From ce535b55bca791d7be7442dc20f18f4f2c176fe1 Mon Sep 17 00:00:00 2001
From: Min RK <benjaminrk@gmail.com>
Date: Mon, 16 Apr 2018 11:28:11 +0200
Subject: [PATCH] Revoking one oauth token revokes all oauth tokens for that
 client

---
 jupyterhub/apihandlers/users.py       | 12 +++++++++++-
 jupyterhub/handlers/pages.py          |  5 ++++-
 share/jupyterhub/templates/token.html | 16 ++++++----------
 3 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/jupyterhub/apihandlers/users.py b/jupyterhub/apihandlers/users.py
index 64e23904..79234c36 100644
--- a/jupyterhub/apihandlers/users.py
+++ b/jupyterhub/apihandlers/users.py
@@ -283,7 +283,17 @@ class UserTokenAPIHandler(APIHandler):
         if not user:
             raise web.HTTPError(404, "No such user: %s" % name)
         token = self.find_token_by_id(user, token_id)
-        self.db.delete(token)
+        # deleting an oauth token deletes *all* oauth tokens for that client
+        if isinstance(token, orm.OAuthAccessToken):
+            client_id = token.client_id
+            tokens = [
+                token for token in user.oauth_tokens
+                if token.client_id == client_id
+            ]
+        else:
+            tokens = [token]
+        for token in tokens:
+            self.db.delete(token)
         self.db.commit()
         self.set_header('Content-Type', 'text/plain')
         self.set_status(204)
diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py
index 49d82d59..ddf3787a 100644
--- a/jupyterhub/handlers/pages.py
+++ b/jupyterhub/handlers/pages.py
@@ -254,13 +254,16 @@ class TokenPageHandler(BaseHandler):
                     (token.last_activity and token.last_activity > last_activity)
                 ):
                     last_activity = token.last_activity
+            token = tokens[0]
             oauth_clients.append({
                 'client': token.client,
                 'description': token.client.description or token.client.client_id,
                 'created': created,
                 'last_activity': last_activity,
                 'tokens': tokens,
-                'token_ids': ','.join(token.api_id for token in tokens),
+                # only need one token id because
+                # revoking one oauth token revokes all oauth tokens for that client
+                'token_id': tokens[0].api_id,
                 'token_count': len(tokens),
             })
 
diff --git a/share/jupyterhub/templates/token.html b/share/jupyterhub/templates/token.html
index 8eb8d6d1..fa7e18d2 100644
--- a/share/jupyterhub/templates/token.html
+++ b/share/jupyterhub/templates/token.html
@@ -71,7 +71,7 @@
             {{ token.created.isoformat() + 'Z' }}
           </td>
           <td class="col-sm-1 text-center">
-            <a role="button" class="revoke-token-btn btn btn-xs btn-danger">revoke</a>
+            <button class="revoke-token-btn btn btn-xs btn-danger">revoke</button>
           </td>
           {% endblock token_row %}
         </tr>
@@ -87,20 +87,16 @@
       <thead>
         <tr>
           <td>Application</td>
-          <td>Tokens</td>
           <td>Last used</td>
           <td>First authorized</td>
         </tr>
       </thead>
       <tbody>
         {% for client in oauth_clients %}
-        <tr class="oauth-client-row"
-          data-token-ids="{{ client['token_ids'] }}"">
+        <tr class="token-row"
+          data-token-id="{{ client['token_id'] }}"">
           {% block client_row scoped %}
-          <td class="note-col col-sm-4">{{ client['description'] }}</td>
-          <td class="col-sm-1">
-            {{ client['token_count'] }}
-          </td>
+          <td class="note-col col-sm-5">{{ client['description'] }}</td>
           <td class="time-col col-sm-3">
             {%- if client['last_activity'] -%}
             {{ client['last_activity'].isoformat() + 'Z' }}
@@ -112,8 +108,8 @@
             {{ client['created'].isoformat() + 'Z' }}
           </td>
           <td class="col-sm-1 text-center">
-            <a role="button" class="delete-token-btn btn btn-xs btn-danger">revoke</a>
-          </td>
+            <button class="revoke-token-btn btn btn-xs btn-danger">revoke</a>
+          </button>
           {% endblock client_row %}
         </tr>
         {% endfor %}