157
159
def test_oauth_authenticate_stolen_token(self):
159
161
token = victim_account.create_oauth_token('new-token')
160
162
oauth_token = token.oauth_token()
163
165
malicious_user, _ = User.objects.get_or_create(
164
166
username=malicious_account.openid_identifier)
165
167
consumer, created = Consumer.objects.get_or_create(user=malicious_user)