upstream/ipython Commit - r4724:f48658df

only store hashed user_id in notebook cookie...

MinRK -

r4724:f48658df

parent child

IPython/frontend/html/notebook/handlers.py

0 +17 -18

             class AuthenticatedHandler(web.RequestHandler):
                 """A RequestHandler with an authenticated user."""
                 def get_current_user(self):
-                    password = self.get_secure_cookie("password")
+                    user_id = self.get_secure_cookie("user")
-                    if password is None:
+                    if user_id == '':
-                        # cookie doesn't exist, or is invalid. Clear to prevent repeated
+                        user_id = 'anonymous'
-                        # 'Invalid cookie signature' warnings.
+                    if user_id is None:
-                        self.clear_cookie('password')
+                        # prevent extra Invalid cookie sig warnings:
-                        self.clear_cookie("user_id")
+                        self.clear_cookie('user')
-                    if self.application.password and self.application.password != password:
+                        if not self.application.password:
-                        return None
+                            user_id = 'anonymous'
-                    return self.get_secure_cookie("user") or 'anonymous'
+                    return user_id
             class NBBrowserHandler(AuthenticatedHandler):
                 @web.authenticated
                     self.render('login.html', user_id=user_id)
                 def post(self):
-                    self.set_secure_cookie("user", self.get_argument("name", default=u''))
+                    pwd = self.get_argument("password", default=u'')
-                    self.set_secure_cookie("password", self.get_argument("password", default=u''))
+                    if self.application.password and pwd == self.application.password:
+                        self.set_secure_cookie("user", self.get_argument("name", default=u''))
                     url = self.get_argument("next", default="/")
                     self.redirect(url)
                     self.on_message = self.on_first_message
                 def get_current_user(self):
-                    password = self.get_secure_cookie("password")
+                    user_id = self.get_secure_cookie("user")
-                    if password is None:
+                    if user_id == '' or (user_id is None and not self.application.password):
-                        # clear cookies, to prevent future Invalid cookie signature warnings
+                        user_id = 'anonymous'
-                        self._cookies = Cookie.SimpleCookie()
+                    return user_id
-                    if self.application.password and self.application.password != password:
-                        return None
-                    return self.get_secure_cookie("user") or 'anonymous'
                 def _inject_cookie_message(self, msg):
                     """Inject the first message, which is the document cookie,

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages