From 1606b7492217d2ea6e99fd66a826d3395f6f6318 Mon Sep 17 00:00:00 2001 From: Mats Blomdahl Date: Wed, 8 Nov 2017 09:40:55 +0100 Subject: [PATCH 1/2] Bump version and update changelog --- README.rst | 6 ++++++ package-lock.json | 2 +- package.json | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/README.rst b/README.rst index 514d91c5..512c9045 100644 --- a/README.rst +++ b/README.rst @@ -183,6 +183,12 @@ DB Models Changelog ========= +v. 0.5.7 +-------- + +* Reuse existing OAuth2 tokens on refresh + + v. 0.5.6 -------- diff --git a/package-lock.json b/package-lock.json index 102ef42d..cffa08ce 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "xl_auth", - "version": "0.5.6", + "version": "0.5.7", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index 7bf20bc7..e08b17ee 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "xl_auth", - "version": "0.5.6", + "version": "0.5.7", "author": "National Library of Sweden", "license": "Apache-2.0", "description": "OAuth2 authorization for LibrisXL, replacing BibDB counterpart", From a5b3431d6f26f3bfddfa08468e3ca67f8a54894a Mon Sep 17 00:00:00 2001 From: Mats Blomdahl Date: Wed, 8 Nov 2017 09:42:40 +0100 Subject: [PATCH 2/2] Update `end2end/test_oauth:test_refresh_access_token` to use POST and GET --- tests/end2end/test_oauth.py | 17 ++++++++++++++++- xl_auth/oauth/views.py | 2 ++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/tests/end2end/test_oauth.py b/tests/end2end/test_oauth.py index bfe9cb0b..2ee4c65e 100644 --- a/tests/end2end/test_oauth.py +++ b/tests/end2end/test_oauth.py @@ -111,11 +111,13 @@ def test_refresh_access_token(token, testapp): """Get new access token using 'refresh_token'.""" token.expires_at = datetime.utcnow() - timedelta(seconds=1) token.save() + + # Using HTTP-GET res = testapp.get(url_for('oauth.create_access_token'), params={'grant_type': 'refresh_token', 'refresh_token': token.refresh_token, 'client_id': token.client.client_id, - 'client_secret': token.client.client_secret}, expect_errors=True) + 'client_secret': token.client.client_secret}) updated_token = Token.query.filter_by(user_id=token.user_id, client_id=token.client_id).first() assert updated_token.id == token.id @@ -126,6 +128,19 @@ def test_refresh_access_token(token, testapp): assert res.json_body['refresh_token'] == updated_token.refresh_token assert res.json_body['app_version'] == __version__ + # Using HTTP-POST + res = testapp.post(url_for('oauth.create_access_token'), + params={'grant_type': 'refresh_token', + 'refresh_token': updated_token.refresh_token, + 'client_id': updated_token.client.client_id, + 'client_secret': updated_token.client.client_secret}) + + second_updated_token = Token.query.filter_by(user_id=token.user_id, + client_id=token.client_id).first() + assert second_updated_token.id == updated_token.id + assert res.json_body['access_token'] == second_updated_token.access_token + assert res.json_body['refresh_token'] == second_updated_token.refresh_token + def test_verify_success_response(token, testapp): """Get user details and token expiry.""" diff --git a/xl_auth/oauth/views.py b/xl_auth/oauth/views.py index 05447ec5..604003d7 100644 --- a/xl_auth/oauth/views.py +++ b/xl_auth/oauth/views.py @@ -49,6 +49,8 @@ def set_token(new_token, request_, **_): """Create Token object.""" expires_at = datetime.utcnow() + timedelta(seconds=new_token.get('expires_in')) request_params = dict((key, value) for key, value in request_.uri_query_params) + if request_.body: + request_params.update(request_.body) if 'grant_type' in request_params and request_params['grant_type'] == 'refresh_token': token = Token.query.filter_by(client_id=request_.client.client_id,