fixup! De-coupled refresh token creation from access token creation

Author: clintonb

provider/views.py

@@ -105,6 +105,25 @@ def access_token_response_data(self, access_token, response_type=None):
 
         return response_data
 
+    def get_access_and_refresh_tokens(self, request, user, scope, client, reuse_existing_access_token=False, create_refresh_token=True):
+        """
+        Returns an AccessToken and RefreshToken for the given user, scope, and client combination.
+
+        Returns:
+            (AccessToken, RefreshToken)
+            If create_refresh_token is False, the second element of the tuple will be None.
+        """
+        if reuse_existing_access_token:
+            at = self.get_access_token(request, user, scope, client)
+        else:
+            at = self.create_access_token(request, user, scope, client)
+
+        rt = None
+        if create_refresh_token and not reuse_existing_access_token:
+            rt = self.create_refresh_token(request, user, scope, at, client)
+
+        return at, rt
+
 
 class OAuthView(TemplateView):
     """
@@ -333,15 +352,14 @@ def get_implicit_response(self, request, client):
         data = self.get_data(request)
 
         lookup_kwargs = {
-            "user": request.user,
-            "client": client,
-            "scope": scope.to_int(*data.get('scope', constants.SCOPES[0][1]).split())
+            'user': request.user,
+            'client': client,
+            'scope': scope.to_int(*data.get('scope', constants.SCOPES[0][1]).split()),
+            'reuse_existing_access_token': constants.SINGLE_ACCESS_TOKEN,
+            'create_refresh_token': False
         }
 
-        if constants.SINGLE_ACCESS_TOKEN:
-            token = self.get_access_token(request, **lookup_kwargs)
-        else:
-            token = self.create_access_token(request, **lookup_kwargs)
+        token, __ = self.get_access_and_refresh_tokens(request, **lookup_kwargs)
 
         response_data = self.access_token_response_data(token, data['response_type'])
 
@@ -572,13 +590,16 @@ def authorization_code(self, request, data, client):
         Handle ``grant_type=authorization_code`` requests as defined in
         :rfc:`4.1.3`.
         """
-        grant = self.get_authorization_code_grant(request, request.POST,
-                                                  client)
-        if constants.SINGLE_ACCESS_TOKEN:
-            at = self.get_access_token(request, grant.user, grant.scope, client)
-        else:
-            at = self.create_access_token(request, grant.user, grant.scope, client)
-            rt = self.create_refresh_token(request, grant.user, grant.scope, at, client)
+        grant = self.get_authorization_code_grant(request, request.POST, client)
+
+        kwargs = {
+            'request': request,
+            'user': grant.user,
+            'scope': grant.scope,
+            'client': client,
+            'reuse_existing_access_token': constants.SINGLE_ACCESS_TOKEN,
+        }
+        at, rt = self.get_access_and_refresh_tokens(**kwargs)
 
         self.invalidate_grant(grant)
 
@@ -594,8 +615,13 @@ def refresh_token(self, request, data, client):
         self.invalidate_refresh_token(rt)
         self.invalidate_access_token(rt.access_token)
 
-        at = self.create_access_token(request, rt.user, rt.access_token.scope, client)
-        rt = self.create_refresh_token(request, at.user, at.scope, at, client)
+        kwargs = {
+            'request': request,
+            'user': rt.user,
+            'scope': rt.access_token.scope,
+            'client': client,
+        }
+        at, rt = self.get_access_and_refresh_tokens(**kwargs)
 
         return self.access_token_response(at)
 
@@ -605,24 +631,31 @@ def password(self, request, data, client):
         """
 
         data = self.get_password_grant(request, data, client)
-        user = data.get('user')
-        scope = data.get('scope')
+        kwargs = {
+            'request': request,
+            'user': data.get('user'),
+            'scope': data.get('scope'),
+            'client': client,
+            'reuse_existing_access_token': constants.SINGLE_ACCESS_TOKEN,
 
-        if constants.SINGLE_ACCESS_TOKEN:
-            at = self.get_access_token(request, user, scope, client)
-        else:
-            at = self.create_access_token(request, user, scope, client)
             # Public clients don't get refresh tokens
-            if client.client_type == constants.CONFIDENTIAL:
-                rt = self.create_refresh_token(request, user, scope, at, client)
+            'create_refresh_token': client.client_type == constants.CONFIDENTIAL
+        }
+        at, rt = self.get_access_and_refresh_tokens(**kwargs)
 
         return self.access_token_response(at)
 
     def client_credentials(self, request, data, client):
         """ Handle ``grant_type=client_credentials`` requests as defined in :rfc:`4.4`. """
         data = self.get_client_credentials_grant(request, data, client)
-        scope = data.get('scope')
-        at = self.get_access_token(request, client.user, scope, client)
+        kwargs = {
+            'request': request,
+            'user': client.user,
+            'scope': data.get('scope'),
+            'client': client,
+            'create_refresh_token': False,
+        }
+        at, rt = self.get_access_and_refresh_tokens(**kwargs)
 
         return self.access_token_response(at)