upstream/ipython Commit - r4723:06032c55

Merge branch 'enh/httpauth' of https://github.com/satra/ipython into satra-enh/httpauth

Brian E. Granger -

r4723:06032c55

parent child

IPython/frontend/html/notebook/templates/login.html

0 created 644 +66 0

			@@ -0,0 +1,66 b''
		1	<!DOCTYPE HTML>
		2	<html>
		3
		4	<head>
		5	<meta charset="utf-8">
		6
		7	<title>IPython Notebook</title>
		8
		9	<link rel="stylesheet" href="static/jquery/css/themes/aristo/jquery-wijmo.css" type="text/css" />
		10	<!-- <link rel="stylesheet" href="static/jquery/css/themes/rocket/jquery-wijmo.css" type="text/css" /> -->
		11	<!-- <link rel="stylesheet" href="static/jquery/css/themes/smoothness/jquery-ui-1.8.14.custom.css" type="text/css" />-->
		12
		13	<link rel="stylesheet" href="static/css/boilerplate.css" type="text/css" />
		14	<link rel="stylesheet" href="static/css/layout.css" type="text/css" />
		15	<link rel="stylesheet" href="static/css/base.css" type="text/css" />
		16	<script type="text/javascript" charset="utf-8">
		17	function add_next_to_action(){
		18	// add 'next' argument to action url, to preserve redirect
		19	var query = location.search.substring(1);
		20	var form = document.forms[0];
		21	var action = form.getAttribute("action");
		22	form.setAttribute("action", action + '?' + query);
		23	}
		24	</script>
		25	</head>
		26
		27	<body onload="add_next_to_action()">
		28
		29	<div id="header">
		30	<span id="ipython_notebook"><h1>IPython Notebook</h1></span>
		31	</div>
		32
		33	<div id="header_border"></div>
		34
		35	<div id="main_app">
		36
		37	<div id="app_hbox">
		38
		39	<div id="left_panel">
		40	</div>
		41
		42	<div id="content_panel">
		43	<form action="/login" method="post">
		44	Name: <input type="text" name="name" value="{{user_id}}">
		45	Password: <input type="password" name="password">
		46	<input type="submit" value="Sign in">
		47	</form>
		48	</div>
		49	<div id="right_panel">
		50	</div>
		51
		52	</div>
		53
		54	</div>
		55
		56	<script src="static/jquery/js/jquery-1.6.2.min.js" type="text/javascript" charset="utf-8"></script>
		57	<script src="static/jquery/js/jquery-ui-1.8.14.custom.min.js" type="text/javascript" charset="utf-8"></script>
		58	<script src="static/js/namespace.js" type="text/javascript" charset="utf-8"></script>
		59	<script src="static/js/notebooklist.js" type="text/javascript" charset="utf-8"></script>
		60	<script src="static/js/nbbrowser_main.js" type="text/javascript" charset="utf-8"></script>
		61
		62	</body>
		63
		64	</html>
		65
		66

IPython/frontend/html/notebook/handlers.py

0 +105 -20

              # Imports
              #-----------------------------------------------------------------------------
+             import logging
+             import Cookie
              from tornado import web
              from tornado import websocket
              # Top-level handlers
              #-----------------------------------------------------------------------------
-             class NBBrowserHandler(web.RequestHandler):
+             class AuthenticatedHandler(web.RequestHandler):
+                 """A RequestHandler with an authenticated user."""
+                 def get_current_user(self):
+                     password = self.get_secure_cookie("password")
+                     if password is None:
+                         # cookie doesn't exist, or is invalid. Clear to prevent repeated
+                         # 'Invalid cookie signature' warnings.
+                         self.clear_cookie('password')
+                         self.clear_cookie("user_id")
+                     if self.application.password and self.application.password != password:
+                         return None
+                     return self.get_secure_cookie("user") or 'anonymous'
+             class NBBrowserHandler(AuthenticatedHandler):
+                 @web.authenticated
                  def get(self):
                      nbm = self.application.notebook_manager
                      project = nbm.notebook_dir
                      self.render('nbbrowser.html', project=project)
+             class LoginHandler(AuthenticatedHandler):
+                 def get(self):
+                     user_id = self.get_secure_cookie("user") or ''
+                     self.render('login.html', user_id=user_id)
+                 def post(self):
+                     self.set_secure_cookie("user", self.get_argument("name", default=u''))
+                     self.set_secure_cookie("password", self.get_argument("password", default=u''))
+                     url = self.get_argument("next", default="/")
+                     self.redirect(url)
-             class NewHandler(web.RequestHandler):
+             class NewHandler(AuthenticatedHandler):
+                 @web.authenticated
                  def get(self):
                      notebook_id = self.application.notebook_manager.new_notebook()
                      self.render('notebook.html', notebook_id=notebook_id)
-             class NamedNotebookHandler(web.RequestHandler):
+             class NamedNotebookHandler(AuthenticatedHandler):
+                 @web.authenticated
                  def get(self, notebook_id):
                      nbm = self.application.notebook_manager
                      if not nbm.notebook_exists(notebook_id):
              #-----------------------------------------------------------------------------
-             class MainKernelHandler(web.RequestHandler):
+             class MainKernelHandler(AuthenticatedHandler):
+                 @web.authenticated
                  def get(self):
                      km = self.application.kernel_manager
                      self.finish(jsonapi.dumps(km.kernel_ids))
+                 @web.authenticated
                  def post(self):
                      km = self.application.kernel_manager
                      notebook_id = self.get_argument('notebook', default=None)
                      self.finish(jsonapi.dumps(data))
-             class KernelHandler(web.RequestHandler):
+             class KernelHandler(AuthenticatedHandler):
                  SUPPORTED_METHODS = ('DELETE')
+                 @web.authenticated
                  def delete(self, kernel_id):
                      km = self.application.kernel_manager
                      km.kill_kernel(kernel_id)
                      self.finish()
-             class KernelActionHandler(web.RequestHandler):
+             class KernelActionHandler(AuthenticatedHandler):
+                 @web.authenticated
                  def post(self, kernel_id, action):
                      km = self.application.kernel_manager
                      if action == 'interrupt':
                      else:
                          self.write_message(msg)
-             class IOPubHandler(ZMQStreamHandler):
+             class AuthenticatedZMQStreamHandler(ZMQStreamHandler):
+                 def open(self, kernel_id):
+                     self.kernel_id = kernel_id
+                     self.session = Session()
+                     self.save_on_message = self.on_message
+                     self.on_message = self.on_first_message
+                 def get_current_user(self):
+                     password = self.get_secure_cookie("password")
+                     if password is None:
+                         # clear cookies, to prevent future Invalid cookie signature warnings
+                         self._cookies = Cookie.SimpleCookie()
+                     if self.application.password and self.application.password != password:
+                         return None
+                     return self.get_secure_cookie("user") or 'anonymous'
+                 def _inject_cookie_message(self, msg):
+                     """Inject the first message, which is the document cookie,
+                     for authentication."""
+                     if isinstance(msg, unicode):
+                         # Cookie can't constructor doesn't accept unicode strings for some reason
+                         msg = msg.encode('utf8', 'replace')
+                     try:
+                         self._cookies = Cookie.SimpleCookie(msg)
+                     except:
+                         logging.warn("couldn't parse cookie string: %s",msg, exc_info=True)
+                 def on_first_message(self, msg):
+                     self._inject_cookie_message(msg)
+                     if self.get_current_user() is None:
+                         logging.warn("Couldn't authenticate WebSocket connection")
+                         raise web.HTTPError(403)
+                     self.on_message = self.save_on_message
+             class IOPubHandler(AuthenticatedZMQStreamHandler):
                  def initialize(self, *args, **kwargs):
                      self._kernel_alive = True
                      self._beating = False
                      self.iopub_stream = None
                      self.hb_stream = None
-                 def open(self, kernel_id):
+                 def on_first_message(self, msg):
+                     try:
+                         super(IOPubHandler, self).on_first_message(msg)
+                     except web.HTTPError:
+                         self.close()
+                         return
                      km = self.application.kernel_manager
-                     self.kernel_id = kernel_id
-                     self.session = Session()
                      self.time_to_dead = km.time_to_dead
+                     kernel_id = self.kernel_id
                      try:
                          self.iopub_stream = km.create_iopub_stream(kernel_id)
                          self.hb_stream = km.create_hb_stream(kernel_id)
                          # close the connection.
                          if not self.stream.closed():
                              self.stream.close()
+                         self.close()
                      else:
                          self.iopub_stream.on_recv(self._on_zmq_reply)
                          self.start_hb(self.kernel_died)
+                 def on_message(self, msg):
+                     pass
                  def on_close(self):
                      # This method can be called twice, once by self.kernel_died and once
                      self.on_close()
-             class ShellHandler(ZMQStreamHandler):
+             class ShellHandler(AuthenticatedZMQStreamHandler):
                  def initialize(self, *args, **kwargs):
                      self.shell_stream = None
-                 def open(self, kernel_id):
+                 def on_first_message(self, msg):
+                     try:
+                         super(ShellHandler, self).on_first_message(msg)
+                     except web.HTTPError:
+                         self.close()
+                         return
                      km = self.application.kernel_manager
                      self.max_msg_size = km.max_msg_size
-                     self.kernel_id = kernel_id
+                     kernel_id = self.kernel_id
                      try:
                          self.shell_stream = km.create_shell_stream(kernel_id)
                      except web.HTTPError:
                          # close the connection.
                          if not self.stream.closed():
                              self.stream.close()
+                         self.close()
                      else:
-                         self.session = Session()
                          self.shell_stream.on_recv(self._on_zmq_reply)
                  def on_message(self, msg):
              # Notebook web service handlers
              #-----------------------------------------------------------------------------
-             class NotebookRootHandler(web.RequestHandler):
+             class NotebookRootHandler(AuthenticatedHandler):
+                 @web.authenticated
                  def get(self):
                      nbm = self.application.notebook_manager
                      files = nbm.list_notebooks()
                      self.finish(jsonapi.dumps(files))
+                 @web.authenticated
                  def post(self):
                      nbm = self.application.notebook_manager
                      body = self.request.body.strip()
                      self.finish(jsonapi.dumps(notebook_id))
-             class NotebookHandler(web.RequestHandler):
+             class NotebookHandler(AuthenticatedHandler):
                  SUPPORTED_METHODS = ('GET', 'PUT', 'DELETE')
+                 @web.authenticated
                  def get(self, notebook_id):
                      nbm = self.application.notebook_manager
                      format = self.get_argument('format', default='json')
                      self.set_header('Last-Modified', last_mod)
                      self.finish(data)
+                 @web.authenticated
                  def put(self, notebook_id):
                      nbm = self.application.notebook_manager
                      format = self.get_argument('format', default='json')
                      self.set_status(204)
                      self.finish()
+                 @web.authenticated
                  def delete(self, notebook_id):
                      nbm = self.application.notebook_manager
                      nbm.delete_notebook(notebook_id)
              #-----------------------------------------------------------------------------
-             class RSTHandler(web.RequestHandler):
+             class RSTHandler(AuthenticatedHandler):
+                 @web.authenticated
                  def post(self):
                      if publish_string is None:
                          raise web.HTTPError(503, u'docutils not available')

IPython/frontend/html/notebook/notebookapp.py

0 +10 -2

              from tornado import web
              from .kernelmanager import MappingKernelManager
-             from .handlers import (
+             from .handlers import (LoginHandler,
                  NBBrowserHandler, NewHandler, NamedNotebookHandler,
                  MainKernelHandler, KernelHandler, KernelActionHandler, IOPubHandler,
                  ShellHandler, NotebookRootHandler, NotebookHandler, RSTHandler
                  def __init__(self, ipython_app, kernel_manager, notebook_manager, log):
                      handlers = [
                          (r"/", NBBrowserHandler),
+                         (r"/login", LoginHandler),
                          (r"/new", NewHandler),
                          (r"/%s" % _notebook_id_regex, NamedNotebookHandler),
                          (r"/kernels", MainKernelHandler),
                      settings = dict(
                          template_path=os.path.join(os.path.dirname(__file__), "templates"),
                          static_path=os.path.join(os.path.dirname(__file__), "static"),
+                         cookie_secret=os.urandom(1024),
+                         login_url="/login",
                      )
                      web.Application.__init__(self, handlers, **settings)
                  'keyfile': 'IPythonNotebookApp.keyfile',
                  'certfile': 'IPythonNotebookApp.certfile',
                  'ws-hostname': 'IPythonNotebookApp.ws_hostname',
-                 'notebook-dir': 'NotebookManager.notebook_dir'
+                 'notebook-dir': 'NotebookManager.notebook_dir',
              })
              notebook_aliases = [u'port', u'ip', u'keyfile', u'certfile', u'ws-hostname',
                      help="""The full path to a private key file for usage with SSL/TLS."""
                  )
+                 password = Unicode(u'', config=True,
+                                   help="""Password to use for web authentication"""
+                 )
                  def get_ws_url(self):
                      """Return the WebSocket URL for this server."""
                      if self.certfile:
                              ssl_options['keyfile'] = self.keyfile
                      else:
                          ssl_options = None
+                     self.web_app.password = self.password
                      self.http_server = httpserver.HTTPServer(self.web_app, ssl_options=ssl_options)
                      if ssl_options is None and not self.ip:
                          self.log.critical('WARNING: the notebook server is listening on all IP addresses '

IPython/frontend/html/notebook/static/js/kernel.js

0 +6 0

                      console.log("Starting WS:", ws_url);
                      this.shell_channel = new this.WebSocket(ws_url + "/shell");
                      this.iopub_channel = new this.WebSocket(ws_url + "/iopub");
+                     send_cookie = function(){
+                         this.send(document.cookie);
+                         console.log(this);
+                     }
+                     this.shell_channel.onopen = send_cookie;
+                     this.iopub_channel.onopen = send_cookie;
                  };

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages