From d1a84f962f49eede9ffa46e507286ddd98f4c2a9 Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 17 Oct 2024 10:09:53 +0200 Subject: [PATCH 1/2] Simplify retrieval of encrypted auth state there's a public method for this, no need to call decryption methods directly --- oauthenticator/oauth2.py | 26 +++++++------------------- 1 file changed, 7 insertions(+), 19 deletions(-) diff --git a/oauthenticator/oauth2.py b/oauthenticator/oauth2.py index bdf9f285..fcbd126d 100644 --- a/oauthenticator/oauth2.py +++ b/oauthenticator/oauth2.py @@ -16,7 +16,6 @@ import jwt from jupyterhub.auth import Authenticator -from jupyterhub.crypto import EncryptionUnavailable, InvalidToken, decrypt from jupyterhub.handlers import BaseHandler, LogoutHandler from jupyterhub.utils import url_path_join from tornado import web @@ -705,7 +704,7 @@ def _allowed_scopes_validation(self, proposal): and SHOULD send the additional parameters as defined in Section 4 to all servers. - Note that S256 is the only code challenge method supported. As per `section 4.2 of RFC 6749 + Note that S256 is the only code challenge method supported. As per `section 4.2 of RFC 6749 `_: If the client is capable of using "S256", it MUST use "S256", as @@ -995,23 +994,12 @@ async def get_prev_refresh_token(self, handler, username): Called by the :meth:`oauthenticator.OAuthenticator.authenticate` """ user = handler.find_user(username) - if not user or not user.encrypted_auth_state: - return - - self.log.debug( - "Encrypted_auth_state was found, will try to decrypt and pull refresh_token from it..." - ) - - try: - encrypted = user.encrypted_auth_state - auth_state = await decrypt(encrypted) - - return auth_state.get("refresh_token") - except (ValueError, InvalidToken, EncryptionUnavailable) as e: - self.log.warning( - f"Failed to retrieve encrypted auth_state for {username}. Error was {e}.", - ) - return + if not user: + return None + auth_state = await user.get_auth_state() + if not auth_state: + return None + return auth_state.get("refresh_token", None) def build_access_tokens_request_params(self, handler, data=None): """ From cde413daf1897186727609f3d358a653519ecbe1 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 23:16:07 +0000 Subject: [PATCH 2/2] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/asottile/pyupgrade: v3.17.0 → v3.19.0](https://github.com/asottile/pyupgrade/compare/v3.17.0...v3.19.0) - [github.com/psf/black: 24.8.0 → 24.10.0](https://github.com/psf/black/compare/24.8.0...24.10.0) - [github.com/pre-commit/pre-commit-hooks: v4.6.0 → v5.0.0](https://github.com/pre-commit/pre-commit-hooks/compare/v4.6.0...v5.0.0) --- .pre-commit-config.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 6d8a3a8d..7dd924a5 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -11,7 +11,7 @@ repos: # Autoformat: Python code, syntax patterns are modernized - repo: https://github.com/asottile/pyupgrade - rev: v3.17.0 + rev: v3.19.0 hooks: - id: pyupgrade args: @@ -34,7 +34,7 @@ repos: # Autoformat: Python code - repo: https://github.com/psf/black - rev: 24.8.0 + rev: 24.10.0 hooks: - id: black @@ -46,7 +46,7 @@ repos: # Misc... - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.6.0 + rev: v5.0.0 # ref: https://github.com/pre-commit/pre-commit-hooks#hooks-available hooks: # Autoformat: Makes sure files end in a newline and only a newline.