consolidate stale client_id check to AccessToken.find

2025-10-15 05:53:00 +00:00 · 2018-04-13 21:49:57 +02:00
parent bc75c71ca3
commit 1ac47d2bb0
3 changed files with 13 additions and 10 deletions
--- a/jupyterhub/apihandlers/auth.py
+++ b/jupyterhub/apihandlers/auth.py
@@ -22,11 +22,6 @@ class TokenAPIHandler(APIHandler):
        orm_token = orm.APIToken.find(self.db, token)
        if orm_token is None:
            orm_token = orm.OAuthAccessToken.find(self.db, token)
-            if orm_token and not orm_token.client_id:
-                self.log.warning("Deleting stale oauth token for %s", orm_token.user)
-                self.db.delete(orm_token)
-                self.db.commit()
-                orm_token = None
        if orm_token is None:
            raise web.HTTPError(404)

--- a/jupyterhub/handlers/base.py
+++ b/jupyterhub/handlers/base.py
@@ -195,11 +195,6 @@ class BaseHandler(RequestHandler):
        orm_token = orm.OAuthAccessToken.find(self.db, token)
        if orm_token is None:
            return None
-        if orm_token and not orm_token.client_id:
-            self.log.warning("Deleting stale oauth token for %s", orm_token.user)
-            self.db.delete(orm_token)
-            self.db.commit()
-            return None
        orm_token.last_activity = \
            orm_token.user.last_activity = datetime.utcnow()
        self.db.commit()
--- a/jupyterhub/orm.py
+++ b/jupyterhub/orm.py
@@ -457,6 +457,19 @@ class OAuthAccessToken(Hashed, Base):
            prefix=self.prefix,
        )

+    @classmethod
+    def find(cls, db, token):
+        orm_token = super().find(db, token)
+        if orm_token and not orm_token.client_id:
+            app_log.warning(
+                "Deleting stale oauth token for %s with no client",
+                orm_token.user and orm_token.user.name,
+            )
+            db.delete(orm_token)
+            db.commit()
+            return
+        return orm_token
+

 class OAuthCode(Base):
    __tablename__ = 'oauth_codes'