Merge pull request #71 from Tictrac/bugfix/single-access-token-refresh

Fixes #70. Prevent multiple access tokens from being returned.
This commit is contained in:
Evan Culver 2014-03-17 15:06:43 -07:00
commit a7d7e0ffa4
2 changed files with 19 additions and 1 deletions

View File

@ -296,6 +296,23 @@ class AccessTokenTest(BaseOAuth2TestCase):
constants.SINGLE_ACCESS_TOKEN = False
def test_fetching_single_access_token_after_refresh(self):
constants.SINGLE_ACCESS_TOKEN = True
token = self._login_authorize_get_token()
self.client.post(self.access_token_url(), {
'grant_type': 'refresh_token',
'refresh_token': token['refresh_token'],
'client_id': self.get_client().client_id,
'client_secret': self.get_client().client_secret,
})
new_token = self._login_authorize_get_token()
self.assertNotEqual(token['access_token'], new_token['access_token'])
constants.SINGLE_ACCESS_TOKEN = False
def test_fetching_access_token_multiple_times(self):
self._login_authorize_get_token()
code = self.get_grant().code

View File

@ -95,7 +95,8 @@ class AccessTokenView(AccessTokenView):
def get_access_token(self, request, user, scope, client):
try:
# Attempt to fetch an existing access token.
at = AccessToken.objects.get(user=user, client=client, scope=scope)
at = AccessToken.objects.get(user=user, client=client,
scope=scope, expires__gt=now())
except AccessToken.DoesNotExist:
# None found... make a new one!
at = self.create_access_token(request, user, scope, client)