avoid raising HTTPError in get_current_user

it can cause issues, e.g. with upcoming notebook releases .get_current_user may be called in set_default_headers, which doesn't catch HTTPErrors.
2025-10-14 13:33:00 +00:00 · 2018-01-03 14:58:42 +01:00
parent f87f24d9e5
commit 9866a0fadc
1 changed files with 8 additions and 1 deletions
--- a/jupyterhub/services/auth.py
+++ b/jupyterhub/services/auth.py
@@ -778,7 +778,14 @@ class HubAuthenticated(object):
        except UserNotAllowed as e:
            # cache None, in case get_user is called again while processing the error
            self._hub_auth_user_cache = None
-            raise HTTPError(403, "{kind} {name} is not allowed.".format(**e.model))
+            # Override redirect so if/when tornado @web.authenticated
+            # tries to redirect to login URL, 403 will be raised instead.
+            # This is not the best, but avoids problems that can be caused
+            # when get_current_user is allowed to raise.
+            def raise_on_redirect(*args, **kwargs):
+                raise HTTPError(403, "{kind} {name} is not allowed.".format(**user_model))
+            self.redirect = raise_on_redirect
+            return
        except Exception:
            self._hub_auth_user_cache = None
            raise