hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-17 06:52:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Avoid storing secrets and tokens at rest

Browse Source 
- OAuth access tokens *are* APITokens.
  oauth_access_tokens table only stores extra oauth metadata.
- only store hashed client_secret in database,
  using HashedCompare to allow comparison.
This commit is contained in:
Min RK
2017-02-03 17:01:01 +01:00
parent 4f7552ea1d
commit 9a40196678
5 changed files with 60 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
jupyterhub/handlers/base.py
View File

@@ -148,7 +148,7 @@ class BaseHandler(RequestHandler):
if orm_token is None:
return None
else:
return orm_token.user or orm_token.service
return orm_token.service or self._user_from_orm(orm_token.user)
def _user_for_cookie(self, cookie_name, cookie_value=None):
"""Get the User for a given cookie, if there is one"""