Token introspection always uses time-zone-aware datetimes

[reupen]

Hi,

I'm attempting to use the new token introspection and ran into a bit of a snag. Our app is using USE_TZ=False, which results in the following:

  File "lib/python3.6/site-packages/rest_framework/views.py", line 489, in dispatch
    response = self.handle_exception(exc)
  File "lib/python3.6/site-packages/rest_framework/views.py", line 449, in handle_exception
    self.raise_uncaught_exception(exc)
  File "lib/python3.6/site-packages/rest_framework/views.py", line 477, in dispatch
    self.initial(request, *args, **kwargs)
  File "lib/python3.6/site-packages/rest_framework/views.py", line 394, in initial
    self.perform_authentication(request)
  File "lib/python3.6/site-packages/rest_framework/views.py", line 320, in perform_authentication
    request.user
  File "lib/python3.6/site-packages/rest_framework/request.py", line 381, in __getattribute__
    return super(Request, self).__getattribute__(attr)
  File "lib/python3.6/site-packages/rest_framework/request.py", line 196, in user
    self._authenticate()
  File "lib/python3.6/site-packages/rest_framework/request.py", line 345, in _authenticate
    user_auth_tuple = authenticator.authenticate(self)
  File "lib/python3.6/site-packages/oauth2_provider/contrib/rest_framework/authentication.py", line 18, in authenticate
    valid, r = oauthlib_core.verify_request(request, scopes=[])
  File "lib/python3.6/site-packages/oauth2_provider/oauth2_backends.py", line 168, in verify_request
    valid, r = self.server.verify_request(uri, http_method, body, headers, scopes=scopes)
  File "lib/python3.6/site-packages/oauthlib/oauth2/rfc6749/endpoints/base.py", line 64, in wrapper
    return f(endpoint, uri, *args, **kwargs)
  File "lib/python3.6/site-packages/oauthlib/oauth2/rfc6749/endpoints/resource.py", line 75, in verify_request
    return token_type_handler.validate_request(request), request
  File "lib/python3.6/site-packages/oauthlib/oauth2/rfc6749/tokens.py", line 297, in validate_request
    token, request.scopes, request)
  File "lib/python3.6/site-packages/oauth2_provider/oauth2_validators.py", line 340, in validate_bearer_token
    if access_token and access_token.is_valid(scopes):
  File "lib/python3.6/site-packages/oauth2_provider/models.py", line 250, in is_valid
    return not self.is_expired() and self.allow_scopes(scopes)
  File "lib/python3.6/site-packages/oauth2_provider/models.py", line 259, in is_expired
    return timezone.now() >= self.expires
TypeError: can't compare offset-naive and offset-aware datetimes

I discovered that OAuth2Validator._get_token_from_authentication_server() is unconditionally calling django.utils.timezone.make_aware() on the expiry time:

https://github.com/evonove/django-oauth-toolkit/blob/fa33444e81b3c95432999d51cdb2acdb98fc16bf/oauth2_provider/oauth2_validators.py#L281-L281

Is there any reason for this?

Thanks

Edit: I think we're just going to turn on USE_TZ. Still, this could definitely be handled more gracefully.

[symptog]

You are right. I'll have a look on it.

[JadielTeofilo]

Is this being worked on? I would like to give it a try if no one is tackling it.

[symptog]

I completely forgot about it. You are welcome to take care of it.