login.py
95 lines
| 3.3 KiB
| text/x-python
|
PythonLexer
Min RK
|
r19323 | """Tornado handlers for logging into the notebook.""" | ||
Brian E. Granger
|
r10641 | |||
Min RK
|
r19323 | # Copyright (c) IPython Development Team. | ||
# Distributed under the terms of the Modified BSD License. | ||||
Brian E. Granger
|
r10641 | |||
import uuid | ||||
from tornado.escape import url_escape | ||||
from IPython.lib.security import passwd_check | ||||
Brian E. Granger
|
r10649 | from ..base.handlers import IPythonHandler | ||
Brian E. Granger
|
r10641 | |||
class LoginHandler(IPythonHandler): | ||||
Min RK
|
r19323 | """The basic tornado login handler | ||
Phil Elson
|
r19322 | |||
Min RK
|
r19323 | authenticates with a hashed password from the configuration. | ||
Phil Elson
|
r19322 | """ | ||
Brian E. Granger
|
r10641 | def _render(self, message=None): | ||
self.write(self.render_template('login.html', | ||||
MinRK
|
r15238 | next=url_escape(self.get_argument('next', default=self.base_url)), | ||
Brian E. Granger
|
r10641 | message=message, | ||
)) | ||||
def get(self): | ||||
if self.current_user: | ||||
MinRK
|
r15238 | self.redirect(self.get_argument('next', default=self.base_url)) | ||
Brian E. Granger
|
r10641 | else: | ||
self._render() | ||||
Min RK
|
r19323 | |||
@property | ||||
def hashed_password(self): | ||||
return self.password_from_settings(self.settings) | ||||
Brian E. Granger
|
r10641 | |||
def post(self): | ||||
Phil Elson
|
r19322 | typed_password = self.get_argument('password', default=u'') | ||
Min RK
|
r19323 | if self.login_available(self.settings): | ||
if passwd_check(self.hashed_password, typed_password): | ||||
Brian E. Granger
|
r10641 | self.set_secure_cookie(self.cookie_name, str(uuid.uuid4())) | ||
else: | ||||
self._render(message={'error': 'Invalid password'}) | ||||
return | ||||
MinRK
|
r15238 | self.redirect(self.get_argument('next', default=self.base_url)) | ||
Phil Elson
|
r19322 | |||
Min RK
|
r19333 | @classmethod | ||
def get_user(cls, handler): | ||||
"""Called by handlers.get_current_user for identifying the current user. | ||||
See tornado.web.RequestHandler.get_current_user for details. | ||||
""" | ||||
Min RK
|
r19325 | # Can't call this get_current_user because it will collide when | ||
# called on LoginHandler itself. | ||||
user_id = handler.get_secure_cookie(handler.cookie_name) | ||||
Min RK
|
r19333 | # For now the user_id should not return empty, but it could, eventually. | ||
Min RK
|
r19325 | if user_id == '': | ||
user_id = 'anonymous' | ||||
if user_id is None: | ||||
# prevent extra Invalid cookie sig warnings: | ||||
handler.clear_login_cookie() | ||||
if not handler.login_available: | ||||
user_id = 'anonymous' | ||||
return user_id | ||||
Phil Elson
|
r19322 | @classmethod | ||
Min RK
|
r19333 | def validate_security(cls, app, ssl_options=None): | ||
"""Check the notebook application's security. | ||||
Show messages, or abort if necessary, based on the security configuration. | ||||
""" | ||||
if not app.ip: | ||||
Phil Elson
|
r19322 | warning = "WARNING: The notebook server is listening on all IP addresses" | ||
if ssl_options is None: | ||||
Matthias Bussonnier
|
r20709 | app.log.warning(warning + " and not using encryption. This " | ||
Phil Elson
|
r19322 | "is not recommended.") | ||
Min RK
|
r19333 | if not app.password: | ||
Matthias Bussonnier
|
r20709 | app.log.warning(warning + " and not using authentication. " | ||
Phil Elson
|
r19322 | "This is highly insecure and not recommended.") | ||
Min RK
|
r19333 | @classmethod | ||
def password_from_settings(cls, settings): | ||||
Min RK
|
r19323 | """Return the hashed password from the tornado settings. | ||
Phil Elson
|
r19322 | |||
Min RK
|
r19323 | If there is no configured password, an empty string will be returned. | ||
Phil Elson
|
r19322 | """ | ||
Min RK
|
r19323 | return settings.get('password', u'') | ||
Phil Elson
|
r19322 | |||
@classmethod | ||||
Min RK
|
r19323 | def login_available(cls, settings): | ||
Phil Elson
|
r19322 | """Whether this LoginHandler is needed - and therefore whether the login page should be displayed.""" | ||
Min RK
|
r19323 | return bool(cls.password_from_settings(settings)) | ||