Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

handle oauthlib errors on create token and revoke token requests #1210

Merged
merged 1 commit into from
Oct 10, 2022
Merged

handle oauthlib errors on create token and revoke token requests #1210

merged 1 commit into from
Oct 10, 2022

Conversation

AndrejZbin
Copy link
Contributor

@AndrejZbin AndrejZbin commented Oct 4, 2022
edited
Loading

Fixes #1209

Description of the Change

Checklist

  • PR only contains one change (considered splitting up PR)
  • unit-test added
  • documentation updated
  • CHANGELOG.md updated (only for user relevant changes)
  • author name in AUTHORS

@codecov
Copy link

codecov bot commented Oct 4, 2022
edited
Loading

Codecov Report

Merging #1210 (04cf3af) into master (da459a1) will increase coverage by 0.16%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master    #1210      +/-   ##
==========================================
+ Coverage   96.04%   96.20%   +0.16%     
==========================================
  Files          26       26              
  Lines        1314     1317       +3     
==========================================
+ Hits         1262     1267       +5     
+ Misses         52       50       -2
Impacted Files Coverage Δ
oauth2_provider/oauth2_backends.py 94.54% <100.00%> (+0.15%) ⬆️
oauth2_provider/oauth2_validators.py 93.98% <0.00%> (+0.44%) ⬆️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

n2ygk
n2ygk requested changes Oct 4, 2022
View reviewed changes
Copy link
Member

@n2ygk n2ygk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AndrejZbin Thanks for this and filling in the PR template.

Please add test case(s) to demonstrate the original bug and the fix.
Code coverage shows that this new code is not exercised by any tests:

https://github.com/jazzband/django-oauth-toolkit/pull/1210/checks?check_run_id=8701284936

@AndrejZbin AndrejZbin force-pushed the fix-catch-oauth-errors branch 6 times, most recently from 8e9066f to 12c9de9 Compare October 5, 2022 09:18
@AndrejZbin AndrejZbin requested a review from n2ygk October 5, 2022 11:27
n2ygk
n2ygk requested changes Oct 6, 2022
View reviewed changes
oauth2_provider/oauth2_backends.py Outdated
headers, body, status = self.server.create_revocation_response(uri, http_method, body, headers)
uri = headers.get("Location", None)
return uri, headers, body, status
except OAuth2Error as exc:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

According to https://github.com/jazzband/django-oauth-toolkit/pull/1210/checks?check_run_id=8744338670 the newly-added exception case is not tested. Please add some failure tests.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So apparently create_revocation_response errors are handled by oauthlib and the added try/except block is redundant in this function. But I think it won't hurt to be on "safe" side and still catch errors from oautlib, at least for consistency across functions. I added test cases that cover the the "except" block in both functions even when the exception is handled by oauthlib. However, if this slight redundancy is not desired, I'm happy to remove it and change only create_token_response method.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AndrejZbin I don't think it's necessary to have extra lines of code that will never be used and mock patching the oauthlib response is inappropriate if oauthlib would never return such a response.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair enough, I reverted changes to create_revocation_response function and removed tests with mock patching.

@AndrejZbin AndrejZbin force-pushed the fix-catch-oauth-errors branch 2 times, most recently from 9f93ff1 to 13643a7 Compare October 10, 2022 07:43
@AndrejZbin AndrejZbin force-pushed the fix-catch-oauth-errors branch from 13643a7 to 04cf3af Compare October 10, 2022 13:09
n2ygk
n2ygk approved these changes Oct 10, 2022
View reviewed changes
Copy link
Member

@n2ygk n2ygk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this!

@n2ygk n2ygk merged commit be34163 into jazzband:master Oct 10, 2022
@n2ygk n2ygk added this to the 2.2.0 milestone Oct 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@n2ygk n2ygk n2ygk approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.2.0
Development

Successfully merging this pull request may close these issues.

Using GET parameters in /o/token/ endpoint causes http 500 error (instead of 400)
2 participants
@AndrejZbin @n2ygk