hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-15 14:03:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Avoid storing secrets and tokens at rest

Browse Source 
- OAuth access tokens *are* APITokens.
  oauth_access_tokens table only stores extra oauth metadata.
- only store hashed client_secret in database,
  using HashedCompare to allow comparison.
This commit is contained in:
Min RK
2017-02-03 17:01:01 +01:00
parent 4f7552ea1d
commit 9a40196678
5 changed files with 60 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
jupyterhub/orm.py
View File

@@ -512,7 +512,6 @@ class APIToken(Base):
"""An API token"""
__tablename__ = 'api_tokens'
# _constraint = ForeignKeyConstraint(['user_id', 'server_id'], ['users.id', 'services.id'])
@declared_attr
def user_id(cls):
return Column(Integer, ForeignKey('users.id', ondelete="CASCADE"), nullable=True)