hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-15 22:13:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't allow bad tokens to create tokens in the db

Browse Source
This commit is contained in:
Min RK
2016-04-15 12:42:52 +02:00
parent fa4b666693
commit 094ac451c7
3 changed files with 23 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
jupyterhub/app.py
View File

@@ -813,13 +813,22 @@ class JupyterHub(Application):
orm_token = orm.APIToken.find(db, token) orm_token = orm.APIToken.find(db, token)
if orm_token is None: if orm_token is None:
user = orm.User.find(db, username) user = orm.User.find(db, username)
user_created = False
if user is None: if user is None:
user_created = True
self.log.debug("Adding user %r to database", username) self.log.debug("Adding user %r to database", username)
user = orm.User(name=username) user = orm.User(name=username)
db.add(user) db.add(user)
db.commit() db.commit()
self.log.info("Adding API token for %s", username) self.log.info("Adding API token for %s", username)
user.new_api_token(token) try:
user.new_api_token(token)
except Exception:
if user_created:
# don't allow bad tokens to create users
db.delete(user)
db.commit()
raise
else: else:
self.log.debug("Not duplicating token %s", orm_token) self.log.debug("Not duplicating token %s", orm_token)
db.commit() db.commit()

2
jupyterhub/orm.py
View File

@@ -313,6 +313,8 @@ class User(Base):
if token is None: if token is None:
token = new_token() token = new_token()
else: else:
if len(token) < 8:
raise ValueError("Tokens must be at least 8 characters, got %r" % token)
found = APIToken.find(db, token) found = APIToken.find(db, token)
if found: if found:
raise ValueError("Collision on token: %s..." % token[:4]) raise ValueError("Collision on token: %s..." % token[:4])

11
jupyterhub/tests/test_app.py
View File

@@ -5,6 +5,9 @@ import re
import sys import sys
from subprocess import check_output, Popen, PIPE from subprocess import check_output, Popen, PIPE
from tempfile import NamedTemporaryFile, TemporaryDirectory from tempfile import NamedTemporaryFile, TemporaryDirectory
import pytest
from .mocking import MockHub from .mocking import MockHub
from .. import orm from .. import orm
@@ -50,6 +53,7 @@ def test_generate_config():
assert 'Spawner.cmd' in cfg_text assert 'Spawner.cmd' in cfg_text
assert 'Authenticator.whitelist' in cfg_text assert 'Authenticator.whitelist' in cfg_text
def test_init_tokens(): def test_init_tokens():
with TemporaryDirectory() as td: with TemporaryDirectory() as td:
db_file = os.path.join(td, 'jupyterhub.sqlite') db_file = os.path.join(td, 'jupyterhub.sqlite')
@@ -76,3 +80,10 @@ def test_init_tokens():
assert api_token is not None assert api_token is not None
user = api_token.user user = api_token.user
assert user.name == username assert user.name == username
# don't allow failed token insertion to create users:
tokens['short'] = 'gman'
app = MockHub(db_file=db_file, api_tokens=tokens)
# with pytest.raises(ValueError):
app.initialize([])
assert orm.User.find(app.db, 'gman') is None