hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-18 07:23:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

DEV: Allow setting a whitelist_group on LocalAuthenticator.

Browse Source 
Any user in the group is considered in the whitelist.
This commit is contained in:
Scott Sanderson
2015-03-18 19:20:10 -04:00
parent 0c3bce8b57
commit 33a4f31520
1 changed files with 33 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
jupyterhub/auth.py
View File

@@ -3,6 +3,7 @@
# Copyright (c) IPython Development Team. # Copyright (c) IPython Development Team.
# Distributed under the terms of the Modified BSD License. # Distributed under the terms of the Modified BSD License.
from grp import getgrnam
import pwd import pwd
from subprocess import check_call, check_output, CalledProcessError from subprocess import check_call, check_output, CalledProcessError
@@ -40,6 +41,13 @@ class Authenticator(LoggingConfigurable):
and return None on failed authentication. and return None on failed authentication.
""" """
def check_whitelist(self, user):
"""
Return True if the whitelist is empty or user is in the whitelist.
"""
# Parens aren't necessary here, but they make this easier to parse.
return (not self.whitelist) or (user in self.whitelist)
def add_user(self, user): def add_user(self, user):
"""Add a new user """Add a new user
@@ -56,8 +64,7 @@ class Authenticator(LoggingConfigurable):
Removes the user from the whitelist. Removes the user from the whitelist.
""" """
if user.name in self.whitelist: self.whitelist.discard(user.name)
self.whitelist.remove(user.name)
def login_url(self, base_url): def login_url(self, base_url):
"""Override to register a custom login handler""" """Override to register a custom login handler"""
@@ -88,6 +95,27 @@ class LocalAuthenticator(Authenticator):
""" """
) )
whitelist_group = Unicode(
config=True,
help="Automatically whitelist anyone in this group.",
)
def check_whitelist(self, username):
return (
super().check_whitelist(username) or
self.check_whitelist_group(username)
)
def check_whitelist_group(self, username):
if not self.whitelist_group:
return False
try:
group = getgrnam(self.whitelist_group)
except KeyError:
self.log.error('No such group: [%s]' % self.whitelist_group)
return False
return username in group.gr_mem
@gen.coroutine @gen.coroutine
def add_user(self, user): def add_user(self, user):
"""Add a new user """Add a new user
@@ -152,7 +180,7 @@ class PAMAuthenticator(LocalAuthenticator):
Return None otherwise. Return None otherwise.
""" """
username = data['username'] username = data['username']
if self.whitelist and username not in self.whitelist: if not self.check_whitelist(username):
return return
# simplepam wants bytes, not unicode # simplepam wants bytes, not unicode
# see simplepam#3 # see simplepam#3