diff options
author | Scott Gifford <scottwg1988@gmail.com> | 2021-10-22 00:59:12 -0600 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-10-22 12:59:12 +0600 |
commit | ff24e70db077639bfdfe76e9d9bb333af27f9912 (patch) | |
tree | 4a70068faafe52497438860361b920036972249a | |
parent | f655d73f9dcbc1f7a1475038d6703870ef99c1fb (diff) | |
download | oauthlib-ff24e70db077639bfdfe76e9d9bb333af27f9912.tar.gz |
Bug expires at (#783)
* verify that expires_at is an int before casting it as such.
* casting expires_at as int within try catch with test.
Co-authored-by: Scott Gifford <sgifford@activecampaign.com>
-rw-r--r-- | oauthlib/oauth2/rfc6749/clients/base.py | 5 | ||||
-rw-r--r-- | tests/oauth2/rfc6749/clients/test_base.py | 24 |
2 files changed, 28 insertions, 1 deletions
diff --git a/oauthlib/oauth2/rfc6749/clients/base.py b/oauthlib/oauth2/rfc6749/clients/base.py index 88065ab..35a3fd5 100644 --- a/oauthlib/oauth2/rfc6749/clients/base.py +++ b/oauthlib/oauth2/rfc6749/clients/base.py @@ -513,7 +513,10 @@ class Client: self._expires_at = time.time() + int(self.expires_in) if 'expires_at' in response: - self._expires_at = int(response.get('expires_at')) + try: + self._expires_at = int(response.get('expires_at')) + except: + self._expires_at = None if 'mac_key' in response: self.mac_key = response.get('mac_key') diff --git a/tests/oauth2/rfc6749/clients/test_base.py b/tests/oauth2/rfc6749/clients/test_base.py index c77cfed..6b4eff0 100644 --- a/tests/oauth2/rfc6749/clients/test_base.py +++ b/tests/oauth2/rfc6749/clients/test_base.py @@ -301,3 +301,27 @@ class ClientTest(TestCase): self.assertEqual(u, url) self.assertEqual(h, {'Content-Type': 'application/x-www-form-urlencoded'}) self.assertFormBodyEqual(b, 'grant_type=refresh_token&scope={}&refresh_token={}'.format(scope, token)) + + def test_parse_token_response_invalid_expires_at(self): + token_json = ('{ "access_token":"2YotnFZFEjr1zCsicMWpAA",' + ' "token_type":"example",' + ' "expires_at":"2006-01-02T15:04:05Z",' + ' "scope":"/profile",' + ' "example_parameter":"example_value"}') + token = { + "access_token": "2YotnFZFEjr1zCsicMWpAA", + "token_type": "example", + "expires_at": "2006-01-02T15:04:05Z", + "scope": ["/profile"], + "example_parameter": "example_value" + } + + client = Client(self.client_id) + + # Parse code and state + response = client.parse_request_body_response(token_json, scope=["/profile"]) + self.assertEqual(response, token) + self.assertEqual(None, client._expires_at) + self.assertEqual(client.access_token, response.get("access_token")) + self.assertEqual(client.refresh_token, response.get("refresh_token")) + self.assertEqual(client.token_type, response.get("token_type")) |