Skip to content

Fix: Handle AttributeError in IntrospectTokenView #1562

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Aug 12, 2025
Merged

Fix: Handle AttributeError in IntrospectTokenView #1562

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
24f4a32
Fix: Handle AttributeError in IntrospectTokenView
dawidwolski-identt Apr 9, 2025
5aca852
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Apr 9, 2025
4a21ee3
Return HTTP 400 if no token is provided
dawidwolski-identt May 22, 2025
b791e53
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] May 22, 2025
909064b
json response
dawidwolski-identt May 22, 2025
7c20d91
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] May 22, 2025
f3c619b
check if token_value is None, then return
dawidwolski-identt Jun 23, 2025
3ba8a3f
chore: update CHANGELOG.md
dopry Aug 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions oauth2_provider/views/introspect.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,11 @@ class IntrospectTokenView(ClientProtectedScopedResourceView):

@staticmethod
def get_token_response(token_value=None):
if token_value is None:
return JsonResponse(
{"error": "invalid_request", "error_description": "Token parameter is missing."},
status=400,
)
try:
token_checksum = hashlib.sha256(token_value.encode("utf-8")).hexdigest()
token = (
Expand Down
14 changes: 14 additions & 0 deletions tests/test_introspection_view.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -279,6 +279,20 @@ def test_view_post_notexisting_token(self):
},
)

def test_view_post_no_token(self):
"""
Test that when you pass no token HTTP 400 is returned
"""
auth_headers = {
"HTTP_AUTHORIZATION": "Bearer " + self.resource_server_token.token,
}
response = self.client.post(reverse("oauth2_provider:introspect"), **auth_headers)

self.assertEqual(response.status_code, 400)
content = response.json()
self.assertIsInstance(content, dict)
self.assertEqual(content["error"], "invalid_request")

def test_view_post_valid_client_creds_basic_auth(self):
"""Test HTTP basic auth working"""
auth_headers = get_basic_auth_header(self.application.client_id, CLEARTEXT_SECRET)
Expand Down
11 changes: 6 additions & 5 deletions tox.ini
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@ envlist =
docs,
lint,
sphinxlint,
py{38,39,310,311,312}-dj42,
py{310,311,312}-dj50,
py{310,311,312}-dj51,
py{310,311,312}-djmain,
py{38,39,310,311,312,313}-dj42,
py{310,311,312,313}-dj50,
py{310,311,312,313}-dj51,
py{310,311,312,313}-djmain,
py39-multi-db-dj-42

[gh-actions]
Expand All @@ -18,6 +18,7 @@ python =
3.10: py310
3.11: py311
3.12: py312
3.13: py313

[gh-actions:env]
DJANGO =
Expand Down Expand Up @@ -54,7 +55,7 @@ deps =
passenv =
PYTEST_ADDOPTS

[testenv:py{310,311,312}-djmain]
[testenv:py{310,311,312,313}-djmain]
ignore_errors = true
ignore_outcome = true

Expand Down
Loading