##// END OF EJS Templates
Authenticate all notebook requests (except websockets)...
MinRK -
Show More
@@ -35,48 +35,46 b' except ImportError:'
35 # Top-level handlers
35 # Top-level handlers
36 #-----------------------------------------------------------------------------
36 #-----------------------------------------------------------------------------
37
37
38 class BaseHandler(web.RequestHandler):
38 class AuthenticatedHandler(web.RequestHandler):
39 """A RequestHandler with an authenticated user."""
39 def get_current_user(self):
40 def get_current_user(self):
40 user_id = self.get_secure_cookie("user")
41 if user_id is None:
42 self.clear_cookie('user')
43 self.clear_cookie('password')
44 password = self.get_secure_cookie("password")
41 password = self.get_secure_cookie("password")
42 if password is None:
43 # cookie doesn't exist, or is invalid. Clear to prevent repeated
44 # 'Invalid cookie signature' warnings.
45 self.clear_cookie('password')
46 self.clear_cookie("user_id")
45 if self.application.password and self.application.password != password:
47 if self.application.password and self.application.password != password:
46 return None
48 return None
47 if not user_id:
49 return self.get_secure_cookie("user") or 'anonymous'
48 user_id = 'anonymous'
49 return user_id
50
50
51 class NBBrowserHandler(BaseHandler):
51 class NBBrowserHandler(AuthenticatedHandler):
52 @web.authenticated
52 @web.authenticated
53 def get(self):
53 def get(self):
54 nbm = self.application.notebook_manager
54 nbm = self.application.notebook_manager
55 project = nbm.notebook_dir
55 project = nbm.notebook_dir
56 self.render('nbbrowser.html', project=project)
56 self.render('nbbrowser.html', project=project)
57
57
58 class LoginHandler(BaseHandler):
58 class LoginHandler(AuthenticatedHandler):
59 def get(self):
59 def get(self):
60 user_id = self.get_secure_cookie("user")
60 user_id = self.get_secure_cookie("user") or ''
61 if user_id is None:
62 self.clear_cookie('user')
63 self.clear_cookie('password')
64 user_id = ''
65
66 self.render('login.html', user_id=user_id)
61 self.render('login.html', user_id=user_id)
67
62
68 def post(self):
63 def post(self):
69 self.set_secure_cookie("user", self.get_argument("name", default=u''))
64 self.set_secure_cookie("user", self.get_argument("name", default=u''))
70 self.set_secure_cookie("password", self.get_argument("password", default=u''))
65 self.set_secure_cookie("password", self.get_argument("password", default=u''))
71 self.redirect("/")
66 url = self.get_argument("next", default="/")
67 self.redirect(url)
72
68
73 class NewHandler(web.RequestHandler):
69 class NewHandler(AuthenticatedHandler):
70 @web.authenticated
74 def get(self):
71 def get(self):
75 notebook_id = self.application.notebook_manager.new_notebook()
72 notebook_id = self.application.notebook_manager.new_notebook()
76 self.render('notebook.html', notebook_id=notebook_id)
73 self.render('notebook.html', notebook_id=notebook_id)
77
74
78
75
79 class NamedNotebookHandler(web.RequestHandler):
76 class NamedNotebookHandler(AuthenticatedHandler):
77 @web.authenticated
80 def get(self, notebook_id):
78 def get(self, notebook_id):
81 nbm = self.application.notebook_manager
79 nbm = self.application.notebook_manager
82 if not nbm.notebook_exists(notebook_id):
80 if not nbm.notebook_exists(notebook_id):
@@ -89,12 +87,14 b' class NamedNotebookHandler(web.RequestHandler):'
89 #-----------------------------------------------------------------------------
87 #-----------------------------------------------------------------------------
90
88
91
89
92 class MainKernelHandler(web.RequestHandler):
90 class MainKernelHandler(AuthenticatedHandler):
93
91
92 @web.authenticated
94 def get(self):
93 def get(self):
95 km = self.application.kernel_manager
94 km = self.application.kernel_manager
96 self.finish(jsonapi.dumps(km.kernel_ids))
95 self.finish(jsonapi.dumps(km.kernel_ids))
97
96
97 @web.authenticated
98 def post(self):
98 def post(self):
99 km = self.application.kernel_manager
99 km = self.application.kernel_manager
100 notebook_id = self.get_argument('notebook', default=None)
100 notebook_id = self.get_argument('notebook', default=None)
@@ -105,10 +105,11 b' class MainKernelHandler(web.RequestHandler):'
105 self.finish(jsonapi.dumps(data))
105 self.finish(jsonapi.dumps(data))
106
106
107
107
108 class KernelHandler(web.RequestHandler):
108 class KernelHandler(AuthenticatedHandler):
109
109
110 SUPPORTED_METHODS = ('DELETE')
110 SUPPORTED_METHODS = ('DELETE')
111
111
112 @web.authenticated
112 def delete(self, kernel_id):
113 def delete(self, kernel_id):
113 km = self.application.kernel_manager
114 km = self.application.kernel_manager
114 km.kill_kernel(kernel_id)
115 km.kill_kernel(kernel_id)
@@ -116,8 +117,9 b' class KernelHandler(web.RequestHandler):'
116 self.finish()
117 self.finish()
117
118
118
119
119 class KernelActionHandler(web.RequestHandler):
120 class KernelActionHandler(AuthenticatedHandler):
120
121
122 @web.authenticated
121 def post(self, kernel_id, action):
123 def post(self, kernel_id, action):
122 km = self.application.kernel_manager
124 km = self.application.kernel_manager
123 if action == 'interrupt':
125 if action == 'interrupt':
@@ -278,13 +280,15 b' class ShellHandler(ZMQStreamHandler):'
278 # Notebook web service handlers
280 # Notebook web service handlers
279 #-----------------------------------------------------------------------------
281 #-----------------------------------------------------------------------------
280
282
281 class NotebookRootHandler(web.RequestHandler):
283 class NotebookRootHandler(AuthenticatedHandler):
282
284
285 @web.authenticated
283 def get(self):
286 def get(self):
284 nbm = self.application.notebook_manager
287 nbm = self.application.notebook_manager
285 files = nbm.list_notebooks()
288 files = nbm.list_notebooks()
286 self.finish(jsonapi.dumps(files))
289 self.finish(jsonapi.dumps(files))
287
290
291 @web.authenticated
288 def post(self):
292 def post(self):
289 nbm = self.application.notebook_manager
293 nbm = self.application.notebook_manager
290 body = self.request.body.strip()
294 body = self.request.body.strip()
@@ -298,10 +302,11 b' class NotebookRootHandler(web.RequestHandler):'
298 self.finish(jsonapi.dumps(notebook_id))
302 self.finish(jsonapi.dumps(notebook_id))
299
303
300
304
301 class NotebookHandler(web.RequestHandler):
305 class NotebookHandler(AuthenticatedHandler):
302
306
303 SUPPORTED_METHODS = ('GET', 'PUT', 'DELETE')
307 SUPPORTED_METHODS = ('GET', 'PUT', 'DELETE')
304
308
309 @web.authenticated
305 def get(self, notebook_id):
310 def get(self, notebook_id):
306 nbm = self.application.notebook_manager
311 nbm = self.application.notebook_manager
307 format = self.get_argument('format', default='json')
312 format = self.get_argument('format', default='json')
@@ -315,6 +320,7 b' class NotebookHandler(web.RequestHandler):'
315 self.set_header('Last-Modified', last_mod)
320 self.set_header('Last-Modified', last_mod)
316 self.finish(data)
321 self.finish(data)
317
322
323 @web.authenticated
318 def put(self, notebook_id):
324 def put(self, notebook_id):
319 nbm = self.application.notebook_manager
325 nbm = self.application.notebook_manager
320 format = self.get_argument('format', default='json')
326 format = self.get_argument('format', default='json')
@@ -323,6 +329,7 b' class NotebookHandler(web.RequestHandler):'
323 self.set_status(204)
329 self.set_status(204)
324 self.finish()
330 self.finish()
325
331
332 @web.authenticated
326 def delete(self, notebook_id):
333 def delete(self, notebook_id):
327 nbm = self.application.notebook_manager
334 nbm = self.application.notebook_manager
328 nbm.delete_notebook(notebook_id)
335 nbm.delete_notebook(notebook_id)
@@ -334,8 +341,9 b' class NotebookHandler(web.RequestHandler):'
334 #-----------------------------------------------------------------------------
341 #-----------------------------------------------------------------------------
335
342
336
343
337 class RSTHandler(web.RequestHandler):
344 class RSTHandler(AuthenticatedHandler):
338
345
346 @web.authenticated
339 def post(self):
347 def post(self):
340 if publish_string is None:
348 if publish_string is None:
341 raise web.HTTPError(503, u'docutils not available')
349 raise web.HTTPError(503, u'docutils not available')
@@ -13,10 +13,18 b''
13 <link rel="stylesheet" href="static/css/boilerplate.css" type="text/css" />
13 <link rel="stylesheet" href="static/css/boilerplate.css" type="text/css" />
14 <link rel="stylesheet" href="static/css/layout.css" type="text/css" />
14 <link rel="stylesheet" href="static/css/layout.css" type="text/css" />
15 <link rel="stylesheet" href="static/css/base.css" type="text/css" />
15 <link rel="stylesheet" href="static/css/base.css" type="text/css" />
16
16 <script type="text/javascript" charset="utf-8">
17 function add_next_to_action(){
18 // add 'next' argument to action url, to preserve redirect
19 var query = location.search.substring(1);
20 var form = document.forms[0];
21 var action = form.getAttribute("action");
22 form.setAttribute("action", action + '?' + query);
23 }
24 </script>
17 </head>
25 </head>
18
26
19 <body>
27 <body onload="add_next_to_action()">
20
28
21 <div id="header">
29 <div id="header">
22 <span id="ipython_notebook"><h1>IPython Notebook</h1></span>
30 <span id="ipython_notebook"><h1>IPython Notebook</h1></span>
General Comments 0
You need to be logged in to leave comments. Login now