hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-12 04:23:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix Spawner.oauth_roles config

Browse Source 
missing cast to orm.Role from config when populating oauth client

test included
This commit is contained in:
Min RK
2021-12-14 10:35:34 +01:00
parent 028722a5ac
commit 2b61c16c06
2 changed files with 32 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
jupyterhub/tests/test_spawner.py
View File

@@ -428,7 +428,22 @@ async def test_hub_connect_url(db):
) )
async def test_spawner_oauth_roles(app): async def test_spawner_oauth_roles(app, user):
allowed_roles = ['lotsa', 'roles'] allowed_roles = ["admin", "user"]
spawner = new_spawner(app.db, oauth_roles=allowed_roles) spawner = user.spawners['']
assert spawner.oauth_roles == allowed_roles spawner.oauth_roles = allowed_roles
# exercise start/stop which assign roles to oauth client
await spawner.user.spawn()
oauth_client = spawner.orm_spawner.oauth_client
assert sorted(role.name for role in oauth_client.allowed_roles) == allowed_roles
await spawner.user.stop()
async def test_spawner_oauth_roles_bad(app, user):
allowed_roles = ["user", "nosuchrole"]
spawner = user.spawners['']
spawner.oauth_roles = allowed_roles
# exercise start/stop which assign roles
# raises ValueError if we try to assign a role that doesn't exist
with pytest.raises(ValueError):
await spawner.user.spawn()

13
jupyterhub/user.py
View File

@@ -622,6 +622,19 @@ class User:
if callable(allowed_roles): if callable(allowed_roles):
allowed_roles = allowed_roles(spawner) allowed_roles = allowed_roles(spawner)
# allowed_roles config is a list of strings
# oauth provider.allowed_roles is a list of orm.Roles
if allowed_roles:
allowed_role_names = allowed_roles
allowed_roles = list(
self.db.query(orm.Role).filter(orm.Role.name.in_(allowed_roles))
)
if len(allowed_roles) != len(allowed_role_names):
missing_roles = set(allowed_role_names).difference(
{role.name for role in allowed_roles}
)
raise ValueError(f"No such role(s): {', '.join(missing_roles)}")
oauth_client = oauth_provider.add_client( oauth_client = oauth_provider.add_client(
client_id, client_id,
api_token, api_token,