我正在对一个项目进行季节性升级,并注意到 django-oauth-toolkit 上次保持为 1.7.1。
升级到 2.x 将两个测试从 200 变为 401,
invalid_client
。
其中一个测试如下所示;
@pytest.fixture
def oauth_data(db):
test_region = Region.objects.create(
name="MyRegion", iso_code_short="MYR", iso_code_long="MYREG"
)
app_owner = USER_MODEL(
username="app-owner",
email="[email protected]",
gender="M",
date_of_birth="1970-1-1",
region=test_region,
first_name="John",
last_name="Doe",
)
app_owner.set_password("password")
app_owner.save()
app_redirects = "http://site1.com/return\r\nhttp://site2.com/back"
app = Application.objects.create(
name="My Test Client",
client_id="test-app",
client_secret="password",
client_type=Application.CLIENT_CONFIDENTIAL,
authorization_grant_type=Application.GRANT_PASSWORD,
user=app_owner,
skip_authorization=True,
redirect_uris=app_redirects,
)
return {"app": app, "app_owner": app_owner}
# some test class here...
def (
self, oauth_data, client, settings
):
mixin = AccessTokenGeneratorMixin()
tokens = mixin.get_access_token(oauth_data["app"], oauth_data["user"])
url = reverse("oauth2_provider:token")
response = client.post(
url,
data={
"client_id": oauth_data["app"].client_id,
"client_secret": oauth_data["app"].client_secret,
"grant_type": "refresh_token",
"refresh_token": tokens["refresh_token"],
},
)
assert 200 == response.status_code
v2 中是否有某些内容(我在发行说明中遗漏了)使该固定装置无效以创建无效客户端!?
这是一个没有很好地阅读别人代码的情况。
在版本 2 中,客户端机密在数据库中进行哈希处理,因此哈希值在执行操作时无法正确识别客户端应用程序;
"client_secret": oauth_data["app"].client_secret,
此处的解决方案是在将数据发送到令牌端点时使用与设置应用程序的
client_secret
相同的值。
@pytest.fixture
def oauth_data(db):
client_secret = "abcdefghijklmnopqrstuvwxyz1234567890"
test_region = Region.objects.create(
name="MyRegion", iso_code_short="MYR", iso_code_long="MYREG"
)
app_owner = USER_MODEL(
username="app-owner",
email="[email protected]",
gender="M",
date_of_birth="1970-1-1",
region=test_region,
first_name="John",
last_name="Doe",
)
app_owner.set_password("password")
app_owner.save()
app_redirects = "http://site1.com/return\r\nhttp://site2.com/back"
app = Application.objects.create(
name="My Test Client",
client_id="test-app",
client_secret=client_secret,
client_type=Application.CLIENT_CONFIDENTIAL,
authorization_grant_type=Application.GRANT_PASSWORD,
user=app_owner,
skip_authorization=True,
redirect_uris=app_redirects,
)
return {
"app": app,
"app_owner": app_owner,
"client_secret": client_secret,
}
# into a class
def test_oauth2_access_token_renewal_format(
self, oauth_data, client, settings
):
mixin = AccessTokenGeneratorMixin()
tokens = mixin.get_access_token(oauth_data["app"], oauth_data["user"])
url = reverse("oauth2_provider:token")
response = client.post(
url,
data={
"client_id": oauth_data["app"].client_id,
"client_secret": oauth_data["client_secret"],
"grant_type": "refresh_token",
"refresh_token": tokens["refresh_token"],
},
)
assert 200 == response.status_code