
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 3 deletions.
diff --git a/README.rst b/README.rst
@@ -183,6 +183,12 @@ DB Models
 Changelog
 =========
 
+v. 0.5.7
+--------
+
+* Reuse existing OAuth2 tokens on refresh
+
+
 v. 0.5.6
 --------
 

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "xl_auth",
-  "version": "0.5.6",
+  "version": "0.5.7",
   "author": "National Library of Sweden",
   "license": "Apache-2.0",
   "description": "OAuth2 authorization for LibrisXL, replacing BibDB counterpart",

diff --git a/tests/end2end/test_oauth.py b/tests/end2end/test_oauth.py
@@ -111,11 +111,13 @@ def test_refresh_access_token(token, testapp):
     """Get new access token using 'refresh_token'."""
     token.expires_at = datetime.utcnow() - timedelta(seconds=1)
     token.save()
+
+    # Using HTTP-GET
     res = testapp.get(url_for('oauth.create_access_token'),
                       params={'grant_type': 'refresh_token',
                               'refresh_token': token.refresh_token,
                               'client_id': token.client.client_id,
-                              'client_secret': token.client.client_secret}, expect_errors=True)
+                              'client_secret': token.client.client_secret})
 
     updated_token = Token.query.filter_by(user_id=token.user_id, client_id=token.client_id).first()
     assert updated_token.id == token.id
@@ -126,6 +128,19 @@ def test_refresh_access_token(token, testapp):
     assert res.json_body['refresh_token'] == updated_token.refresh_token
     assert res.json_body['app_version'] == __version__
 
+    # Using HTTP-POST
+    res = testapp.post(url_for('oauth.create_access_token'),
+                       params={'grant_type': 'refresh_token',
+                               'refresh_token': updated_token.refresh_token,
+                               'client_id': updated_token.client.client_id,
+                               'client_secret': updated_token.client.client_secret})
+
+    second_updated_token = Token.query.filter_by(user_id=token.user_id,
+                                                 client_id=token.client_id).first()
+    assert second_updated_token.id == updated_token.id
+    assert res.json_body['access_token'] == second_updated_token.access_token
+    assert res.json_body['refresh_token'] == second_updated_token.refresh_token
+
 
 def test_verify_success_response(token, testapp):
     """Get user details and token expiry."""

diff --git a/xl_auth/oauth/views.py b/xl_auth/oauth/views.py
@@ -49,6 +49,8 @@ def set_token(new_token, request_, **_):
     """Create Token object."""
     expires_at = datetime.utcnow() + timedelta(seconds=new_token.get('expires_in'))
     request_params = dict((key, value) for key, value in request_.uri_query_params)
+    if request_.body:
+        request_params.update(request_.body)
 
     if 'grant_type' in request_params and request_params['grant_type'] == 'refresh_token':
         token = Token.query.filter_by(client_id=request_.client.client_id,