Merge pull request #1311 from minrk/oauth-token-no-service

handle OAuthAccessTokens with no user

jupyterhub/apihandlers/auth.py

@@ -26,6 +26,11 @@ class TokenAPIHandler(APIHandler):
             model = self.user_model(self.users[orm_token.user])
         elif orm_token.service:
             model = self.service_model(orm_token.service)
+        else:
+            self.log.warning("%s has no user or service. Deleting..." % orm_token)
+            self.db.delete(orm_token)
+            self.db.commit()
+            raise web.HTTPError(404)
         self.write(json.dumps(model))
 
     @gen.coroutine

jupyterhub/oauth/store.py

@@ -74,7 +74,10 @@ class AccessTokenStore(HubDBMixin, oauth2.store.AccessTokenStore):
         """
         
         user = self.db.query(orm.User).filter(orm.User.id == access_token.user_id).first()
+        if user is None:
+            raise ValueError("No user for access token: %s" % access_token.user_id)
         orm_access_token = orm.OAuthAccessToken(
+            generated=True,
             client_id=access_token.client_id,
             grant_type=access_token.grant_type,
             expires_at=access_token.expires_at,

jupyterhub/orm.py

@@ -406,14 +406,14 @@ class OAuthAccessToken(Hashed, Base):
     client_id = Column(Unicode(1023))
     grant_type = Column(Enum(GrantType), nullable=False)
     expires_at = Column(Integer)
-    refresh_token = Column(Unicode(64))
+    refresh_token = Column(Unicode(1023))
     refresh_expires_at = Column(Integer)
     user_id = Column(Integer, ForeignKey('users.id', ondelete='CASCADE'))
     user = relationship(User)
-    session = None # for API-equivalence with APIToken
+    service = None # for API-equivalence with APIToken
 
     # from Hashed
-    hashed = Column(Unicode(64))
+    hashed = Column(Unicode(1023))
     prefix = Column(Unicode(16), index=True)
     
     def __repr__(self):