From aeb39a1c7cb64b102880bfba9da26098147e17dd 2014-12-07 22:10:53 From: Min RK Date: 2014-12-07 22:10:53 Subject: [PATCH] update custom auth per review - pass settings around, not applications --- diff --git a/IPython/html/auth/login.py b/IPython/html/auth/login.py index 81fff81..2fd94ad 100644 --- a/IPython/html/auth/login.py +++ b/IPython/html/auth/login.py @@ -1,40 +1,21 @@ -"""Tornado handlers logging into the notebook. +"""Tornado handlers for logging into the notebook.""" -Authors: - -* Brian Granger -* Phil Elson -""" - -#----------------------------------------------------------------------------- -# Copyright (C) 2014 The IPython Development Team -# -# Distributed under the terms of the BSD License. The full license is in -# the file COPYING, distributed as part of this software. -#----------------------------------------------------------------------------- - -#----------------------------------------------------------------------------- -# Imports -#----------------------------------------------------------------------------- +# Copyright (c) IPython Development Team. +# Distributed under the terms of the Modified BSD License. import uuid from tornado.escape import url_escape -from tornado import web -from IPython.config.configurable import Configurable from IPython.lib.security import passwd_check from ..base.handlers import IPythonHandler -#----------------------------------------------------------------------------- -# Handler -#----------------------------------------------------------------------------- class LoginHandler(IPythonHandler): - """ The basic IPythonWebApplication login handler which authenticates with a - hashed password from the configuration. + """The basic tornado login handler + authenticates with a hashed password from the configuration. """ def _render(self, message=None): self.write(self.render_template('login.html', @@ -47,12 +28,15 @@ class LoginHandler(IPythonHandler): self.redirect(self.get_argument('next', default=self.base_url)) else: self._render() + + @property + def hashed_password(self): + return self.password_from_settings(self.settings) def post(self): - hashed_password = self.password_from_configuration(self.application) typed_password = self.get_argument('password', default=u'') - if self.login_available(self.application): - if passwd_check(hashed_password, typed_password): + if self.login_available(self.settings): + if passwd_check(self.hashed_password, typed_password): self.set_secure_cookie(self.cookie_name, str(uuid.uuid4())) else: self._render(message={'error': 'Invalid password'}) @@ -67,20 +51,20 @@ class LoginHandler(IPythonHandler): if ssl_options is None: notebook_app.log.critical(warning + " and not using encryption. This " "is not recommended.") - if not self.password_from_configuration(notebook_app): + if not notebook_app.password: notebook_app.log.critical(warning + " and not using authentication. " "This is highly insecure and not recommended.") @staticmethod - def password_from_configuration(webapp): - """ Return the hashed password from the given NotebookWebApplication's configuration. - - If there is no configured password, None will be returned. + def password_from_settings(settings): + """Return the hashed password from the tornado settings. + If there is no configured password, an empty string will be returned. """ - return webapp.settings['config']['NotebookApp'].get('password', None) + return settings.get('password', u'') @classmethod - def login_available(cls, webapp): + def login_available(cls, settings): """Whether this LoginHandler is needed - and therefore whether the login page should be displayed.""" - return bool(cls.password_from_configuration(webapp)) + return bool(cls.password_from_settings(settings)) + diff --git a/IPython/html/base/handlers.py b/IPython/html/base/handlers.py index 19e5398..cf98691 100644 --- a/IPython/html/base/handlers.py +++ b/IPython/html/base/handlers.py @@ -88,14 +88,12 @@ class AuthenticatedHandler(web.RequestHandler): @property def logged_in(self): - """Is a user currently logged in? - - """ + """Is a user currently logged in?""" user = self.get_current_user() return (user and not user == 'anonymous') @property - def _login_handler(self): + def login_handler(self): """Return the login handler for this application.""" return self.settings['login_handler_class'] @@ -107,7 +105,7 @@ class AuthenticatedHandler(web.RequestHandler): whether the user is already logged in or not. """ - return bool(self._login_handler.login_available(self.application)) + return bool(self.login_handler.login_available(self.settings)) class IPythonHandler(AuthenticatedHandler):