Merge pull request #81 from minrk/crypto-db

hash tokens in database closes #80 closes #83
2025-10-10 11:33:01 +00:00 · 2014-10-30 16:20:16 -07:00
parent 6149e1f7d9 da51affacb
commit 27e51cd0b4
9 changed files with 243 additions and 140 deletions
--- a/jupyterhub/tests/test_api.py
+++ b/jupyterhub/tests/test_api.py
@@ -44,13 +44,8 @@ def auth_header(db, name):
    user = find_user(db, name)
    if user is None:
        user = add_user(db, name=name)
-    if not user.api_tokens:
-        token = user.new_api_token()
-        db.add(token)
-        db.commit()
-    else:
-        token = user.api_tokens[0]
-    return {'Authorization': 'token %s' % token.token}
+    token = user.new_api_token()
+    return {'Authorization': 'token %s' % token}

@check_db_locks
 def api_request(app, *api_path, **kwargs):
@@ -74,25 +69,21 @@ def test_auth_api(app):
    # make a new cookie token
    user = db.query(orm.User).first()
    api_token = user.new_api_token()
-    db.add(api_token)
-    cookie_token = user.new_cookie_token()
-    db.add(cookie_token)
-    db.commit()
    
    # check success:
-    r = api_request(app, 'authorizations/token', api_token.token)
+    r = api_request(app, 'authorizations/token', api_token)
    assert r.status_code == 200
    reply = r.json()
    assert reply['user'] == user.name
    
    # check fail
-    r = api_request(app, 'authorizations/token', api_token.token,
+    r = api_request(app, 'authorizations/token', api_token,
        headers={'Authorization': 'no sir'},
    )
    assert r.status_code == 403

-    r = api_request(app, 'authorizations/token', api_token.token,
-        headers={'Authorization': 'token: %s' % cookie_token.token},
+    r = api_request(app, 'authorizations/token', api_token,
+        headers={'Authorization': 'token: %s' % user.cookie_id},
    )
    assert r.status_code == 403