From e2a899327f32d54783c7f6d4f6285fe04e551f21 Mon Sep 17 00:00:00 2001
From: Min RK <benjaminrk@gmail.com>
Date: Wed, 19 Sep 2018 12:44:43 +0200
Subject: [PATCH 1/2] fix oauth client cleanup

- delete oauth clients for servers when they shutdown
- avoid deleting oauth clients for servers still running across an 0.8 -> 0.9 upgrade, when the oauth client ids changed from `user-NAME` to `jupyterhub-user-NAME`
---
 jupyterhub/app.py  |  4 ++++
 jupyterhub/user.py | 16 +++++++++++++++-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/jupyterhub/app.py b/jupyterhub/app.py
index 3ce31fce..1f1ba959 100644
--- a/jupyterhub/app.py
+++ b/jupyterhub/app.py
@@ -1506,6 +1506,10 @@ class JupyterHub(Application):
         for user in self.users.values():
             for spawner in user.spawners.values():
                 oauth_client_ids.add(spawner.oauth_client_id)
+                # avoid deleting clients created by 0.8
+                # 0.9 uses `jupyterhub-user-...` for the client id, while
+                # 0.8 uses just `user-...`
+                oauth_client_ids.add(spawner.oauth_client_id.split('-', 1)[1])
 
         for i, oauth_client in enumerate(self.db.query(orm.OAuthClient)):
             if oauth_client.identifier not in oauth_client_ids:
diff --git a/jupyterhub/user.py b/jupyterhub/user.py
index 234bab5b..6f812103 100644
--- a/jupyterhub/user.py
+++ b/jupyterhub/user.py
@@ -554,11 +554,25 @@ class User:
             # remove server entry from db
             spawner.server = None
             if not spawner.will_resume:
-                # find and remove the API token if the spawner isn't
+                # find and remove the API token and oauth client if the spawner isn't
                 # going to re-use it next time
                 orm_token = orm.APIToken.find(self.db, api_token)
                 if orm_token:
                     self.db.delete(orm_token)
+                # remove oauth client as well
+                # handle upgrades from 0.8, where client id will be `user-USERNAME`,
+                # not just `jupyterhub-user-USERNAME`
+                client_ids = (
+                    spawner.oauth_client_id,
+                    spawner.oauth_client_id.split('-', 1)[1],
+                )
+                for oauth_client in (
+                    self.db
+                        .query(orm.OAuthClient)
+                        .filter(orm.OAuthClient.identifier.in_(client_ids))
+                ):
+                    self.log.debug("Deleting oauth client %s", oauth_client.identifier)
+                    self.db.delete(oauth_client)
             self.db.commit()
         finally:
             spawner.orm_spawner.started = None

From 4cd4fd1dff100eafa9845e57523bc7613507f50c Mon Sep 17 00:00:00 2001
From: Min RK <benjaminrk@gmail.com>
Date: Wed, 19 Sep 2018 12:48:21 +0200
Subject: [PATCH 2/2] changelog for 0.9.4

---
 docs/source/changelog.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/docs/source/changelog.md b/docs/source/changelog.md
index a66189ad..cc16a4e1 100644
--- a/docs/source/changelog.md
+++ b/docs/source/changelog.md
@@ -9,6 +9,12 @@ command line for details.
 
 ## 0.9
 
+### [0.9.4] 2018-09-20
+
+JupyterHub 0.9.4 fixes a single issue that required
+all running user servers to be restarted when performing an upgrade
+from 0.8 to 0.9.
+
 ### [0.9.3] 2018-09-12
 
 JupyterHub 0.9.3 contains small bugfixes and improvements
@@ -417,7 +423,8 @@ Fix removal of `/login` page in 0.4.0, breaking some OAuth providers.
 First preview release
 
 
-[Unreleased]: https://github.com/jupyterhub/jupyterhub/compare/0.9.3...HEAD
+[Unreleased]: https://github.com/jupyterhub/jupyterhub/compare/0.9.4...HEAD
+[0.9.4]: https://github.com/jupyterhub/jupyterhub/compare/0.9.3...0.9.4
 [0.9.3]: https://github.com/jupyterhub/jupyterhub/compare/0.9.2...0.9.3
 [0.9.2]: https://github.com/jupyterhub/jupyterhub/compare/0.9.1...0.9.2
 [0.9.1]: https://github.com/jupyterhub/jupyterhub/compare/0.9.0...0.9.1