Added tests for edge cases

wndhydrnt · wndhydrnt · commit 3513e31f4013 · 2014-02-02T20:21:43.000+01:00
diff --git a/oauth2/datatype.py b/oauth2/datatype.py
@@ -34,6 +34,20 @@ def expires_in(self):
             return time_left
         return 0
 
+    def is_expired(self):
+        """
+        Determines if the token has expired.
+        
+        :return: `True` if the token has expired. Otherwise `False`.
+        """
+        if self.expires_at is None:
+            return False
+
+        if self.expires_in > 0:
+            return False
+
+        return True
+
     def to_json(self):
         json = {"access_token": self.token, "token_type": "Bearer"}
 
diff --git a/oauth2/grant.py b/oauth2/grant.py
@@ -321,6 +321,9 @@ def _sanitize_return_value(self, value):
             return value, None
 
 class AccessTokenMixin(object):
+    """
+    Used by grants that handle refresh token and unique token.
+    """
     def __init__(self, access_token_store, token_generator, **kwargs):
         self.access_token_store = access_token_store
         self.token_generator = token_generator
@@ -339,7 +342,9 @@ def create_token(self, client_id, data, grant_type, scopes, user_id):
                 grant_type,
                 user_id)
 
-            if access_token is not None:
+            if (access_token is not None
+                and access_token.scopes == scopes
+                and access_token.is_expired() == False):
                 token_data = {"access_token": access_token.token,
                               "token_type": "Bearer"}
 
diff --git a/oauth2/test/test_grant.py b/oauth2/test/test_grant.py
@@ -872,6 +872,77 @@ def test_process_with_unique_access_token_not_found(self):
         self.assertDictEqual(expected_response_body,
                              json.loads(response_result.body))
 
+    def test_process_with_unique_access_token_different_scope(self):
+        access_token_data = {"client_id": "myclient",
+                             "grant_type": "authorization_code",
+                             "token": "xyz890", "data": {}, "expires_at": 1200,
+                             "refresh_token": "mno789", "scopes": ["foo", "bar"],
+                             "user_id": 123}
+        access_token = AccessToken(**access_token_data)
+        token_data = {"access_token": "abc123", "token_type": "Bearer",
+                      "refresh_token": "def456", "expires_in": 1000}
+        expected_response_body = copy(token_data)
+        expected_response_body["scope"] = "bar baz"
+
+        response = Response()
+
+        access_token_store_mock = Mock(spec=AccessTokenStore)
+        access_token_store_mock.fetch_existing_token_of_user.return_value = access_token
+
+        token_generator_mock = Mock(spec=TokenGenerator)
+        token_generator_mock.create_access_token_data.return_value = token_data
+
+        handler = AuthorizationCodeTokenHandler(
+            access_token_store=access_token_store_mock,
+            auth_token_store=Mock(spec=AuthCodeStore),
+            client_store=Mock(spec=ClientStore),
+            token_generator=token_generator_mock)
+        handler.client_id = access_token_data["client_id"]
+        handler.data = {}
+        handler.unique_token = True
+        handler.user_id = 123
+        handler.scopes = ["bar", "baz"]
+
+        response_result = handler.process(Mock(), response, {})
+        self.assertDictEqual(expected_response_body,
+                             json.loads(response_result.body))
+
+    @patch("time.time", mock_time)
+    def test_process_with_unique_access_token_expired_token(self):
+        access_token_data = {"client_id": "myclient",
+                             "grant_type": "authorization_code",
+                             "token": "xyz890", "data": {}, "expires_at": 300,
+                             "refresh_token": "mno789", "scopes": ["foo", "bar"],
+                             "user_id": 123}
+        access_token = AccessToken(**access_token_data)
+        token_data = {"access_token": "abc123", "token_type": "Bearer",
+                      "refresh_token": "def456", "expires_in": 1000}
+        expected_response_body = copy(token_data)
+        expected_response_body["scope"] = "foo bar"
+
+        response = Response()
+
+        access_token_store_mock = Mock(spec=AccessTokenStore)
+        access_token_store_mock.fetch_existing_token_of_user.return_value = access_token
+
+        token_generator_mock = Mock(spec=TokenGenerator)
+        token_generator_mock.create_access_token_data.return_value = token_data
+
+        handler = AuthorizationCodeTokenHandler(
+            access_token_store=access_token_store_mock,
+            auth_token_store=Mock(spec=AuthCodeStore),
+            client_store=Mock(spec=ClientStore),
+            token_generator=token_generator_mock)
+        handler.client_id = access_token_data["client_id"]
+        handler.data = {}
+        handler.unique_token = True
+        handler.user_id = 123
+        handler.scopes = ["foo", "bar"]
+
+        response_result = handler.process(Mock(), response, {})
+        self.assertDictEqual(expected_response_body,
+                             json.loads(response_result.body))
+
     def test_process_with_unique_access_token_no_user_id(self):
         handler = AuthorizationCodeTokenHandler(
             access_token_store=Mock(spec=AccessTokenStore),
