OAuthLibCore now has internal methods to parse request headers and body

Author: palazzem

oauth2_provider/oauth2_backends.py

@@ -30,21 +30,39 @@ def _get_escaped_full_path(self, request):
 
         return urlunparse(parsed)
 
-    def _extract_params(self, request):
+    def _extract_headers(self, request):
         """
-        Extract parameters from the Django request object. Such parameters will then be passed to
-        OAuthLib to build its own Request object
+        Extracts headers from the Django request object
+        :param request: The current django.http.HttpRequest object
+        :return: a dictionary with OAuthLib needed headers
         """
-        uri = self._get_escaped_full_path(request)
-        http_method = request.method
         headers = request.META.copy()
         if 'wsgi.input' in headers:
             del headers['wsgi.input']
         if 'wsgi.errors' in headers:
             del headers['wsgi.errors']
         if 'HTTP_AUTHORIZATION' in headers:
             headers['Authorization'] = headers['HTTP_AUTHORIZATION']
-        body = urlencode(request.POST.items())
+
+        return headers
+
+    def _extract_body(self, request):
+        """
+        Extracts the POST body from the Django request object
+        :param request: The current django.http.HttpRequest object
+        :return: provided POST parameters
+        """
+        return request.POST.items()
+
+    def _extract_params(self, request):
+        """
+        Extract parameters from the Django request object. Such parameters will then be passed to
+        OAuthLib to build its own Request object. The body should be encoded using OAuthLib urlencoded
+        """
+        uri = self._get_escaped_full_path(request)
+        http_method = request.method
+        headers = self._extract_headers(request)
+        body = urlencode(self._extract_body(request))
         return uri, http_method, body, headers
 
     def validate_authorization_request(self, request):

oauth2_provider/tests/test_oauth2_backends.py

@@ -1,9 +1,38 @@
 from django.test import TestCase, RequestFactory
-
+from django.test.utils import override_settings
 
 from ..backends import get_oauthlib_core
 
 
+@override_settings(OAUTH2_BACKEND_CLASS='oauth2_provider.oauth2_backends.OAuthLibCore')
+class TestOAuthLibCoreBackend(TestCase):
+    def setUp(self):
+        self.factory = RequestFactory()
+        self.oauthlib_core = get_oauthlib_core()
+
+    def test_form_urlencoded_extract_params(self):
+        payload = "grant_type=password&username=john&password=123456"
+        request = self.factory.post("/o/token/", payload, content_type="application/x-www-form-urlencoded")
+
+        uri, http_method, body, headers = self.oauthlib_core._extract_params(request)
+        self.assertIn("grant_type=password", body)
+        self.assertIn("username=john", body)
+        self.assertIn("password=123456", body)
+
+    def test_application_json_extract_params(self):
+        payload = json.dumps({
+            "grant_type": "password",
+            "username": "john",
+            "password": "123456",
+        })
+        request = self.factory.post("/o/token/", payload, content_type="application/json")
+
+        uri, http_method, body, headers = self.oauthlib_core._extract_params(request)
+        self.assertNotIn("grant_type=password", body)
+        self.assertNotIn("username=john", body)
+        self.assertNotIn("password=123456", body)
+
+
 class TestOAuthLibCore(TestCase):
     def setUp(self):
         self.factory = RequestFactory()