Merge branch 'honestbleeps-redirect-fix'

Author: masci

oauth2_provider/tests/test_authorization_code.py

@@ -423,6 +423,27 @@ def test_code_post_auth_redirection_uri_with_querystring(self):
         self.assertIn("http://example.com?foo=bar", response['Location'])
         self.assertIn("code=", response['Location'])
 
+    def test_code_post_auth_failing_redirection_uri_with_querystring(self):
+        """
+        Test that in case of error the querystring of the redirection uri is preserved
+
+        See https://github.com/evonove/django-oauth-toolkit/issues/238
+        """
+        self.client.login(username="test_user", password="123456")
+
+        form_data = {
+            'client_id': self.application.client_id,
+            'state': 'random_state_string',
+            'scope': 'read write',
+            'redirect_uri': 'http://example.com?foo=bar',
+            'response_type': 'code',
+            'allow': False,
+        }
+
+        response = self.client.post(reverse('oauth2_provider:authorize'), data=form_data)
+        self.assertEqual(response.status_code, 302)
+        self.assertEqual("http://example.com?foo=bar&error=access_denied", response['Location'])
+
     def test_code_post_auth_fails_when_redirect_uri_path_is_invalid(self):
         """
         Tests that a redirection uri is matched using scheme + netloc + path

oauth2_provider/views/mixins.py

@@ -155,9 +155,13 @@ def error_response(self, error, **kwargs):
         :param error: :attr:`OAuthToolkitError`
         """
         oauthlib_error = error.oauthlib_error
+
+        redirect_uri = oauthlib_error.redirect_uri or ""
+        separator = '&' if '?' in redirect_uri else '?'
+
         error_response = {
             'error': oauthlib_error,
-            'url': "{0}?{1}".format(oauthlib_error.redirect_uri, oauthlib_error.urlencoded)
+            'url': "{0}{1}{2}".format(oauthlib_error.redirect_uri, separator, oauthlib_error.urlencoded)
         }
         error_response.update(kwargs)