reverse generated-tokens default logic

user-provided tokens are added in exactly one place, so switch default handling of tokens to generated=True and explicitly distrust user tokens. Add JupyterHub.trust_user_provided_tokens flag so that users can avoid the extra hashing if they know they are providing good keys.
2025-10-17 06:52:59 +00:00 · 2017-08-05 15:21:22 +02:00
parent 0b34e13dd4
commit a27765f7d5
3 changed files with 33 additions and 9 deletions
--- a/jupyterhub/orm.py
+++ b/jupyterhub/orm.py
@@ -159,12 +159,12 @@ class User(Base):
            running=sum(bool(s.server) for s in self._orm_spawners),
        )

-    def new_api_token(self, token=None):
+    def new_api_token(self, token=None, generated=True):
        """Create a new API token

        If `token` is given, load that token.
        """
-        return APIToken.new(token=token, user=self)
+        return APIToken.new(token=token, user=self, generated=generated)

    @classmethod
    def find(cls, db, name):
@@ -218,11 +218,11 @@ class Service(Base):
    server = relationship(Server, primaryjoin=_server_id == Server.id)
    pid = Column(Integer)

-    def new_api_token(self, token=None):
+    def new_api_token(self, token=None, generated=True):
        """Create a new API token
        If `token` is given, load that token.
        """
-        return APIToken.new(token=token, service=self)
+        return APIToken.new(token=token, service=self, generated=generated)

    @classmethod
    def find(cls, db, name):
@@ -242,7 +242,7 @@ class Hashed(object):

    # values to use for internally generated tokens,
    # which have good entropy as UUIDs
-    generated = False
+    generated = True
    generated_salt_bytes = b''
    generated_rounds = 1

@@ -360,7 +360,7 @@ class APIToken(Hashed, Base):
                return orm_token

    @classmethod
-    def new(cls, token=None, user=None, service=None):
+    def new(cls, token=None, user=None, service=None, generated=True):
        """Generate a new API token for a user or service"""
        assert user or service
        assert not (user and service)
@@ -371,8 +371,9 @@ class APIToken(Hashed, Base):
            # which already have good entropy
            generated = True
        else:
-            generated = False
            cls.check_token(db, token)
+        # two stages to ensure orm_token.generated has been set
+        # before token setter is called
        orm_token = cls(generated=generated)
        orm_token.token = token
        if user: