Split out token validation

puiterwijk · puiterwijk · commit 141e2df49990 · 2017-02-08T10:59:41.000Z
Signed-off-by: Patrick Uiterwijk &lt;patrick@puiterwijk.org&gt;
diff --git a/flask_oidc/__init__.py b/flask_oidc/__init__.py
@@ -716,7 +716,7 @@ def decorated(*args, **kwargs):
                     token = request.args['access_token']
 
                 validity = self.validate_token(token, scopes_required)
-                if (validity is True) or not require_token:
+                if (validity is True) or (not require_token):
                     return view_func(*args, **kwargs)
                 else:
                     return (json.dumps(
diff --git a/tests/test_flask_oidc.py b/tests/test_flask_oidc.py
@@ -196,4 +196,7 @@ def test_api_token():
 
     # Test with token for another audience
     resp = test_client.get('/api?access_token=some_elses_token')
+    assert resp.status_code == 200, 'Token should be accepted'
+    test_client.application.config['OIDC_RESOURCE_CHECK_AUD'] = True
+    resp = test_client.get('/api?access_token=some_elses_token')
     assert resp.status_code == 401, 'Token should be refused'
