hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-15 14:03:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #197 from minrk/expire-token

Browse Source 
expire login cookies
This commit is contained in:
Min RK
2015-03-23 11:51:08 -07:00
parent fad5f5a61d 3fb2afc2bd
commit 3e89f45954
2 changed files with 23 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
jupyterhub/app.py
View File

@@ -37,7 +37,7 @@ if V(IPython.__version__) < V('3.0'):
from IPython.utils.traitlets import ( from IPython.utils.traitlets import (
Unicode, Integer, Dict, TraitError, List, Bool, Any, Unicode, Integer, Dict, TraitError, List, Bool, Any,
Type, Set, Instance, Bytes, Type, Set, Instance, Bytes, Float,
) )
from IPython.config import Application, catch_config_error from IPython.config import Application, catch_config_error
@@ -185,6 +185,11 @@ class JupyterHub(Application):
Useful for daemonizing jupyterhub. Useful for daemonizing jupyterhub.
""" """
) )
cookie_max_age_days = Float(14, config=True,
help="""Number of days for a login cookie to be valid.
Default is two weeks.
"""
)
last_activity_interval = Integer(300, config=True, last_activity_interval = Integer(300, config=True,
help="Interval (in seconds) at which to update last-activity timestamps." help="Interval (in seconds) at which to update last-activity timestamps."
) )
@@ -805,6 +810,7 @@ class JupyterHub(Application):
spawner_class=self.spawner_class, spawner_class=self.spawner_class,
base_url=self.base_url, base_url=self.base_url,
cookie_secret=self.cookie_secret, cookie_secret=self.cookie_secret,
cookie_max_age_days=self.cookie_max_age_days,
login_url=login_url, login_url=login_url,
logout_url=logout_url, logout_url=logout_url,
static_path=os.path.join(self.data_files_path, 'static'), static_path=os.path.join(self.data_files_path, 'static'),

19
jupyterhub/handlers/base.py
View File

@@ -72,6 +72,10 @@ class BaseHandler(RequestHandler):
def admin_users(self): def admin_users(self):
return self.settings.setdefault('admin_users', set()) return self.settings.setdefault('admin_users', set())
@property
def cookie_max_age_days(self):
return self.settings.get('cookie_max_age_days', None)
def get_current_user_token(self): def get_current_user_token(self):
"""get_current_user from Authorization header token""" """get_current_user from Authorization header token"""
auth_header = self.request.headers.get('Authorization', '') auth_header = self.request.headers.get('Authorization', '')
@@ -87,16 +91,25 @@ class BaseHandler(RequestHandler):
def _user_for_cookie(self, cookie_name, cookie_value=None): def _user_for_cookie(self, cookie_name, cookie_value=None):
"""Get the User for a given cookie, if there is one""" """Get the User for a given cookie, if there is one"""
cookie_id = self.get_secure_cookie(cookie_name, cookie_value) cookie_id = self.get_secure_cookie(
cookie_name,
cookie_value,
max_age_days=self.cookie_max_age_days,
)
def clear():
self.clear_cookie(cookie_name, path=self.hub.server.base_url)
if cookie_id is None: if cookie_id is None:
if self.get_cookie(cookie_name):
self.log.warn("Invalid or expired cookie token")
clear()
return return
cookie_id = cookie_id.decode('utf8', 'replace') cookie_id = cookie_id.decode('utf8', 'replace')
user = self.db.query(orm.User).filter(orm.User.cookie_id==cookie_id).first() user = self.db.query(orm.User).filter(orm.User.cookie_id==cookie_id).first()
if user is None: if user is None:
# don't log the token itself
self.log.warn("Invalid cookie token") self.log.warn("Invalid cookie token")
# have cookie, but it's not valid. Clear it and start over. # have cookie, but it's not valid. Clear it and start over.
self.clear_cookie(self.hub.server.cookie_name, path=self.hub.server.base_url) clear()
return user return user
def get_current_user_cookie(self): def get_current_user_cookie(self):