hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-17 06:52:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

remove cookie_secret from single-user servers

Browse Source 
pass encrypted cookies to Hub for verification
This commit is contained in:
MinRK
2014-10-26 20:18:04 -07:00
parent 5d9f9c5a3c
commit 0bd03f0861
5 changed files with 35 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
jupyterhub/tests/test_api.py
View File

@@ -48,23 +48,25 @@ def test_auth_api(app):
# make a new cookie token
user = db.query(orm.User).first()
api_token = user.new_api_token()
db.add(api_token)
cookie_token = user.new_cookie_token()
db.add(cookie_token)
db.commit()
# check success:
r = api_request(app, 'authorizations', cookie_token.token)
r = api_request(app, 'authorizations/token', api_token.token)
assert r.status_code == 200
reply = r.json()
assert reply['user'] == user.name
# check fail
r = api_request(app, 'authorizations', cookie_token.token,
r = api_request(app, 'authorizations/token', api_token.token,
headers={'Authorization': 'no sir'},
)
assert r.status_code == 403
r = api_request(app, 'authorizations', cookie_token.token,
r = api_request(app, 'authorizations/token', api_token.token,
headers={'Authorization': 'token: %s' % cookie_token.token},
)
assert r.status_code == 403