hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-17 15:03:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

encrypt auth_state with MultiFernet

Browse Source 
- MultFernet allows key rotation via `AUTH_STATE_KEY=secret2;secret1;secret0`
- Failure to decrypt results in cleared state
- Attempting to set auth_state without encryption is a hard failure
- Absent encryption, auth_state will always be None
This commit is contained in:
Min RK
2017-07-27 13:28:33 +02:00
parent 3d635816c9
commit 5714f56083
3 changed files with 178 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
jupyterhub/handlers/base.py
View File

@@ -330,14 +330,15 @@ class BaseHandler(RequestHandler):
if authenticated:
username = authenticated['name']
auth_state = authenticated.get('auth_state')
user = self.user_from_username(username)
# always set auth_state and commit,
# because there could be key-rotation or clearing of previous values
# going on.
user.auth_state = auth_state
self.db.commit()
self.set_login_cookie(user)
self.statsd.incr('login.success')
self.statsd.timing('login.authenticate.success', auth_timer.ms)
user = self.user_from_username(username)
if auth_state is not None:
user.auth_state = auth_state
self.db.commit()
self.set_login_cookie(user)
self.log.info("User logged in: %s", username)
return user
else: