[Python-modules-commits] [python-oauthlib] 02/07: Import python-oauthlib_1.1.2.orig.tar.gz

Daniele Tricoli eriol-guest at moszumanska.debian.org
Fri Jun 10 19:59:45 UTC 2016


This is an automated email from the git hooks/post-receive script.

eriol-guest pushed a commit to branch master
in repository python-oauthlib.

commit 13a42d9009258b39eaae55ac411058a480c4bbd0
Author: Daniele Tricoli <eriol at mornie.org>
Date:   Fri Jun 10 18:49:34 2016 +0200

    Import python-oauthlib_1.1.2.orig.tar.gz
---
 CHANGELOG.rst                                      | 267 +++++++++++++++++++++
 MANIFEST.in                                        |   2 +-
 PKG-INFO                                           |  10 +-
 README.rst                                         |   8 +-
 oauthlib.egg-info/PKG-INFO                         |  10 +-
 oauthlib.egg-info/SOURCES.txt                      |   2 +-
 oauthlib.egg-info/pbr.json                         |   1 -
 oauthlib.egg-info/requires.txt                     |   2 -
 oauthlib/__init__.py                               |   2 +-
 oauthlib/common.py                                 |  14 +-
 .../rfc6749/grant_types/authorization_code.py      |   5 +-
 .../oauth2/rfc6749/grant_types/refresh_token.py    |   5 +-
 oauthlib/oauth2/rfc6749/tokens.py                  |   6 +-
 setup.cfg                                          |   2 +-
 .../rfc6749/grant_types/test_authorization_code.py |  17 ++
 tests/test_common.py                               |  26 +-
 16 files changed, 345 insertions(+), 34 deletions(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
new file mode 100644
index 0000000..91e0565
--- /dev/null
+++ b/CHANGELOG.rst
@@ -0,0 +1,267 @@
+Changelog
+=========
+
+1.1.2 (2016-06-01)
+------------------
+* (Fix) Query strings should be able to include colons.
+* (Fix) Cast body to a string to ensure that we can perform a regex substitution on it.
+
+1.1.1 (2016-05-01)
+------------------
+* (Enhancement) Better sanitisation of Request objects __repr__.
+
+1.1.0 (2016-04-11)
+------------------
+* (Fix) '(', ')', '/' and '?' are now safe characters in url encoded strings.
+* (Enhancement) Added support for specifying if refresh tokens should be created on authorization code grants.
+* (Fix) OAuth2Token now handles None scopes correctly.
+* (Fix) Request token is now available for OAuth 1.
+* (Enhancement) OAuth2Token is declared with __slots__ for smaller memory footprint.
+* (Enhancement) RefreshTokenGrant now allows to set issue_new_refresh_tokens.
+* Documentation improvements and fixes.
+
+1.0.3 (2015-08-16)
+------------------
+* (Fix) Changed the documented return type of the ```invalidate_request_token()``` method from the RSA key to None since nobody is using the return type.
+* (Enhancement) Added a validator log that will store what the endpoint has computed for debugging and logging purposes (OAuth 1 only for now).
+
+1.0.2 (2015-08-10)
+------------------
+* (Fix) Allow client secret to be null for public applications that do not mandate it's specification in the query parameters.
+* (Fix) Encode request body before hashing in order to prevent encoding errors in Python 3.
+
+1.0.1 (2015-07-27)
+------------------
+* (Fix) Added token_type_hint to the list of default Request parameters.
+
+1.0.0 (2015-07-19)
+------------------
+
+* (Breaking Change) Replace pycrypto with cryptography from https://cryptography.io
+* (Breaking Change) Update jwt to 1.0.0 (which is backwards incompatible) no oauthlib api changes
+  were made.
+* (Breaking Change) Raise attribute error for non-existing attributes in the Request object.
+* (Fix) Strip whitespace off of scope string.
+* (Change) Don't require to return the state in the access token response.
+* (Change) Hide password in logs.
+* (Fix) Fix incorrect invocation of prepare_refresh_body in the OAuth2 client.
+* (Fix) Handle empty/non-parsable query strings.
+* (Fix) Check if an RSA key is actually needed before requiring it.
+* (Change) Allow tuples for list_to_scope as well as sets and lists.
+* (Change) Add code to determine if client authentication is required for OAuth2.
+* (Fix) Fix error message on invalid Content-Type header for OAtuh1 signing.
+* (Fix) Allow ! character in query strings.
+* (Fix) OAuth1 now includes the body hash for requests that specify any content-type that isn't x-www-form-urlencoded.
+* (Fix) Fixed error description in oauth1 endpoint.
+* (Fix) Revocation endpoint for oauth2 will now return an empty string in the response body instead of 'None'.
+* Increased test coverage.
+* Performance improvements.
+* Documentation improvements and fixes.
+
+0.7.2 (2014-11-13)
+------------------
+
+* (Quick fix) Unpushed locally modified files got included in the PyPI 0.7.1
+  release. Doing a new clean release to address this. Please upgrade quickly
+  and report any issues you are running into.
+
+0.7.1 (2014-10-27)
+------------------
+
+* (Quick fix) Add oauthlib.common.log object back in for libraries using it.
+
+0.7.0 (2014-10-27)
+------------------
+
+* (Change) OAuth2 clients will not raise a Warning on scope change if
+  the environment variable ``OAUTHLIB_RELAX_TOKEN_SCOPE`` is set. The token
+  will now be available as an attribute on the error, ``error.token``.
+  Token changes will now also be announced using blinker.
+* (Fix/Feature) Automatic fixes of non-compliant OAuth2 provider responses (e.g. Facebook).
+* (Fix) Logging is now tiered (per file) as opposed to logging all under ``oauthlib``.
+* (Fix) Error messages should now include a description in their message.
+* (Fix/Feature) Optional support for jsonp callbacks after token revocation.
+* (Feature) Client side preparation of OAuth 2 token revocation requests.
+* (Feature) New OAuth2 client API methods for preparing full requests.
+* (Feature) OAuth1 SignatureOnlyEndpoint that only verifies signatures and client IDs.
+* (Fix/Feature) Refresh token grant now allow optional refresh tokens.
+* (Fix) add missing state param to OAuth2 errors.
+* (Fix) add_params_to_uri now properly parse fragment.
+* (Fix/Feature) All OAuth1 errors can now be imported from oauthlib.oauth1.
+* (Fix/Security) OAuth2 logs will now strip client provided password, if present.
+* Allow unescaped @ in urlencoded parameters.
+
+0.6.3 (2014-06-10)
+------------------
+
+Quick fix. OAuth 1 client repr in 0.6.2 overwrote secrets when scrubbing for print.
+
+0.6.2 (2014-06-06)
+------------------
+
+* Numerous OAuth2 provider errors now suggest a status code of 401 instead
+  of 400 (#247.
+
+* Added support for JSON web tokens with oauthlib.common.generate_signed_token.
+  Install extra dependency with oauthlib[signedtoken] (#237).
+
+* OAuth2 scopes can be arbitrary objects with __str__ defined (#240).
+
+* OAuth 1 Clients can now register custom signature methods (#239).
+
+* Exposed new method oauthlib.oauth2.is_secure_transport that checks whether
+  the given URL is HTTPS. Checks using this method can be disabled by setting
+  the environment variable OAUTHLIB_INSECURE_TRANSPORT (#249).
+
+* OAuth1 clients now has __repr__ and will be printed with secrets scrubbed.
+
+* OAuth1 Client.get_oauth_params now takes an oauthlib.Request as an argument.
+
+* urldecode will now raise a much more informative error message on
+  incorrectly encoded strings.
+
+* Plenty of typo and other doc fixes.
+
+0.6.1 (2014-01-20)
+------------------
+
+Draft revocation endpoint features and numerous fixes including:
+
+* (OAuth 2 Provider) is_within_original_scope to check whether a refresh token
+  is trying to aquire a new set of scopes that are a subset of the original scope.
+
+* (OAuth 2 Provider) expires_in token lifetime can be set per request.
+
+* (OAuth 2 Provider) client_authentication_required method added to differentiate
+  between public and confidential clients.
+
+* (OAuth 2 Provider) rotate_refresh_token now indicates whether a new refresh
+  token should be generated during token refresh or if old should be kept.
+
+* (OAuth 2 Provider) returned JSON headers no longer include charset.
+
+* (OAuth 2 Provider) validate_authorizatoin_request now also includes the
+  internal request object in the returned dictionary. Note that this is
+  not meant to be relied upon heavily and its interface might change.
+
+* and many style and typo fixes.
+
+0.6.0
+-----
+
+OAuth 1 & 2 provider API refactor with breaking changes:
+
+* All endpoint methods change contract to return 3 values instead of 4. The new
+  signature is `headers`, `body`, `status code` where the initial `redirect_uri`
+  has been relocated to its rightful place inside headers as `Location`.
+
+* OAuth 1 Access Token Endpoint has a new required validator method
+  `invalidate_request_token`.
+
+* OAuth 1 Authorization Endpoint now returns a 200 response instead of 302 on
+  `oob` callbacks.
+
+0.5.1
+-----
+
+OAuth 1 provider fix for incorrect token param in nonce validation.
+
+0.5.0
+-----
+
+OAuth 1 provider refactor. OAuth 2 refresh token validation fix.
+
+0.4.2
+-----
+
+OAuth 2 draft to RFC. Removed OAuth 2 framework decorators.
+
+0.4.1
+-----
+
+Documentation corrections and various small code fixes.
+
+0.4.0
+-----
+
+OAuth 2 Provider support (experimental).
+
+0.3.8
+-----
+
+OAuth 2 Client now uses custom errors and raise on expire.
+
+0.3.7
+-----
+
+OAuth 1 optional encoding of Client.sign return values.
+
+0.3.6
+-----
+
+Revert default urlencoding.
+
+0.3.5
+-----
+
+Default unicode conversion (utf-8) and urlencoding of input.
+
+0.3.4
+-----
+
+A number of small features and bug fixes.
+
+0.3.3
+-----
+
+OAuth 1 Provider verify now return useful params.
+
+0.3.2
+-----
+
+Fixed #62, all Python 3 tests pass.
+
+0.3.1
+-----
+
+Python 3.1, 3.2, 3.3 support (experimental).
+
+0.3.0
+-----
+
+Initial OAuth 2 client support.
+
+0.2.1
+-----
+
+Exclude non urlencoded bodies during request verification.
+
+0.2.0
+-----
+
+OAuth provider support.
+
+0.1.4
+-----
+
+Soft dependency on PyCrypto.
+
+0.1.3
+-----
+
+Use python-rsa instead of pycrypto.
+
+0.1.1 / 0.1.2
+-------------
+
+Fix installation of pycrypto dependency.
+
+0.1.0
+-----
+
+OAuth 1 client functionality seems to be working. Hooray!
+
+0.0.x
+-----
+
+In the beginning, there was the word.
diff --git a/MANIFEST.in b/MANIFEST.in
index 9a895ed..6dc7971 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -1,2 +1,2 @@
-include README.rst LICENSE
+include README.rst LICENSE CHANGELOG.rst
 recursive-include tests *.py
diff --git a/PKG-INFO b/PKG-INFO
index 8e46ff2..81ee955 100644
--- a/PKG-INFO
+++ b/PKG-INFO
@@ -1,6 +1,6 @@
 Metadata-Version: 1.1
 Name: oauthlib
-Version: 1.0.3
+Version: 1.1.2
 Summary: A generic, spec-compliant, thorough implementation of the OAuth request-signing logic
 Home-page: https://github.com/idan/oauthlib
 Author: Ib Lundgren
@@ -10,7 +10,7 @@ Description: OAuthLib
         ========
         
         *A generic, spec-compliant, thorough implementation of the OAuth request-signing
-        logic.*
+        logic for python*
         
         .. image:: https://travis-ci.org/idan/oauthlib.png?branch=master
           :target: https://travis-ci.org/idan/oauthlib
@@ -31,7 +31,7 @@ Description: OAuthLib
         
         OAuthLib is a generic utility which implements the logic of OAuth without
         assuming a specific HTTP request object or web framework. Use it to graft OAuth
-        client support onto your favorite HTTP library, or provider support onto your
+        client support onto your favorite HTTP library, or provide support onto your
         favourite web framework. If you're a maintainer of such a library, write a thin
         veneer on top of OAuthLib and get OAuth support for very little effort.
         
@@ -45,7 +45,7 @@ Description: OAuthLib
         pull request!
         
         .. _`G+ community`: https://plus.google.com/communities/101889017375384052571
-        .. _`Read the Docs`: https://oauthlib.readthedocs.org/en/latest/index.html
+        .. _`Read the Docs`: https://oauthlib.readthedocs.io/en/latest/index.html
         
         Interested in making OAuth requests?
         ------------------------------------
@@ -104,7 +104,7 @@ Description: OAuthLib
         completed, for providers as well as clients.* See `supported features`_ for
         details.
         
-        .. _`supported features`: http://oauthlib.readthedocs.org/en/latest/feature_matrix.html
+        .. _`supported features`: https://oauthlib.readthedocs.io/en/latest/feature_matrix.html
         
         For a full changelog see ``CHANGELOG.rst``.
         
diff --git a/README.rst b/README.rst
index acf8209..47e989c 100644
--- a/README.rst
+++ b/README.rst
@@ -2,7 +2,7 @@ OAuthLib
 ========
 
 *A generic, spec-compliant, thorough implementation of the OAuth request-signing
-logic.*
+logic for python*
 
 .. image:: https://travis-ci.org/idan/oauthlib.png?branch=master
   :target: https://travis-ci.org/idan/oauthlib
@@ -23,7 +23,7 @@ both of the following:
 
 OAuthLib is a generic utility which implements the logic of OAuth without
 assuming a specific HTTP request object or web framework. Use it to graft OAuth
-client support onto your favorite HTTP library, or provider support onto your
+client support onto your favorite HTTP library, or provide support onto your
 favourite web framework. If you're a maintainer of such a library, write a thin
 veneer on top of OAuthLib and get OAuth support for very little effort.
 
@@ -37,7 +37,7 @@ you'd like to know, or discuss it in our `G+ community`_, or even better, send a
 pull request!
 
 .. _`G+ community`: https://plus.google.com/communities/101889017375384052571
-.. _`Read the Docs`: https://oauthlib.readthedocs.org/en/latest/index.html
+.. _`Read the Docs`: https://oauthlib.readthedocs.io/en/latest/index.html
 
 Interested in making OAuth requests?
 ------------------------------------
@@ -96,6 +96,6 @@ Changelog
 completed, for providers as well as clients.* See `supported features`_ for
 details.
 
-.. _`supported features`: http://oauthlib.readthedocs.org/en/latest/feature_matrix.html
+.. _`supported features`: https://oauthlib.readthedocs.io/en/latest/feature_matrix.html
 
 For a full changelog see ``CHANGELOG.rst``.
diff --git a/oauthlib.egg-info/PKG-INFO b/oauthlib.egg-info/PKG-INFO
index 8e46ff2..81ee955 100644
--- a/oauthlib.egg-info/PKG-INFO
+++ b/oauthlib.egg-info/PKG-INFO
@@ -1,6 +1,6 @@
 Metadata-Version: 1.1
 Name: oauthlib
-Version: 1.0.3
+Version: 1.1.2
 Summary: A generic, spec-compliant, thorough implementation of the OAuth request-signing logic
 Home-page: https://github.com/idan/oauthlib
 Author: Ib Lundgren
@@ -10,7 +10,7 @@ Description: OAuthLib
         ========
         
         *A generic, spec-compliant, thorough implementation of the OAuth request-signing
-        logic.*
+        logic for python*
         
         .. image:: https://travis-ci.org/idan/oauthlib.png?branch=master
           :target: https://travis-ci.org/idan/oauthlib
@@ -31,7 +31,7 @@ Description: OAuthLib
         
         OAuthLib is a generic utility which implements the logic of OAuth without
         assuming a specific HTTP request object or web framework. Use it to graft OAuth
-        client support onto your favorite HTTP library, or provider support onto your
+        client support onto your favorite HTTP library, or provide support onto your
         favourite web framework. If you're a maintainer of such a library, write a thin
         veneer on top of OAuthLib and get OAuth support for very little effort.
         
@@ -45,7 +45,7 @@ Description: OAuthLib
         pull request!
         
         .. _`G+ community`: https://plus.google.com/communities/101889017375384052571
-        .. _`Read the Docs`: https://oauthlib.readthedocs.org/en/latest/index.html
+        .. _`Read the Docs`: https://oauthlib.readthedocs.io/en/latest/index.html
         
         Interested in making OAuth requests?
         ------------------------------------
@@ -104,7 +104,7 @@ Description: OAuthLib
         completed, for providers as well as clients.* See `supported features`_ for
         details.
         
-        .. _`supported features`: http://oauthlib.readthedocs.org/en/latest/feature_matrix.html
+        .. _`supported features`: https://oauthlib.readthedocs.io/en/latest/feature_matrix.html
         
         For a full changelog see ``CHANGELOG.rst``.
         
diff --git a/oauthlib.egg-info/SOURCES.txt b/oauthlib.egg-info/SOURCES.txt
index ec26b3a..0fe204d 100644
--- a/oauthlib.egg-info/SOURCES.txt
+++ b/oauthlib.egg-info/SOURCES.txt
@@ -1,3 +1,4 @@
+CHANGELOG.rst
 LICENSE
 MANIFEST.in
 README.rst
@@ -9,7 +10,6 @@ oauthlib/uri_validate.py
 oauthlib.egg-info/PKG-INFO
 oauthlib.egg-info/SOURCES.txt
 oauthlib.egg-info/dependency_links.txt
-oauthlib.egg-info/pbr.json
 oauthlib.egg-info/requires.txt
 oauthlib.egg-info/top_level.txt
 oauthlib/oauth1/__init__.py
diff --git a/oauthlib.egg-info/pbr.json b/oauthlib.egg-info/pbr.json
deleted file mode 100644
index 46a8746..0000000
--- a/oauthlib.egg-info/pbr.json
+++ /dev/null
@@ -1 +0,0 @@
-{"is_release": true, "git_version": "e693176"}
\ No newline at end of file
diff --git a/oauthlib.egg-info/requires.txt b/oauthlib.egg-info/requires.txt
index 098d291..50fb2a3 100644
--- a/oauthlib.egg-info/requires.txt
+++ b/oauthlib.egg-info/requires.txt
@@ -11,8 +11,6 @@ pyjwt>=1.0.0
 
 [test]
 nose
-unittest2
 cryptography
-mock
 pyjwt>=1.0.0
 blinker
diff --git a/oauthlib/__init__.py b/oauthlib/__init__.py
index 50afc05..0c857aa 100644
--- a/oauthlib/__init__.py
+++ b/oauthlib/__init__.py
@@ -10,7 +10,7 @@
 """
 
 __author__ = 'Idan Gazit <idan at gazit.me>'
-__version__ = '1.0.3'
+__version__ = '1.1.2'
 
 
 import logging
diff --git a/oauthlib/common.py b/oauthlib/common.py
index ed2b699..e5ab6eb 100644
--- a/oauthlib/common.py
+++ b/oauthlib/common.py
@@ -36,7 +36,7 @@ UNICODE_ASCII_CHARACTER_SET = ('abcdefghijklmnopqrstuvwxyz'
 CLIENT_ID_CHARACTER_SET = (r' !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMN'
                            'OPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}')
 
-PASSWORD_PATTERN = re.compile(r'password=[^&]+')
+SANITIZE_PATTERN = re.compile(r'([^&;]*(?:password|token)[^=]*=)[^&;]+', re.IGNORECASE)
 INVALID_HEX_PATTERN = re.compile(r'%[^0-9A-Fa-f]|%[0-9A-Fa-f][^0-9A-Fa-f]')
 
 always_safe = ('ABCDEFGHIJKLMNOPQRSTUVWXYZ'
@@ -109,7 +109,7 @@ def decode_params_utf8(params):
     return decoded
 
 
-urlencoded = set(always_safe) | set('=&;%+~,*@!')
+urlencoded = set(always_safe) | set('=&;:%+~,*@!()/?')
 
 
 def urldecode(query):
@@ -393,6 +393,7 @@ class Request(object):
             "grant_type": None,
             "redirect_uri": None,
             "refresh_token": None,
+            "request_token": None,
             "response_type": None,
             "scope": None,
             "scopes": None,
@@ -413,10 +414,13 @@ class Request(object):
 
     def __repr__(self):
         body = self.body
-        if body and 'password=' in body:
-            body = PASSWORD_PATTERN.sub('password=***', body)
+        headers = self.headers.copy()
+        if body:
+            body = SANITIZE_PATTERN.sub('\1<SANITIZED>', str(body))
+        if 'Authorization' in headers:
+            headers['Authorization'] = '<SANITIZED>'
         return '<oauthlib.Request url="%s", http_method="%s", headers="%s", body="%s">' % (
-            self.uri, self.http_method, self.headers, body)
+            self.uri, self.http_method, headers, body)
 
     @property
     def uri_query(self):
diff --git a/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py b/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py
index 658f5ad..31f06fc 100644
--- a/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py
+++ b/oauthlib/oauth2/rfc6749/grant_types/authorization_code.py
@@ -95,8 +95,9 @@ class AuthorizationCodeGrant(GrantTypeBase):
     .. _`Authorization Code Grant`: http://tools.ietf.org/html/rfc6749#section-4.1
     """
 
-    def __init__(self, request_validator=None):
+    def __init__(self, request_validator=None, refresh_token=True):
         self.request_validator = request_validator or RequestValidator()
+        self.refresh_token = refresh_token
 
     def create_authorization_code(self, request):
         """Generates an authorization grant represented as a dictionary."""
@@ -237,7 +238,7 @@ class AuthorizationCodeGrant(GrantTypeBase):
             log.debug('Client error during validation of %r. %r.', request, e)
             return headers, e.json, e.status_code
 
-        token = token_handler.create_token(request, refresh_token=True)
+        token = token_handler.create_token(request, refresh_token=self.refresh_token)
         self.request_validator.invalidate_authorization_code(
             request.client_id, request.code, request)
         return headers, json.dumps(token), 200
diff --git a/oauthlib/oauth2/rfc6749/grant_types/refresh_token.py b/oauthlib/oauth2/rfc6749/grant_types/refresh_token.py
index 0ab10c9..9ecfe63 100644
--- a/oauthlib/oauth2/rfc6749/grant_types/refresh_token.py
+++ b/oauthlib/oauth2/rfc6749/grant_types/refresh_token.py
@@ -22,12 +22,9 @@ class RefreshTokenGrant(GrantTypeBase):
     .. _`Refresh token grant`: http://tools.ietf.org/html/rfc6749#section-6
     """
 
-    @property
-    def issue_new_refresh_tokens(self):
-        return True
-
     def __init__(self, request_validator=None, issue_new_refresh_tokens=True):
         self.request_validator = request_validator or RequestValidator()
+        self.issue_new_refresh_tokens = issue_new_refresh_tokens
 
     def create_token_response(self, request, token_handler):
         """Create a new access token from a refresh_token.
diff --git a/oauthlib/oauth2/rfc6749/tokens.py b/oauthlib/oauth2/rfc6749/tokens.py
index 3252e90..53f42ca 100644
--- a/oauthlib/oauth2/rfc6749/tokens.py
+++ b/oauthlib/oauth2/rfc6749/tokens.py
@@ -28,7 +28,7 @@ class OAuth2Token(dict):
     def __init__(self, params, old_scope=None):
         super(OAuth2Token, self).__init__(params)
         self._new_scope = None
-        if 'scope' in params:
+        if 'scope' in params and params['scope']:
             self._new_scope = set(utils.scope_to_list(params['scope']))
         if old_scope is not None:
             self._old_scope = set(utils.scope_to_list(old_scope))
@@ -232,6 +232,10 @@ class TokenBase(object):
 
 
 class BearerToken(TokenBase):
+    __slots__ = (
+        'request_validator', 'token_generator',
+        'refresh_token_generator', 'expires_in'
+    )
 
     def __init__(self, request_validator=None, token_generator=None,
                  expires_in=None, refresh_token_generator=None):
diff --git a/setup.cfg b/setup.cfg
index 861a9f5..ebbec92 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,5 +1,5 @@
 [egg_info]
 tag_build = 
-tag_date = 0
 tag_svn_revision = 0
+tag_date = 0
 
diff --git a/tests/oauth2/rfc6749/grant_types/test_authorization_code.py b/tests/oauth2/rfc6749/grant_types/test_authorization_code.py
index 61e63e2..e206b91 100644
--- a/tests/oauth2/rfc6749/grant_types/test_authorization_code.py
+++ b/tests/oauth2/rfc6749/grant_types/test_authorization_code.py
@@ -70,6 +70,23 @@ class AuthorizationCodeGrantTest(TestCase):
         self.assertTrue(self.mock_validator.validate_grant_type.called)
         self.assertTrue(self.mock_validator.invalidate_authorization_code.called)
 
+    def test_create_token_response_without_refresh_token(self):
+        self.auth.refresh_token = False  # Not to issue refresh token.
+
+        bearer = BearerToken(self.mock_validator)
+        h, token, s = self.auth.create_token_response(self.request, bearer)
+        token = json.loads(token)
+        self.assertIn('access_token', token)
+        self.assertNotIn('refresh_token', token)
+        self.assertIn('expires_in', token)
+        self.assertIn('scope', token)
+        self.assertTrue(self.mock_validator.client_authentication_required.called)
+        self.assertTrue(self.mock_validator.authenticate_client.called)
+        self.assertTrue(self.mock_validator.validate_code.called)
+        self.assertTrue(self.mock_validator.confirm_redirect_uri.called)
+        self.assertTrue(self.mock_validator.validate_grant_type.called)
+        self.assertTrue(self.mock_validator.invalidate_authorization_code.called)
+
     def test_invalid_request(self):
         del self.request.code
         self.assertRaises(errors.InvalidRequestError, self.auth.validate_token_request,
diff --git a/tests/test_common.py b/tests/test_common.py
index eadd79a..078b67b 100644
--- a/tests/test_common.py
+++ b/tests/test_common.py
@@ -40,10 +40,12 @@ class EncodingTest(TestCase):
         self.assertItemsEqual(urldecode('foo_%20~=.bar-'),
                               [('foo_ ~', '.bar-')])
         self.assertItemsEqual(urldecode('foo=1,2,3'), [('foo', '1,2,3')])
+        self.assertItemsEqual(urldecode('foo=(1,2,3)'), [('foo', '(1,2,3)')])
         self.assertItemsEqual(urldecode('foo=bar.*'), [('foo', 'bar.*')])
         self.assertItemsEqual(urldecode('foo=bar at spam'), [('foo', 'bar at spam')])
+        self.assertItemsEqual(urldecode('foo=bar/baz'), [('foo', 'bar/baz')])
+        self.assertItemsEqual(urldecode('foo=bar?baz'), [('foo', 'bar?baz')])
         self.assertRaises(ValueError, urldecode, 'foo bar')
-        self.assertRaises(ValueError, urldecode, '?')
         self.assertRaises(ValueError, urldecode, '%R')
         self.assertRaises(ValueError, urldecode, '%RA')
         self.assertRaises(ValueError, urldecode, '%AR')
@@ -185,14 +187,36 @@ class RequestTest(TestCase):
         with self.assertRaises(AttributeError):
             getattr(r, 'does_not_exist')
 
+    def test_sanitizing_authorization_header(self):
+        r = Request(URI, headers={'Accept': 'application/json',
+                                  'Authorization': 'Basic Zm9vOmJhcg=='}
+                    )
+        self.assertNotIn('Zm9vOmJhcg==', repr(r))
+        self.assertIn('<SANITIZED>', repr(r))
+        # Double-check we didn't modify the underlying object:
+        self.assertEqual(r.headers['Authorization'], 'Basic Zm9vOmJhcg==')
+
+    def test_token_body(self):
+        payload = 'client_id=foo&refresh_token=bar'
+        r = Request(URI, body=payload)
+        self.assertNotIn('bar', repr(r))
+        self.assertIn('<SANITIZED>', repr(r))
+
+        payload = 'refresh_token=bar&client_id=foo'
+        r = Request(URI, body=payload)
+        self.assertNotIn('bar', repr(r))
+        self.assertIn('<SANITIZED>', repr(r))
+
     def test_password_body(self):
         payload = 'username=foo&password=bar'
         r = Request(URI, body=payload)
         self.assertNotIn('bar', repr(r))
+        self.assertIn('<SANITIZED>', repr(r))
 
         payload = 'password=bar&username=foo'
         r = Request(URI, body=payload)
         self.assertNotIn('bar', repr(r))
+        self.assertIn('<SANITIZED>', repr(r))
 
 
 class CaseInsensitiveDictTest(TestCase):

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-oauthlib.git



More information about the Python-modules-commits mailing list