Notify client of OAuth2Errors + fix all lint and PEP8 errors

flask_oauthlib/provider/oauth2.py

@@ -384,6 +384,9 @@ def decorated(*args, **kwargs):
                 except oauth2.FatalClientError as e:
                     log.debug('Fatal client error %r', e)
                     return redirect(e.in_uri(self.error_uri))
+                except oauth2.OAuth2Error as e:
+                    log.debug('OAuth2Error: %r', e)
+                    return redirect(e.in_uri(redirect_uri or self.error_uri))
                 except Exception as e:
                     log.warn('Exception: %r', e)
                     return redirect(add_params_to_uri(
@@ -398,6 +401,9 @@ def decorated(*args, **kwargs):
             except oauth2.FatalClientError as e:
                 log.debug('Fatal client error %r', e)
                 return redirect(e.in_uri(self.error_uri))
+            except oauth2.OAuth2Error as e:
+                log.debug('OAuth2Error: %r', e)
+                return redirect(e.in_uri(redirect_uri or self.error_uri))
             except Exception as e:
                 log.warn('Exception: %r', e)
                 return redirect(add_params_to_uri(
@@ -416,7 +422,7 @@ def decorated(*args, **kwargs):
         return decorated
 
     def confirm_authorization_request(self):
-        """When consumer confirm the authrozation."""
+        """When consumer confirm the authorization."""
         server = self.server
         scope = request.values.get('scope') or ''
         scopes = scope.split()
@@ -437,9 +443,11 @@ def confirm_authorization_request(self):
             log.debug('Authorization successful.')
             return create_response(*ret)
         except oauth2.FatalClientError as e:
+            log.debug('Fatal client error %r', e)
             return redirect(e.in_uri(self.error_uri))
         except oauth2.OAuth2Error as e:
-            return redirect(e.in_uri(redirect_uri))
+            log.debug('OAuth2Error: %r', e)
+            return redirect(e.in_uri(redirect_uri or self.error_uri))
         except Exception as e:
             log.warn('Exception: %r', e)
             return redirect(add_params_to_uri(

tests/oauth1/server.py

@@ -24,7 +24,7 @@ class User(db.Model):
 
 
 class Client(db.Model):
-    #id = db.Column(db.Integer, primary_key=True)
+    # id = db.Column(db.Integer, primary_key=True)
     # human readable name
     client_key = db.Column(db.String(40), primary_key=True)
     client_secret = db.Column(db.String(55), unique=True, index=True,

tests/oauth2/server.py

@@ -21,7 +21,7 @@ def check_password(self, password):
 
 
 class Client(db.Model):
-    #id = db.Column(db.Integer, primary_key=True)
+    # id = db.Column(db.Integer, primary_key=True)
     # human readable name
     name = db.Column(db.String(40))
     client_id = db.Column(db.String(40), primary_key=True)
@@ -121,6 +121,7 @@ def delete(self):
         db.session.commit()
         return self
 
+
 def current_user():
     return g.user
 
@@ -276,7 +277,8 @@ def access_token():
 
     @app.route('/oauth/revoke', methods=['POST'])
     @oauth.revoke_handler
-    def revoke_token(): pass
+    def revoke_token():
+        pass
 
     @app.route('/api/email')
     @oauth.require_oauth('email')

tests/oauth2/test_oauth2.py

@@ -162,6 +162,17 @@ def test_invalid_response_type(self):
         rv = self.client.get(clean_url(rv.location))
         assert b'error' in rv.data
 
+    def test_invalid_scope(self):
+        authorize_url = (
+            '/oauth/authorize?response_type=code&client_id=dev'
+            '&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Fauthorized'
+            '&scope=invalid'
+        )
+        rv = self.client.get(authorize_url)
+        rv = self.client.get(clean_url(rv.location))
+        assert b'error' in rv.data
+        assert b'invalid_scope' in rv.data
+
 
 class TestWebAuthCached(TestWebAuth):
 
@@ -261,6 +272,7 @@ class TestRefreshTokenSQLAlchemy(TestRefreshToken):
     def create_oauth_provider(self, app):
         return sqlalchemy_provider(app)
 
+
 class TestRevokeToken(OAuthSuite):
 
     def create_oauth_provider(self, app):
@@ -277,47 +289,50 @@ def get_token(self):
 
     def test_revoke_token(self):
         data = self.get_token()
-        tok  = Token.query.filter_by(
+        tok = Token.query.filter_by(
             refresh_token=data['refresh_token']).first()
         assert tok.refresh_token == data['refresh_token']
 
         revoke_url = '/oauth/revoke'
         args = {'token': data['refresh_token']}
-        rv = self.client.post(revoke_url, data=args, headers={
+        self.client.post(revoke_url, data=args, headers={
             'Authorization': 'Basic %s' % auth_code,
         })
 
         tok = Token.query.filter_by(
             refresh_token=data['refresh_token']).first()
-        assert tok == None
+        assert tok is None
 
     def test_revoke_token_with_hint(self):
         data = self.get_token()
-        tok  = Token.query.filter_by(
+        tok = Token.query.filter_by(
             access_token=data['access_token']).first()
         assert tok.access_token == data['access_token']
 
         revoke_url = '/oauth/revoke'
         args = {'token': data['access_token'],
                 'token_type_hint': 'access_token'}
-        rv = self.client.post(revoke_url, data=args, headers={
+        self.client.post(revoke_url, data=args, headers={
             'Authorization': 'Basic %s' % auth_code,
         })
 
         tok = Token.query.filter_by(
             access_token=data['access_token']).first()
-        assert tok == None
+        assert tok is None
+
 
 class TestRevokeTokenCached(TestRefreshToken):
 
     def create_oauth_provider(self, app):
         return cache_provider(app)
 
+
 class TestRevokeTokenSQLAlchemy(TestRefreshToken):
 
     def create_oauth_provider(self, app):
         return sqlalchemy_provider(app)
 
+
 class TestCredentialAuth(OAuthSuite):
 
     def create_oauth_provider(self, app):

tests/test_utils.py

@@ -5,7 +5,6 @@
 import werkzeug.wrappers
 from flask_oauthlib.utils import extract_params
 from oauthlib.common import Request
-from flask import request
 
 
 @contextmanager