From 2726648982f169defb92aa596e4663e6e0742ed3 Mon Sep 17 00:00:00 2001 From: Min RK Date: Sat, 5 Aug 2017 14:47:20 +0200 Subject: [PATCH 1/3] typo in OAuthAccessToken.service MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Token.session doesn’t exist OAuthAccessTokens are never associated with services --- jupyterhub/orm.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/orm.py b/jupyterhub/orm.py index 8516cd97..d21a818c 100644 --- a/jupyterhub/orm.py +++ b/jupyterhub/orm.py @@ -411,7 +411,7 @@ class OAuthAccessToken(Hashed, Base): refresh_expires_at = Column(Integer) user_id = Column(Integer, ForeignKey('users.id', ondelete='CASCADE')) user = relationship(User) - session = None # for API-equivalence with APIToken + service = None # for API-equivalence with APIToken # from Hashed hashed = Column(Unicode(64)) From bf1dd03df30494420245664dc409a135dc01e783 Mon Sep 17 00:00:00 2001 From: Min RK Date: Sat, 5 Aug 2017 14:45:24 +0200 Subject: [PATCH 2/3] handle OAuthAccessTokens with no user MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This shouldn’t happen, raise if it does. If a token API request is authenticated with no user or service, delete the token because it is invalid and return with 404 because it doesn’t correspond to an existing user. --- jupyterhub/apihandlers/auth.py | 5 +++++ jupyterhub/oauth/store.py | 3 +++ 2 files changed, 8 insertions(+) diff --git a/jupyterhub/apihandlers/auth.py b/jupyterhub/apihandlers/auth.py index 945e7967..a08c3cc7 100644 --- a/jupyterhub/apihandlers/auth.py +++ b/jupyterhub/apihandlers/auth.py @@ -26,6 +26,11 @@ class TokenAPIHandler(APIHandler): model = self.user_model(self.users[orm_token.user]) elif orm_token.service: model = self.service_model(orm_token.service) + else: + self.log.warning("%s has no user or service. Deleting..." % orm_token) + self.db.delete(orm_token) + self.db.commit() + raise web.HTTPError(404) self.write(json.dumps(model)) @gen.coroutine diff --git a/jupyterhub/oauth/store.py b/jupyterhub/oauth/store.py index 1832c871..bf5b9564 100644 --- a/jupyterhub/oauth/store.py +++ b/jupyterhub/oauth/store.py @@ -74,7 +74,10 @@ class AccessTokenStore(HubDBMixin, oauth2.store.AccessTokenStore): """ user = self.db.query(orm.User).filter(orm.User.id == access_token.user_id).first() + if user is None: + raise ValueError("No user for access token: %s" % access_token.user_id) orm_access_token = orm.OAuthAccessToken( + generated=True, client_id=access_token.client_id, grant_type=access_token.grant_type, expires_at=access_token.expires_at, From f0b8d56e9f061927ad7549783fef711628cf4bd1 Mon Sep 17 00:00:00 2001 From: Min RK Date: Sun, 6 Aug 2017 13:27:59 +0200 Subject: [PATCH 3/3] fix oauth hashed column sizes --- jupyterhub/orm.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jupyterhub/orm.py b/jupyterhub/orm.py index d21a818c..49782501 100644 --- a/jupyterhub/orm.py +++ b/jupyterhub/orm.py @@ -407,14 +407,14 @@ class OAuthAccessToken(Hashed, Base): client_id = Column(Unicode(1023)) grant_type = Column(Enum(GrantType), nullable=False) expires_at = Column(Integer) - refresh_token = Column(Unicode(64)) + refresh_token = Column(Unicode(1023)) refresh_expires_at = Column(Integer) user_id = Column(Integer, ForeignKey('users.id', ondelete='CASCADE')) user = relationship(User) service = None # for API-equivalence with APIToken # from Hashed - hashed = Column(Unicode(64)) + hashed = Column(Unicode(1023)) prefix = Column(Unicode(16), index=True) def __repr__(self):