Don't allow bad tokens to create tokens in the db

2025-10-15 14:03:02 +00:00 · 2016-04-15 12:42:52 +02:00
parent fa4b666693
commit 094ac451c7
3 changed files with 23 additions and 1 deletions
--- a/jupyterhub/orm.py
+++ b/jupyterhub/orm.py
@@ -313,6 +313,8 @@ class User(Base):
        if token is None:
            token = new_token()
        else:
+            if len(token) < 8:
+                raise ValueError("Tokens must be at least 8 characters, got %r" % token)
            found = APIToken.find(db, token)
            if found:
                raise ValueError("Collision on token: %s..." % token[:4])