Open nnseva opened 3 months ago
I'm confused. Shouldn't only OAuth2-related stuff be hitting this endpoint, not arbitrary binary streams?
@n2ygk actually this endpoint extract_body
is called every time when the request is received trying to authorize it - the original class tries to find a token in the POST body. This is a reason why I've made this fix. For the proper processing it should probably check the Content-Type header to make a decision, whether it could search for the token in the body at all, and how to deserialize it for the purpose if could.
@nnseva it would help if you were to submit a PR to address this issue, starting with a failing test case. See https://django-oauth-toolkit.readthedocs.io/en/latest/contributing.html
I still don't understand why it's looking for a token in the POST body if there's an Authorization: Bearer <token>
header....
Describe the bug When using the DRF and creating an action view to upload a raw file in a POST body, the OAuth2 authenticator messes up this request raising either
rest_framework.exceptions.UnsupportedMediaType
, ordjango.core.exceptions.TooManyFieldsSent
.It happens because of the unconditional call of the
request.POST.items()
in theOAuthLibCore.extract_body()
method.To Reproduce Create some raw upload URL using the DRF. My code was approximately:
Register this view in the DRF as usual
Setup the OAuth2 DRF authorization provided by the toolkit:
Start the server.
Authorize yourself somehow (using OAuth2, f.e.)
Try to upload some binary file:
The result is failed, with a response code=415 like
Try to upload a big binary file ignoring a
Content Type
header:The result is failed, with a response 400 Bad Request (the
django.core.exceptions.TooManyFieldsSent
is reported in the console).Expected behavior Success processing and response as minimum in the first case.
Version django-oauth-toolkit==2.3.0
Additional context The change like the following fixes the issue: