From 000b42bdcf9195cbfa91036a1794ff70633cd2dc Mon Sep 17 00:00:00 2001
From: Min RK <benjaminrk@gmail.com>
Date: Fri, 26 Jan 2024 11:24:42 +0100
Subject: [PATCH] don't run check_allowed until after block resolves

avoids computing an unused value if blocked_pass is going to halt authorization anyway

no change in behavior
---
 jupyterhub/auth.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/jupyterhub/auth.py b/jupyterhub/auth.py
index aa5430d3..35dd9c6c 100644
--- a/jupyterhub/auth.py
+++ b/jupyterhub/auth.py
@@ -535,14 +535,13 @@ class Authenticator(LoggingConfigurable):
         blocked_pass = await maybe_future(
             self.check_blocked_users(username, authenticated)
         )
-        allowed_pass = await maybe_future(self.check_allowed(username, authenticated))
 
-        if blocked_pass:
-            pass
-        else:
+        if not blocked_pass:
             self.log.warning("User %r blocked. Stop authentication", username)
             return
 
+        allowed_pass = await maybe_future(self.check_allowed(username, authenticated))
+
         if allowed_pass:
             if authenticated['admin'] is None:
                 authenticated['admin'] = await maybe_future(