##// END OF EJS Templates
Address comments
Address comments

File last commit:

r19333:325d618c
r19591:be7f0144
Show More
login.py
95 lines | 3.3 KiB | text/x-python | PythonLexer
Min RK
update custom auth per review...
r19323 """Tornado handlers for logging into the notebook."""
Brian E. Granger
Adding new files.
r10641
Min RK
update custom auth per review...
r19323 # Copyright (c) IPython Development Team.
# Distributed under the terms of the Modified BSD License.
Brian E. Granger
Adding new files.
r10641
import uuid
from tornado.escape import url_escape
from IPython.lib.security import passwd_check
Brian E. Granger
Updating import statements after moving notebook files around.
r10649 from ..base.handlers import IPythonHandler
Brian E. Granger
Adding new files.
r10641
class LoginHandler(IPythonHandler):
Min RK
update custom auth per review...
r19323 """The basic tornado login handler
Phil Elson
Added authentication configuration for the notebook app.
r19322
Min RK
update custom auth per review...
r19323 authenticates with a hashed password from the configuration.
Phil Elson
Added authentication configuration for the notebook app.
r19322 """
Brian E. Granger
Adding new files.
r10641 def _render(self, message=None):
self.write(self.render_template('login.html',
MinRK
s/base_project_url/base_url/...
r15238 next=url_escape(self.get_argument('next', default=self.base_url)),
Brian E. Granger
Adding new files.
r10641 message=message,
))
def get(self):
if self.current_user:
MinRK
s/base_project_url/base_url/...
r15238 self.redirect(self.get_argument('next', default=self.base_url))
Brian E. Granger
Adding new files.
r10641 else:
self._render()
Min RK
update custom auth per review...
r19323
@property
def hashed_password(self):
return self.password_from_settings(self.settings)
Brian E. Granger
Adding new files.
r10641
def post(self):
Phil Elson
Added authentication configuration for the notebook app.
r19322 typed_password = self.get_argument('password', default=u'')
Min RK
update custom auth per review...
r19323 if self.login_available(self.settings):
if passwd_check(self.hashed_password, typed_password):
Brian E. Granger
Adding new files.
r10641 self.set_secure_cookie(self.cookie_name, str(uuid.uuid4()))
else:
self._render(message={'error': 'Invalid password'})
return
MinRK
s/base_project_url/base_url/...
r15238 self.redirect(self.get_argument('next', default=self.base_url))
Phil Elson
Added authentication configuration for the notebook app.
r19322
Min RK
address review in custom auth
r19333 @classmethod
def get_user(cls, handler):
"""Called by handlers.get_current_user for identifying the current user.
See tornado.web.RequestHandler.get_current_user for details.
"""
Min RK
allow LoginHandler to override get_current_user
r19325 # Can't call this get_current_user because it will collide when
# called on LoginHandler itself.
user_id = handler.get_secure_cookie(handler.cookie_name)
Min RK
address review in custom auth
r19333 # For now the user_id should not return empty, but it could, eventually.
Min RK
allow LoginHandler to override get_current_user
r19325 if user_id == '':
user_id = 'anonymous'
if user_id is None:
# prevent extra Invalid cookie sig warnings:
handler.clear_login_cookie()
if not handler.login_available:
user_id = 'anonymous'
return user_id
Phil Elson
Added authentication configuration for the notebook app.
r19322 @classmethod
Min RK
address review in custom auth
r19333 def validate_security(cls, app, ssl_options=None):
"""Check the notebook application's security.
Show messages, or abort if necessary, based on the security configuration.
"""
if not app.ip:
Phil Elson
Added authentication configuration for the notebook app.
r19322 warning = "WARNING: The notebook server is listening on all IP addresses"
if ssl_options is None:
Min RK
address review in custom auth
r19333 app.log.critical(warning + " and not using encryption. This "
Phil Elson
Added authentication configuration for the notebook app.
r19322 "is not recommended.")
Min RK
address review in custom auth
r19333 if not app.password:
app.log.critical(warning + " and not using authentication. "
Phil Elson
Added authentication configuration for the notebook app.
r19322 "This is highly insecure and not recommended.")
Min RK
address review in custom auth
r19333 @classmethod
def password_from_settings(cls, settings):
Min RK
update custom auth per review...
r19323 """Return the hashed password from the tornado settings.
Phil Elson
Added authentication configuration for the notebook app.
r19322
Min RK
update custom auth per review...
r19323 If there is no configured password, an empty string will be returned.
Phil Elson
Added authentication configuration for the notebook app.
r19322 """
Min RK
update custom auth per review...
r19323 return settings.get('password', u'')
Phil Elson
Added authentication configuration for the notebook app.
r19322
@classmethod
Min RK
update custom auth per review...
r19323 def login_available(cls, settings):
Phil Elson
Added authentication configuration for the notebook app.
r19322 """Whether this LoginHandler is needed - and therefore whether the login page should be displayed."""
Min RK
update custom auth per review...
r19323 return bool(cls.password_from_settings(settings))