Merge pull request #436 from minrk/subdomains

allow running single-user servers on subdomains

jupyterhub/handlers/base.py

@@ -51,6 +51,14 @@ class BaseHandler(RequestHandler):
     def version_hash(self):
         return self.settings.get('version_hash', '')
     
+    @property
+    def use_subdomains(self):
+        return self.settings.get('use_subdomains', False)
+    
+    @property
+    def domain(self):
+        return self.settings['domain']
+    
     @property
     def db(self):
         return self.settings['db']
@@ -199,42 +207,44 @@ class BaseHandler(RequestHandler):
             user = self.get_current_user()
         else:
             user = self.find_user(name)
+        kwargs = {}
+        if self.use_subdomains:
+            kwargs['domain'] = self.domain
         if user and user.server:
-            self.clear_cookie(user.server.cookie_name, path=user.server.base_url)
-        self.clear_cookie(self.hub.server.cookie_name, path=self.hub.server.base_url)
+            self.clear_cookie(user.server.cookie_name, path=user.server.base_url, **kwargs)
+        self.clear_cookie(self.hub.server.cookie_name, path=self.hub.server.base_url, **kwargs)
+    
+    def _set_user_cookie(self, user, server):
+        # tornado <4.2 have a bug that consider secure==True as soon as
+        # 'secure' kwarg is passed to set_secure_cookie
+        if  self.request.protocol == 'https':
+            kwargs = {'secure': True}
+        else:
+            kwargs = {}
+        if self.use_subdomains:
+            kwargs['domain'] = self.domain
+        self.log.debug("Setting cookie for %s: %s, %s", user.name, server.cookie_name, kwargs)
+        self.set_secure_cookie(
+            server.cookie_name,
+            user.cookie_id,
+            path=server.base_url,
+            **kwargs
+        )
     
     def set_server_cookie(self, user):
         """set the login cookie for the single-user server"""
-        # tornado <4.2 have a bug that consider secure==True as soon as
-        # 'secure' kwarg is passed to set_secure_cookie
-        if  self.request.protocol == 'https':
-            kwargs = {'secure':True}
-        else:
-            kwargs = {}
-        self.set_secure_cookie(
-            user.server.cookie_name,
-            user.cookie_id,
-            path=user.server.base_url,
-            **kwargs
-        )
+        self._set_user_cookie(user, user.server)
     
     def set_hub_cookie(self, user):
         """set the login cookie for the Hub"""
-        # tornado <4.2 have a bug that consider secure==True as soon as
-        # 'secure' kwarg is passed to set_secure_cookie
-        if  self.request.protocol == 'https':
-            kwargs = {'secure':True}
-        else:
-            kwargs = {}
-        self.set_secure_cookie(
-            self.hub.server.cookie_name,
-            user.cookie_id,
-            path=self.hub.server.base_url,
-            **kwargs
-        )
+        self._set_user_cookie(user, self.hub.server)
     
     def set_login_cookie(self, user):
         """Set login cookies for the Hub and single-user server."""
+        if self.use_subdomains and not self.request.host.startswith(self.domain):
+            self.log.warning(
+                "Possibly setting cookie on wrong domain: %s != %s",
+                self.request.host, self.domain)
         # create and set a new cookie token for the single-user server
         if user.server:
             self.set_server_cookie(user)
@@ -472,6 +482,8 @@ class UserSpawnHandler(BaseHandler):
             self.set_login_cookie(current_user)
             without_prefix = self.request.uri[len(self.hub.server.base_url):]
             target = url_path_join(self.base_url, without_prefix)
+            if self.use_subdomains:
+                target = current_user.host + target
             self.redirect(target)
         else:
             # not logged in to the right user,