Revoking one oauth token revokes all oauth tokens for that client

2025-10-16 14:33:00 +00:00 · 2018-04-16 11:28:11 +02:00
parent 33cb62c2ee
commit ce535b55bc
3 changed files with 21 additions and 12 deletions
--- a/jupyterhub/apihandlers/users.py
+++ b/jupyterhub/apihandlers/users.py
@@ -283,7 +283,17 @@ class UserTokenAPIHandler(APIHandler):
        if not user:
            raise web.HTTPError(404, "No such user: %s" % name)
        token = self.find_token_by_id(user, token_id)
-        self.db.delete(token)
+        # deleting an oauth token deletes *all* oauth tokens for that client
+        if isinstance(token, orm.OAuthAccessToken):
+            client_id = token.client_id
+            tokens = [
+                token for token in user.oauth_tokens
+                if token.client_id == client_id
+            ]
+        else:
+            tokens = [token]
+        for token in tokens:
+            self.db.delete(token)
        self.db.commit()
        self.set_header('Content-Type', 'text/plain')
        self.set_status(204)
--- a/jupyterhub/handlers/pages.py
+++ b/jupyterhub/handlers/pages.py
@@ -254,13 +254,16 @@ class TokenPageHandler(BaseHandler):
                    (token.last_activity and token.last_activity > last_activity)
                ):
                    last_activity = token.last_activity
+            token = tokens[0]
            oauth_clients.append({
                'client': token.client,
                'description': token.client.description or token.client.client_id,
                'created': created,
                'last_activity': last_activity,
                'tokens': tokens,
-                'token_ids': ','.join(token.api_id for token in tokens),
+                # only need one token id because
+                # revoking one oauth token revokes all oauth tokens for that client
+                'token_id': tokens[0].api_id,
                'token_count': len(tokens),
            })

--- a/share/jupyterhub/templates/token.html
+++ b/share/jupyterhub/templates/token.html
@@ -71,7 +71,7 @@
            {{ token.created.isoformat() + 'Z' }}
          </td>
          <td class="col-sm-1 text-center">
-            <a role="button" class="revoke-token-btn btn btn-xs btn-danger">revoke</a>
+            <button class="revoke-token-btn btn btn-xs btn-danger">revoke</button>
          </td>
          {% endblock token_row %}
        </tr>
@@ -87,20 +87,16 @@
      <thead>
        <tr>
          <td>Application</td>
-          <td>Tokens</td>
          <td>Last used</td>
          <td>First authorized</td>
        </tr>
      </thead>
      <tbody>
        {% for client in oauth_clients %}
-        <tr class="oauth-client-row"
-          data-token-ids="{{ client['token_ids'] }}"">
+        <tr class="token-row"
+          data-token-id="{{ client['token_id'] }}"">
          {% block client_row scoped %}
-          <td class="note-col col-sm-4">{{ client['description'] }}</td>
-          <td class="col-sm-1">
-            {{ client['token_count'] }}
-          </td>
+          <td class="note-col col-sm-5">{{ client['description'] }}</td>
          <td class="time-col col-sm-3">
            {%- if client['last_activity'] -%}
            {{ client['last_activity'].isoformat() + 'Z' }}
@@ -112,8 +108,8 @@
            {{ client['created'].isoformat() + 'Z' }}
          </td>
          <td class="col-sm-1 text-center">
-            <a role="button" class="delete-token-btn btn btn-xs btn-danger">revoke</a>
-          </td>
+            <button class="revoke-token-btn btn btn-xs btn-danger">revoke</a>
+          </button>
          {% endblock client_row %}
        </tr>
        {% endfor %}