django-oauth-toolkit icon indicating copy to clipboard operation
django-oauth-toolkit copied to clipboard

Published 20 hours ago verified publisher icon jazzband

TokenHasScope raises exception when checking permissions

Open brandonkirchner opened this issue 2 years ago • 3 comments

Problem

When utilizing the TokenHasScope permission class in a situation where you have multiple viable permissions classes composed using the bitwise operator, an exception will be thrown if a valid non-oaauth token is provided.

Proposed Solution

Instead of throwing an exception here, we should just return False, and potentially log at the WARN level.

brandonkirchner avatar Jun 02 '22 13:06 brandonkirchner

@brandonkirchner Please use the bug report issue template when submitting rather than opening a blank issue. This will help a lot in triaging bug reports. A code example, failing test case, etc. would be great. Also a PR to implement the fix will be most welcome!

Describe the bug

To Reproduce

Expected behavior

Version

  • [ ] I have tested with the latest published release and it's still a problem.
  • [ ] I have tested with the master branch and it's still a problem.

Additional context

n2ygk avatar Jun 21 '22 15:06 n2ygk

Hey @brandonkirchner @n2ygk ! I'd like to tackle this problem, is there any way I could help? Do we know if this proposed solution is the correct one?

dbgoytia avatar Jul 01 '22 15:07 dbgoytia

@dbgoytia Yes, thanks for offering. Please submit a PR. Make sure to add a test case that demonstrates the error (should incorrectly raise an exception before the fix and return an appropriate response after).

n2ygk avatar Jul 01 '22 16:07 n2ygk