hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-14 13:33:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

only store token in single-user cookie

Browse Source 
not the user model

preserves cached-response behavior from the Hub
so that the Hub can still revoke tokens.
This commit is contained in:
Min RK
2017-04-05 14:21:13 +02:00
parent ef51eb21e0
commit ce4b9e8e9f
2 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
jupyterhub/services/auth.py
View File

@@ -397,9 +397,13 @@ class HubOAuth(HubAuth):
return self.oauth_client_id return self.oauth_client_id
def _get_user_cookie(self, handler): def _get_user_cookie(self, handler):
user_model_json = handler.get_secure_cookie(self.cookie_name) token = handler.get_secure_cookie(self.cookie_name)
if user_model_json: if token:
return json.loads(user_model_json.decode('utf8', 'replace')) user_model = self.user_for_token(token)
if user_model is None:
app_log.warning("Token stored in cookie may have expired")
handler.clear_cookie(self.cookie_name)
return user_model
# HubOAuth API # HubOAuth API
@@ -471,21 +475,18 @@ class HubOAuth(HubAuth):
return token_reply['access_token'] return token_reply['access_token']
def set_cookie(self, handler, user_model): def set_cookie(self, handler, access_token):
"""Set a cookie recording OAuth result""" """Set a cookie recording OAuth result"""
kwargs = { kwargs = {
'path': self.base_url, 'path': self.base_url,
} }
if handler.request.protocol == 'https': if handler.request.protocol == 'https':
kwargs['secure'] = True kwargs['secure'] = True
# if self.subdomain_host:
# kwargs['domain'] = self.domain
cookie_value = json.dumps(user_model)
app_log.debug("Setting oauth cookie for %s: %s, %s", app_log.debug("Setting oauth cookie for %s: %s, %s",
handler.request.remote_ip, self.cookie_name, kwargs) handler.request.remote_ip, self.cookie_name, kwargs)
handler.set_secure_cookie( handler.set_secure_cookie(
self.cookie_name, self.cookie_name,
cookie_value, access_token,
**kwargs **kwargs
) )
def clear_cookie(self, handler): def clear_cookie(self, handler):
@@ -638,7 +639,7 @@ class HubOAuthCallbackHandler(HubOAuthenticated, RequestHandler):
token = self.hub_auth.token_for_code(code) token = self.hub_auth.token_for_code(code)
user_model = self.hub_auth.user_for_token(token) user_model = self.hub_auth.user_for_token(token)
app_log.info("Logged-in user %s", user_model) app_log.info("Logged-in user %s", user_model)
self.hub_auth.set_cookie(self, user_model) self.hub_auth.set_cookie(self, token)
next_url = self.get_argument('next', '') or self.hub_auth.base_url next_url = self.get_argument('next', '') or self.hub_auth.base_url
self.redirect(next_url) self.redirect(next_url)

2
jupyterhub/singleuser.py
View File

@@ -120,7 +120,7 @@ class OAuthCallbackHandler(HubOAuthCallbackHandler, IPythonHandler):
token = self.hub_auth.token_for_code(code) token = self.hub_auth.token_for_code(code)
user_model = self.hub_auth.user_for_token(token) user_model = self.hub_auth.user_for_token(token)
self.log.info("Logged-in user %s", user_model) self.log.info("Logged-in user %s", user_model)
self.hub_auth.set_cookie(self, user_model) self.hub_auth.set_cookie(self, token)
next_url = self.get_argument('next', '') or self.base_url next_url = self.get_argument('next', '') or self.base_url
self.redirect(next_url) self.redirect(next_url)