Disable 255 chars length limit for redirect uri (#902) (#903)

* Disable 255 chars length limit for redirect uri (#902) RFC 7230 recommends to design system to be capable to work with URI at least to 8000 chars long. This commit allows handle redirect_uri that is over 255 chars.

Author: shaddeus

AUTHORS

@@ -26,6 +26,7 @@ Jens Timmerman
 Jerome Leclanche
 Jim Graham
 Paul Oswald
+Pavel Tvrdík
 pySilver
 Rodney Richardson
 Silvano Cerza

CHANGELOG.md

@@ -17,6 +17,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [unreleased]
 
 *#898 Added the ability to customize classes for django admin
+*#903 Disable `redirect_uri` field length limit for `AbstractGrant`
 
 ### Added
 *#884 Added support for Python 3.9

oauth2_provider/migrations/0003_auto_20201211_1314.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.1.4 on 2020-12-11 13:14
+
+fromdjango.dbimportmigrations, models
+
+
+classMigration(migrations.Migration):
+
+dependencies= [
+ ('oauth2_provider', '0002_auto_20190406_1805'),
+ ]
+
+operations= [
+migrations.AlterField(
+model_name='grant',
+name='redirect_uri',
+field=models.TextField(),
+ ),
+ ]

oauth2_provider/models.py

@@ -220,7 +220,7 @@ class AbstractGrant(models.Model):
 code=models.CharField(max_length=255, unique=True) # code comes from oauthlib
 application=models.ForeignKey(oauth2_settings.APPLICATION_MODEL, on_delete=models.CASCADE)
 expires=models.DateTimeField()
-redirect_uri=models.CharField(max_length=255)
+redirect_uri=models.TextField()
 scope=models.TextField(blank=True)
 
 created=models.DateTimeField(auto_now_add=True)

tests/test_models.py

@@ -22,10 +22,15 @@
 UserModel=get_user_model()
 
 
-classTestModels(TestCase):
+classBaseTestModels(TestCase):
 defsetUp(self):
 self.user=UserModel.objects.create_user("test_user", "[email protected]", "123456")
 
+deftearDown(self):
+self.user.delete()
+
+
+classTestModels(BaseTestModels):
 deftest_allow_scopes(self):
 self.client.login(username="test_user", password="123456")
 app=Application.objects.create(
@@ -103,10 +108,7 @@ def test_scopes_property(self):
 OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL="tests.SampleRefreshToken",
 OAUTH2_PROVIDER_GRANT_MODEL="tests.SampleGrant",
 )
-classTestCustomModels(TestCase):
-defsetUp(self):
-self.user=UserModel.objects.create_user("test_user", "[email protected]", "123456")
-
+classTestCustomModels(BaseTestModels):
 deftest_custom_application_model(self):
 """
  If a custom application model is installed, it should be present in
@@ -237,7 +239,21 @@ def test_custom_grant_model_not_installed(self):
 oauth2_settings.GRANT_MODEL="oauth2_provider.Grant"
 
 
-classTestGrantModel(TestCase):
+classTestGrantModel(BaseTestModels):
+defsetUp(self):
+super().setUp()
+self.application=Application.objects.create(
+name="Test Application",
+redirect_uris="",
+user=self.user,
+client_type=Application.CLIENT_CONFIDENTIAL,
+authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
+ )
+
+deftearDown(self):
+self.application.delete()
+super().tearDown()
+
 deftest_str(self):
 grant=Grant(code="test_code")
 self.assertEqual("%s"%grant, grant.code)
@@ -247,11 +263,26 @@ def test_expires_can_be_none(self):
 self.assertIsNone(grant.expires)
 self.assertTrue(grant.is_expired())
 
+deftest_redirect_uri_can_be_longer_than_255_chars(self):
+long_redirect_uri="http://example.com/{}".format("authorized/"*25)
+self.assertTrue(len(long_redirect_uri) >255)
+grant=Grant.objects.create(
+user=self.user,
+code="test_code",
+application=self.application,
+expires=timezone.now(),
+redirect_uri=long_redirect_uri,
+scope="",
+ )
+grant.refresh_from_db()
+
+# It would be necessary to run test using another DB engine than sqlite
+# that transform varchar(255) into text data type.
+# https://sqlite.org/datatype3.html#affinity_name_examples
+self.assertEqual(grant.redirect_uri, long_redirect_uri)
 
-classTestAccessTokenModel(TestCase):
-defsetUp(self):
-self.user=UserModel.objects.create_user("test_user", "[email protected]", "123456")
 
+classTestAccessTokenModel(BaseTestModels):
 deftest_str(self):
 access_token=AccessToken(token="test_token")
 self.assertEqual("%s"%access_token, access_token.token)
@@ -273,15 +304,15 @@ def test_expires_can_be_none(self):
 self.assertTrue(access_token.is_expired())
 
 
-classTestRefreshTokenModel(TestCase):
+classTestRefreshTokenModel(BaseTestModels):
 deftest_str(self):
 refresh_token=RefreshToken(token="test_token")
 self.assertEqual("%s"%refresh_token, refresh_token.token)
 
 
-classTestClearExpired(TestCase):
+classTestClearExpired(BaseTestModels):
 defsetUp(self):
-self.user=UserModel.objects.create_user("test_user", "[email protected]", "123456")
+super().setUp()
 # Insert two tokens on database.
 app=Application.objects.create(
 name="test_app",