Bluebutton 638 more descriptive 404 reason (#685)

* Add test for new error description

* Change Http404 to OAuth2 InvalidGrantError exception

* Change test expected status from 404 to 401.

Author: dtisza1

apps/dot_ext/oauth2_validators.py

@@ -2,12 +2,12 @@
 
 from django.utils import timezone
 from django.utils.timezone import timedelta
-from django.http import Http404
 
 from oauth2_provider.models import AccessToken, RefreshToken
 from oauth2_provider.oauth2_validators import OAuth2Validator
 from django.core.exceptions import ObjectDoesNotExist
 from apps.pkce.oauth2_validators import PKCEValidatorMixin
+from oauthlib.oauth2.rfc6749.errors import InvalidGrantError
 
 
 class SingleAccessTokenValidator(
@@ -99,4 +99,4 @@ def get_original_scopes(self, refresh_token, request, *args, **kwargs):
         try:
             return super().get_original_scopes(refresh_token, request, *args, **kwargs)
         except ObjectDoesNotExist:
-            raise Http404
+            raise InvalidGrantError

apps/dot_ext/tests/test_authorization.py

@@ -198,7 +198,7 @@ def test_refresh_with_expired_token(self):
             'client_secret': application.client_secret,
         }
         response = self.client.post(reverse('oauth2_provider:token'), data=refresh_request_data)
-        self.assertEqual(response.status_code, 404)
+        self.assertEqual(response.status_code, 401)
 
     def test_refresh_with_revoked_token(self):
         redirect_uri = 'http://localhost'
@@ -261,4 +261,5 @@ def test_refresh_with_revoked_token(self):
             'client_secret': application.client_secret,
         }
         response = self.client.post(reverse('oauth2_provider:token'), data=refresh_request_data)
-        self.assertEqual(response.status_code, 404)
+        self.assertEqual(response.status_code, 401)
+        self.assertEqual(response.content, b'{"error": "invalid_grant"}')