|
|
"""Tornado handlers logging into the notebook.
|
|
|
|
|
|
Authors:
|
|
|
|
|
|
* Brian Granger
|
|
|
* Phil Elson
|
|
|
"""
|
|
|
|
|
|
#-----------------------------------------------------------------------------
|
|
|
# Copyright (C) 2014 The IPython Development Team
|
|
|
#
|
|
|
# Distributed under the terms of the BSD License. The full license is in
|
|
|
# the file COPYING, distributed as part of this software.
|
|
|
#-----------------------------------------------------------------------------
|
|
|
|
|
|
#-----------------------------------------------------------------------------
|
|
|
# Imports
|
|
|
#-----------------------------------------------------------------------------
|
|
|
|
|
|
import uuid
|
|
|
|
|
|
from tornado.escape import url_escape
|
|
|
from tornado import web
|
|
|
|
|
|
from IPython.config.configurable import Configurable
|
|
|
from IPython.lib.security import passwd_check
|
|
|
|
|
|
from ..base.handlers import IPythonHandler
|
|
|
|
|
|
#-----------------------------------------------------------------------------
|
|
|
# Handler
|
|
|
#-----------------------------------------------------------------------------
|
|
|
|
|
|
class LoginHandler(IPythonHandler):
|
|
|
""" The basic IPythonWebApplication login handler which authenticates with a
|
|
|
hashed password from the configuration.
|
|
|
|
|
|
"""
|
|
|
def _render(self, message=None):
|
|
|
self.write(self.render_template('login.html',
|
|
|
next=url_escape(self.get_argument('next', default=self.base_url)),
|
|
|
message=message,
|
|
|
))
|
|
|
|
|
|
def get(self):
|
|
|
if self.current_user:
|
|
|
self.redirect(self.get_argument('next', default=self.base_url))
|
|
|
else:
|
|
|
self._render()
|
|
|
|
|
|
def post(self):
|
|
|
hashed_password = self.password_from_configuration(self.application)
|
|
|
typed_password = self.get_argument('password', default=u'')
|
|
|
if self.login_available(self.application):
|
|
|
if passwd_check(hashed_password, typed_password):
|
|
|
self.set_secure_cookie(self.cookie_name, str(uuid.uuid4()))
|
|
|
else:
|
|
|
self._render(message={'error': 'Invalid password'})
|
|
|
return
|
|
|
|
|
|
self.redirect(self.get_argument('next', default=self.base_url))
|
|
|
|
|
|
@classmethod
|
|
|
def validate_notebook_app_security(cls, notebook_app, ssl_options=None):
|
|
|
if not notebook_app.ip:
|
|
|
warning = "WARNING: The notebook server is listening on all IP addresses"
|
|
|
if ssl_options is None:
|
|
|
notebook_app.log.critical(warning + " and not using encryption. This "
|
|
|
"is not recommended.")
|
|
|
if not self.password_from_configuration(notebook_app):
|
|
|
notebook_app.log.critical(warning + " and not using authentication. "
|
|
|
"This is highly insecure and not recommended.")
|
|
|
|
|
|
@staticmethod
|
|
|
def password_from_configuration(webapp):
|
|
|
""" Return the hashed password from the given NotebookWebApplication's configuration.
|
|
|
|
|
|
If there is no configured password, None will be returned.
|
|
|
|
|
|
"""
|
|
|
return webapp.settings['config']['NotebookApp'].get('password', None)
|
|
|
|
|
|
@classmethod
|
|
|
def login_available(cls, webapp):
|
|
|
"""Whether this LoginHandler is needed - and therefore whether the login page should be displayed."""
|
|
|
return bool(cls.password_from_configuration(webapp))
|
|
|
|
