Merge pull request #4683 from minrk/check-allow-later

don't run check_allowed until after check_blocked_users resolves
2025-10-17 15:03:02 +00:00 · 2024-01-26 12:38:34 +01:00
parent 041acbc0bf 000b42bdcf
commit 9fa196092f
1 changed files with 3 additions and 4 deletions
--- a/jupyterhub/auth.py
+++ b/jupyterhub/auth.py
@@ -535,14 +535,13 @@ class Authenticator(LoggingConfigurable):
        blocked_pass = await maybe_future(
            self.check_blocked_users(username, authenticated)
        )
-        allowed_pass = await maybe_future(self.check_allowed(username, authenticated))

-        if blocked_pass:
-            pass
-        else:
+        if not blocked_pass:
            self.log.warning("User %r blocked. Stop authentication", username)
            return

+        allowed_pass = await maybe_future(self.check_allowed(username, authenticated))
+
        if allowed_pass:
            if authenticated['admin'] is None:
                authenticated['admin'] = await maybe_future(