Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix access token 500 to properly handle expired or deleted refresh tokens #1337

Merged
merged 9 commits into from
Oct 28, 2023

Conversation

discobeta
Copy link
Contributor

@discobeta discobeta commented Oct 12, 2023

Fixes #1318

Description of the Change

We are now try / except when attempting to find a vali token to avoid a 500 oauth2_provider.models.AccessToken.DoesNotExist: AccessToken matching query does not exist

Checklist

  • PR only contains one change (considered splitting up PR)
  • unit-test added
  • documentation updated
  • CHANGELOG.md updated (only for user relevant changes)
  • author name in AUTHORS

@codecov
Copy link

codecov bot commented Oct 19, 2023

Codecov Report

Merging #1337 (9bbd884) into master (9b91d79) will increase coverage by 0.00%.
The diff coverage is 100.00%.

@@           Coverage Diff           @@
##           master    #1337   +/-   ##
=======================================
  Coverage   97.54%   97.55%           
=======================================
  Files          32       32           
  Lines        2120     2123    +3     
=======================================
+ Hits         2068     2071    +3     
  Misses         52       52           
Files Coverage Δ
oauth2_provider/oauth2_validators.py 94.13% <100.00%> (+0.03%) ⬆️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@dopry
Copy link
Contributor

dopry commented Oct 19, 2023

@discobeta could you review your tests? It looks like the new change isn't covered.

@dopry dopry force-pushed the fix-access-token-500 branch from b458cc1 to eddbfae Compare October 19, 2023 20:49
@discobeta
Copy link
Contributor Author

added additional tests

@dopry
Copy link
Contributor

dopry commented Oct 20, 2023

@discobeta, It looks like https://github.com/jazzband/django-oauth-toolkit/pull/1337/checks?check_run_id=17910869256 still isn't covered. You probably need to setup a scenario where you make a valid AccessToken, delete the token, then make a request.

@discobeta
Copy link
Contributor Author

Added a test for a deleted token

@dopry
Copy link
Contributor

dopry commented Oct 21, 2023

@discobeta
Copy link
Contributor Author

discobeta commented Oct 22, 2023 via email

@discobeta
Copy link
Contributor Author

@dopry
Copy link
Contributor

dopry commented Oct 25, 2023

I think the last thing we need is a changelog entry and adding yourself to Authors if you're not in there already.

@discobeta
Copy link
Contributor Author

@dopry can you please take a look here and see if there are any further changes required?

@dopry dopry merged commit 854204b into jazzband:master Oct 28, 2023
26 checks passed
@n2ygk n2ygk changed the title Fix access token 500 Fix access token 500 to properly handle expired or deleted refresh tokens May 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Refresh Token 500 Internal Server Error instead of the expected 401 Unauthorized
2 participants