consolidate stale client_id check to AccessToken.find

jupyterhub/apihandlers/auth.py

@@ -22,11 +22,6 @@ class TokenAPIHandler(APIHandler):
         orm_token = orm.APIToken.find(self.db, token)
         if orm_token is None:
             orm_token = orm.OAuthAccessToken.find(self.db, token)
-            if orm_token and not orm_token.client_id:
-                self.log.warning("Deleting stale oauth token for %s", orm_token.user)
-                self.db.delete(orm_token)
-                self.db.commit()
-                orm_token = None
         if orm_token is None:
             raise web.HTTPError(404)
 

jupyterhub/handlers/base.py

@@ -195,11 +195,6 @@ class BaseHandler(RequestHandler):
         orm_token = orm.OAuthAccessToken.find(self.db, token)
         if orm_token is None:
             return None
-        if orm_token and not orm_token.client_id:
-            self.log.warning("Deleting stale oauth token for %s", orm_token.user)
-            self.db.delete(orm_token)
-            self.db.commit()
-            return None
         orm_token.last_activity = \
             orm_token.user.last_activity = datetime.utcnow()
         self.db.commit()

jupyterhub/orm.py

@@ -457,6 +457,19 @@ class OAuthAccessToken(Hashed, Base):
             prefix=self.prefix,
         )
 
+    @classmethod
+    def find(cls, db, token):
+        orm_token = super().find(db, token)
+        if orm_token and not orm_token.client_id:
+            app_log.warning(
+                "Deleting stale oauth token for %s with no client",
+                orm_token.user and orm_token.user.name,
+            )
+            db.delete(orm_token)
+            db.commit()
+            return
+        return orm_token
+
 
 class OAuthCode(Base):
     __tablename__ = 'oauth_codes'