Handle invalid token format exceptions as invalid tokens

jazzband · Aug 28, 2020 · c93d677 · c93d677
1 parent 6b0bc35
commit c93d677
Showing 1 changed file with 8 additions and 6 deletions.
diff --git a/oauth2_provider/views/mixins.py b/oauth2_provider/views/mixins.py
@@ -288,11 +288,13 @@ def dispatch(self, request, *args, **kwargs):
         if not valid:
             # Alternatively allow access tokens
             # check if the request is valid and the protected resource may be accessed
-            valid, r = self.verify_request(request)
-            if valid:
-                request.resource_owner = r.user
-                return super().dispatch(request, *args, **kwargs)
-            else:
-                return HttpResponseForbidden()
+            try:
+                valid, r = self.verify_request(request)
+                if valid:
+                    request.resource_owner = r.user
+                    return super().dispatch(request, *args, **kwargs)
+            except ValueError:
+                pass
+            return HttpResponseForbidden()
         else:
             return super().dispatch(request, *args, **kwargs)