Skip to content

Commit ff24e70

Browse files
dotGiffsgifford-ac
dotGiff
and
sgifford-ac
authored
Bug expires at (#783)
* verify that expires_at is an int before casting it as such. * casting expires_at as int within try catch with test. Co-authored-by: Scott Gifford <sgifford@activecampaign.com>
1 parent f655d73 commit ff24e70

File tree

2 files changed

+28
-1
lines changed

2 files changed

+28
-1
lines changed

oauthlib/oauth2/rfc6749/clients/base.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -513,7 +513,10 @@ def populate_token_attributes(self, response):
513513
self._expires_at = time.time() + int(self.expires_in)
514514

515515
if 'expires_at' in response:
516-
self._expires_at = int(response.get('expires_at'))
516+
try:
517+
self._expires_at = int(response.get('expires_at'))
518+
except:
519+
self._expires_at = None
517520

518521
if 'mac_key' in response:
519522
self.mac_key = response.get('mac_key')

tests/oauth2/rfc6749/clients/test_base.py

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -301,3 +301,27 @@ def test_prepare_refresh_token_request(self):
301301
self.assertEqual(u, url)
302302
self.assertEqual(h, {'Content-Type': 'application/x-www-form-urlencoded'})
303303
self.assertFormBodyEqual(b, 'grant_type=refresh_token&scope={}&refresh_token={}'.format(scope, token))
304+
305+
def test_parse_token_response_invalid_expires_at(self):
306+
token_json = ('{ "access_token":"2YotnFZFEjr1zCsicMWpAA",'
307+
' "token_type":"example",'
308+
' "expires_at":"2006-01-02T15:04:05Z",'
309+
' "scope":"/profile",'
310+
' "example_parameter":"example_value"}')
311+
token = {
312+
"access_token": "2YotnFZFEjr1zCsicMWpAA",
313+
"token_type": "example",
314+
"expires_at": "2006-01-02T15:04:05Z",
315+
"scope": ["/profile"],
316+
"example_parameter": "example_value"
317+
}
318+
319+
client = Client(self.client_id)
320+
321+
# Parse code and state
322+
response = client.parse_request_body_response(token_json, scope=["/profile"])
323+
self.assertEqual(response, token)
324+
self.assertEqual(None, client._expires_at)
325+
self.assertEqual(client.access_token, response.get("access_token"))
326+
self.assertEqual(client.refresh_token, response.get("refresh_token"))
327+
self.assertEqual(client.token_type, response.get("token_type"))

0 commit comments

Comments
 (0)