From 09edf38a354d9c062aa35ecd7d29c3f72ed13a26 Mon Sep 17 00:00:00 2001 From: Min RK Date: Fri, 3 May 2019 16:16:19 +0200 Subject: [PATCH 001/541] back to dev --- jupyterhub/_version.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jupyterhub/_version.py b/jupyterhub/_version.py index 240bab39..6ca01de4 100644 --- a/jupyterhub/_version.py +++ b/jupyterhub/_version.py @@ -5,9 +5,9 @@ version_info = ( 1, 0, - 0, + 1, # "b2", # release (b1, rc1, or "" for final or dev) - # "dev", # dev or nothing + "dev", # dev or nothing ) # pep 440 version: no dot before beta/rc, but before .dev From bfbf2c05211d75c8f2287cf53d66dfb6383ee7ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9my=20L=C3=A9one?= Date: Fri, 3 May 2019 16:41:43 +0200 Subject: [PATCH 002/541] Dict rewritten as literal --- jupyterhub/tests/mocking.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/jupyterhub/tests/mocking.py b/jupyterhub/tests/mocking.py index 9e2a928d..5ac2406d 100644 --- a/jupyterhub/tests/mocking.py +++ b/jupyterhub/tests/mocking.py @@ -166,8 +166,7 @@ class FormSpawner(MockSpawner): options_form = "IMAFORM" def options_from_form(self, form_data): - options = {} - options['notspecified'] = 5 + options = {'notspecified': 5} if 'bounds' in form_data: options['bounds'] = [int(i) for i in form_data['bounds']] if 'energy' in form_data: @@ -379,9 +378,9 @@ class MockHub(JupyterHub): class MockSingleUserServer(SingleUserNotebookApp): """Mock-out problematic parts of single-user server when run in a thread - + Currently: - + - disable signal handler """ From 83af28c137a0e1d9d46957074a3167572da33bb7 Mon Sep 17 00:00:00 2001 From: viditagarwal Date: Mon, 6 May 2019 16:49:41 +0530 Subject: [PATCH 003/541] Adding the use case of the Elucidata: How Jupyter Notebook is used inside the Elucidata with Jupyterhub --- docs/source/gallery-jhub-deployments.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/source/gallery-jhub-deployments.md b/docs/source/gallery-jhub-deployments.md index ef4e7967..84f03e97 100644 --- a/docs/source/gallery-jhub-deployments.md +++ b/docs/source/gallery-jhub-deployments.md @@ -142,7 +142,10 @@ easy to do with RStudio too. - Kristen Thyng - Oceanography - [Teaching with JupyterHub and nbgrader](http://kristenthyng.com/blog/2016/09/07/jupyterhub+nbgrader/) - +### Elucidata + - What's new in Jupyter Notebooks @[Elucidata](https://elucidata.io/): + - Using Jupyter Notebooks with Jupyterhub on GCP, managed by GKE + - https://medium.com/elucidata/why-you-should-be-using-a-jupyter-notebook-8385a4ccd93d ## Service Providers From 9e7b0c0bfd419faf93b1d9ac96e4d4e591fef41e Mon Sep 17 00:00:00 2001 From: NikeNano Date: Fri, 10 May 2019 09:52:17 +0200 Subject: [PATCH 004/541] update to simplyfi the language related to spawner options --- share/jupyterhub/templates/spawn.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/share/jupyterhub/templates/spawn.html b/share/jupyterhub/templates/spawn.html index 97511990..f1330b1f 100644 --- a/share/jupyterhub/templates/spawn.html +++ b/share/jupyterhub/templates/spawn.html @@ -8,7 +8,7 @@
{% block heading %}
-

Spawner Options

+

Server Options

{% endblock %}
@@ -23,7 +23,7 @@
{{spawner_options_form | safe}}
- +
From aaad55e0762cd268cb6aa075e53d489bc87593a3 Mon Sep 17 00:00:00 2001 From: Alejandro Del Castillo Date: Fri, 10 May 2019 16:17:29 -0500 Subject: [PATCH 005/541] Jupyterhub: use previous exit strategy for Windows Windows doesn't have support for signal handling so it can't use the signal handling capabilities of asyncio. Use the previous atexit strategy on the Windows case instead. Signed-off-by: Alejandro Del Castillo --- jupyterhub/app.py | 46 ++++++++++++++++++++++++++++++++++++---------- 1 file changed, 36 insertions(+), 10 deletions(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 815097a8..a0c65fb0 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -2420,22 +2420,30 @@ class JupyterHub(Application): pc.start() self.log.info("JupyterHub is now running at %s", self.proxy.public_url) + # Use atexit for Windows, it doesn't have signal handling support + if _mswindows: + atexit.register(self.atexit) # register cleanup on both TERM and INT self.init_signal() def init_signal(self): loop = asyncio.get_event_loop() for s in (signal.SIGTERM, signal.SIGINT): - loop.add_signal_handler( - s, lambda s=s: asyncio.ensure_future(self.shutdown_cancel_tasks(s)) - ) - infosignals = [signal.SIGUSR1] - if hasattr(signal, 'SIGINFO'): - infosignals.append(signal.SIGINFO) - for s in infosignals: - loop.add_signal_handler( - s, lambda s=s: asyncio.ensure_future(self.log_status(s)) - ) + if not _mswindows: + loop.add_signal_handler( + s, lambda s=s: asyncio.ensure_future(self.shutdown_cancel_tasks(s)) + ) + else: + signal.signal(s, self.win_shutdown_cancel_tasks) + + if not _mswindows: + infosignals = [signal.SIGUSR1] + if hasattr(signal, 'SIGINFO'): + infosignals.append(signal.SIGINFO) + for s in infosignals: + loop.add_signal_handler( + s, lambda s=s: asyncio.ensure_future(self.log_status(s)) + ) async def log_status(self, sig): """Log current status, triggered by SIGINFO (^T in many terminals)""" @@ -2443,6 +2451,24 @@ class JupyterHub(Application): print_ps_info() print_stacks() + def win_shutdown_cancel_tasks(self, signum, frame): + self.log.critical("Received signalnum %s, , initiating shutdown...", signum) + raise SystemExit(128 + signum) + + _atexit_ran = False + + def atexit(self): + """atexit callback""" + if self._atexit_ran: + return + self._atexit_ran = True + # run the cleanup step (in a new loop, because the interrupted one is unclean) + asyncio.set_event_loop(asyncio.new_event_loop()) + IOLoop.clear_current() + loop = IOLoop() + loop.make_current() + loop.run_sync(self.cleanup) + async def shutdown_cancel_tasks(self, sig): """Cancel all other tasks of the event loop and initiate cleanup""" self.log.critical("Received signal %s, initiating shutdown...", sig.name) From c83777ccdc12e8e71be6c3dd1dd60a06d11c08db Mon Sep 17 00:00:00 2001 From: Julien Chastang Date: Tue, 14 May 2019 16:54:08 -0600 Subject: [PATCH 006/541] typo --- docs/source/reference/templates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/reference/templates.md b/docs/source/reference/templates.md index 61784403..d820c099 100644 --- a/docs/source/reference/templates.md +++ b/docs/source/reference/templates.md @@ -70,7 +70,7 @@ To add announcements to be displayed on a page, you have two options: ### Announcement Configuration Variables If you set the configuration variable `JupyterHub.template_vars = -{'announcement': 'some_text}`, the given `some_text` will be placed on +{'announcement': 'some_text'}`, the given `some_text` will be placed on the top of all pages. The more specific variables `announcement_login`, `announcement_spawn`, `announcement_home`, and `announcement_logout` are more specific and only show on their From 9e35ba5bef7175ee475e398199e921aff001e1a7 Mon Sep 17 00:00:00 2001 From: Iblis Lin Date: Wed, 15 May 2019 11:29:35 +0800 Subject: [PATCH 007/541] Update link of `changelog` --- docs/source/admin/upgrading.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/admin/upgrading.rst b/docs/source/admin/upgrading.rst index 18404955..874aae97 100644 --- a/docs/source/admin/upgrading.rst +++ b/docs/source/admin/upgrading.rst @@ -18,7 +18,7 @@ JupyterHub is painless, quick and with minimal user interruption. Read the Changelog ================== -The `changelog `_ contains information on what has +The `changelog <../changelog.html>`_ contains information on what has changed with the new JupyterHub release, and any deprecation warnings. Read these notes to familiarize yourself with the coming changes. There might be new releases of authenticators & spawners you are using, so From da460064ae303b0fe17b1cd32fe276761db9bbc8 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 16 May 2019 18:31:10 +0200 Subject: [PATCH 008/541] Make announcements visible without custom HTML Fixes https://github.com/jupyterhub/jupyterhub/issues/2566 to some degree by making the announcement stand out using twitter-bootstrap classes `alert` and `alert-warning`. Perhaps we could theme twitter bootstrap or this alert specifically with jupyter related colors as well though? --- share/jupyterhub/templates/page.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/share/jupyterhub/templates/page.html b/share/jupyterhub/templates/page.html index 5677eb93..70c733e5 100644 --- a/share/jupyterhub/templates/page.html +++ b/share/jupyterhub/templates/page.html @@ -148,7 +148,7 @@ {% block announcement %} {% if announcement %} -
+
{{ announcement | safe }}
{% endif %} From 38cf95523f2ec7ce553136b630c915b0395cbca2 Mon Sep 17 00:00:00 2001 From: Aaron Huang Date: Tue, 21 May 2019 17:12:01 +0800 Subject: [PATCH 009/541] Update script --- share/jupyterhub/static/js/home.js | 1 + 1 file changed, 1 insertion(+) diff --git a/share/jupyterhub/static/js/home.js b/share/jupyterhub/static/js/home.js index 616170a9..e81b6690 100644 --- a/share/jupyterhub/static/js/home.js +++ b/share/jupyterhub/static/js/home.js @@ -90,6 +90,7 @@ require(["jquery", "moment", "jhapi", "utils"], function( }); api.stop_server(user, { success: function() { + $("#stop").hide(); $("#start") .text("Start My Server") .attr("title", "Start your default server") From b624116be79168f37af728195af663498f3c55c0 Mon Sep 17 00:00:00 2001 From: Min RK Date: Fri, 24 May 2019 13:29:34 +0200 Subject: [PATCH 010/541] re-raise exceptions in launch_instance_async avoids asyncio tracebacks in e.g. `jupyterhub --version` --- jupyterhub/app.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 815097a8..63537af7 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -2487,12 +2487,15 @@ class JupyterHub(Application): self = cls.instance() AsyncIOMainLoop().install() loop = IOLoop.current() - loop.add_callback(self.launch_instance_async, argv) + task = asyncio.ensure_future(self.launch_instance_async(argv)) try: loop.start() except KeyboardInterrupt: print("\nInterrupted") finally: + if task.done(): + # re-raise exceptions in launch_instance_async + task.result() loop.stop() loop.close() From e9c78422b57e47b682d31c4faae6083d53ccaeac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix-Antoine=20Fortin?= Date: Mon, 27 May 2019 14:08:04 -0400 Subject: [PATCH 011/541] Define default values for HubAuth ssl traitlets The default values are taken from environment variables defined by Spawner.get_env. --- jupyterhub/services/auth.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/jupyterhub/services/auth.py b/jupyterhub/services/auth.py index c6d8b83c..9c9028a6 100644 --- a/jupyterhub/services/auth.py +++ b/jupyterhub/services/auth.py @@ -216,7 +216,7 @@ class HubAuth(SingletonConfigurable): return self.hub_host + url_path_join(self.hub_prefix, 'login') keyfile = Unicode( - '', + os.getenv('JUPYTERHUB_SSL_KEYFILE', ''), help="""The ssl key to use for requests Use with certfile @@ -224,7 +224,7 @@ class HubAuth(SingletonConfigurable): ).tag(config=True) certfile = Unicode( - '', + os.getenv('JUPYTERHUB_SSL_CERTFILE', ''), help="""The ssl cert to use for requests Use with keyfile @@ -232,7 +232,7 @@ class HubAuth(SingletonConfigurable): ).tag(config=True) client_ca = Unicode( - '', + os.getenv('JUPYTERHUB_SSL_CLIENT_CA', ''), help="""The ssl certificate authority to use to verify requests Use with keyfile and certfile From 30cfdcaa83886c3a9cc775d2632ca98867652c0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6ren=20Brunk?= Date: Tue, 28 May 2019 18:04:17 +0200 Subject: [PATCH 012/541] Change API description to a valid OpenAPI spec * Add missing responses (doesn't include all possible responses yet) * Refactor invalid multi in body parameters into a single parameter * Change form type into valid formData * Fix use of required fields * Apply a few other minor fixes --- docs/rest-api.yml | 184 +++++++++++++++++++++++++++++----------------- 1 file changed, 117 insertions(+), 67 deletions(-) diff --git a/docs/rest-api.yml b/docs/rest-api.yml index 573e886b..0835686e 100644 --- a/docs/rest-api.yml +++ b/docs/rest-api.yml @@ -1,4 +1,4 @@ -# see me at: http://petstore.swagger.io/?url=https://raw.githubusercontent.com/jupyter/jupyterhub/master/docs/rest-api.yml#/default +# see me at: http://petstore.swagger.io/?url=https://raw.githubusercontent.com/jupyterhub/jupyterhub/master/docs/rest-api.yml#/default swagger: '2.0' info: title: JupyterHub @@ -7,7 +7,7 @@ info: license: name: BSD-3-Clause schemes: - - [http, https] + [http, https] securityDefinitions: token: type: apiKey @@ -190,7 +190,7 @@ paths: in: path required: true type: string - - body: + - name: body in: body schema: type: object @@ -202,34 +202,37 @@ paths: Timestamp of last-seen activity for this user. Only needed if this is not activity associated with using a given server. - required: false servers: description: | Register activity for specific servers by name. The keys of this dict are the names of servers. The default server has an empty name (''). - required: false type: object properties: '': description: | Activity for a single server. type: object + required: + - last_activity properties: last_activity: - required: true type: string format: date-time description: | Timestamp of last-seen activity on this server. - example: - last_activity: '2019-02-06T12:54:14Z' - servers: - '': - last_activity: '2019-02-06T12:54:14Z' - gpu: - last_activity: '2019-02-06T12:54:14Z' - + example: + last_activity: '2019-02-06T12:54:14Z' + servers: + '': + last_activity: '2019-02-06T12:54:14Z' + gpu: + last_activity: '2019-02-06T12:54:14Z' + responses: + '401': + $ref: '#/responses/Unauthorized' + '404': + description: No such user /users/{name}/server: post: summary: Start a user's single-user notebook server @@ -239,7 +242,7 @@ paths: in: path required: true type: string - - options: + - name: options description: | Spawn options can be passed as a JSON body when spawning via the API instead of spawn form. @@ -247,7 +250,8 @@ paths: will depend on the Spawner's configuration. in: body required: false - type: object + schema: + type: object responses: '201': description: The user's notebook server has started @@ -280,7 +284,7 @@ paths: in: path required: true type: string - - options: + - name: options description: | Spawn options can be passed as a JSON body when spawning via the API instead of spawn form. @@ -288,7 +292,8 @@ paths: will depend on the Spawner's configuration. in: body required: false - type: object + schema: + type: object responses: '201': description: The user's notebook named-server has started @@ -313,13 +318,20 @@ paths: Removing a server deletes things like the state of the stopped server. in: body required: false - type: boolean + schema: + type: boolean responses: '204': description: The user's notebook named-server has stopped '202': description: The user's notebook named-server has not yet stopped as it is taking a while to stop /users/{name}/tokens: + parameters: + - name: name + description: username + in: path + required: true + type: string get: summary: List tokens for the user responses: @@ -329,25 +341,43 @@ paths: type: array items: $ref: '#/definitions/Token' + '401': + $ref: '#/responses/Unauthorized' + '404': + description: No such user post: summary: Create a new token for the user parameters: - - name: expires_in - type: number - required: false + - name: token_params in: body - description: lifetime (in seconds) after which the requested token will expire. - - name: note - type: string required: false - in: body - description: A note attached to the token for future bookkeeping + schema: + type: object + properties: + expires_in: + type: number + description: lifetime (in seconds) after which the requested token will expire. + note: + type: string + description: A note attached to the token for future bookkeeping responses: '201': description: The newly created token schema: $ref: '#/definitions/Token' + '400': + description: Body must be a JSON dict or empty /users/{name}/tokens/{token_id}: + parameters: + - name: name + description: username + in: path + required: true + type: string + - name: token_id + in: path + required: true + type: string get: summary: Get the model for a token by id responses: @@ -361,12 +391,13 @@ paths: '204': description: The token has been deleted /user: - summary: Return authenticated user's model - description: - parameters: - responses: - '200': - description: The authenticated user's model is returned. + get: + summary: Return authenticated user's model + responses: + '200': + description: The authenticated user's model is returned. + schema: + $ref: '#/definitions/User' /groups: get: summary: List groups @@ -539,14 +570,15 @@ paths: Logging in via this method is only available when the active Authenticator accepts passwords (e.g. not OAuth). parameters: - - name: username + - name: credentials in: body - required: false - type: string - - name: password - in: body - required: false - type: string + schema: + type: object + properties: + username: + type: string + password: + type: string responses: '200': description: The new API token @@ -562,10 +594,10 @@ paths: get: summary: Identify a user or service from an API token parameters: - - name: token - in: path - required: true - type: string + - name: token + in: path + required: true + type: string responses: '200': description: The user or service identified by the API token @@ -576,14 +608,14 @@ paths: summary: Identify a user from a cookie description: Used by single-user notebook servers to hand off cookie authentication to the Hub parameters: - - name: cookie_name - in: path - required: true - type: string - - name: cookie_value - in: path - required: true - type: string + - name: cookie_name + in: path + required: true + type: string + - name: cookie_value + in: path + required: true + type: string responses: '200': description: The user identified by the cookie @@ -618,6 +650,11 @@ paths: in: query required: true type: string + responses: + '200': + description: Success + '400': + description: OAuth2Error /oauth2/token: post: summary: Request an OAuth2 token @@ -629,27 +666,27 @@ paths: parameters: - name: client_id description: The client id - in: form + in: formData required: true type: string - name: client_secret description: The client secret - in: form + in: formData required: true type: string - name: grant_type description: The grant type (always 'authorization_code') - in: form + in: formData required: true type: string - name: code description: The code provided by the authorization redirect - in: form + in: formData required: true type: string - name: redirect_uri description: The redirect url - in: form + in: formData required: true type: string responses: @@ -668,14 +705,28 @@ paths: post: summary: Shutdown the Hub parameters: - - name: proxy + - name: body in: body - type: boolean - description: Whether the proxy should be shutdown as well (default from Hub config) - - name: servers - in: body - type: boolean - description: Whether users' notebook servers should be shutdown as well (default from Hub config) + schema: + type: object + properties: + proxy: + type: boolean + description: Whether the proxy should be shutdown as well (default from Hub config) + servers: + type: boolean + description: Whether users' notebook servers should be shutdown as well (default from Hub config) + responses: + '202': + description: Shutdown successful + '400': + description: Unexpeced value for proxy or servers +# Descriptions of common responses +responses: + NotFound: + description: The specified resource was not found + Unauthorized: + description: Authentication/Authorization error definitions: User: type: object @@ -703,11 +754,10 @@ definitions: format: date-time description: Timestamp of last-seen activity from the user servers: - type: object + type: array description: The active servers for this user. items: - schema: - $ref: '#/definitions/Server' + $ref: '#/definitions/Server' Server: type: object properties: From 19da170435e487aefa14cde4c2e17b5d8d53a99b Mon Sep 17 00:00:00 2001 From: Will Starms Date: Fri, 31 May 2019 17:49:24 -0500 Subject: [PATCH 013/541] Correct empty string redirect to default --- share/jupyterhub/static/js/home.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/share/jupyterhub/static/js/home.js b/share/jupyterhub/static/js/home.js index 616170a9..f4013ab2 100644 --- a/share/jupyterhub/static/js/home.js +++ b/share/jupyterhub/static/js/home.js @@ -102,6 +102,10 @@ require(["jquery", "moment", "jhapi", "utils"], function( $(".new-server-btn").click(function() { var row = getRow($(this)); var serverName = row.find(".new-server-name").val(); + if (serverName === "") { + // ../spawn/user/ causes a 404, ../spawn/user redirects correctly to the default server + window.location.href = "../spawn/" + user; + } window.location.href = "../spawn/" + user + "/" + serverName; }); From 5eb7a14a3398f57e98d68aad390c14a0cf5fb1e4 Mon Sep 17 00:00:00 2001 From: yuvipanda Date: Tue, 4 Jun 2019 13:30:28 +0200 Subject: [PATCH 014/541] [WIP] Add support for Jupyter Server --- .travis.yml | 7 +++++++ jupyterhub/singleuser.py | 27 ++++++++++++++++++--------- jupyterhub/spawner.py | 2 +- 3 files changed, 26 insertions(+), 10 deletions(-) diff --git a/.travis.yml b/.travis.yml index 788bfa4f..3980dd87 100644 --- a/.travis.yml +++ b/.travis.yml @@ -61,6 +61,13 @@ script: make html popd fi + - | + if [[ "$TEST" == "jupyter_server" ]]; then + pip uninstall notebook + pip install jupyter_server + export USE_JUPYTER_SERVER=True + pytest -v --maxfail=2 --cov=jupyterhub jupyterhub/tests + fi after_success: - codecov after_failure: diff --git a/jupyterhub/singleuser.py b/jupyterhub/singleuser.py index 6fa4f350..0ab557a5 100755 --- a/jupyterhub/singleuser.py +++ b/jupyterhub/singleuser.py @@ -6,6 +6,7 @@ import asyncio import json import os import random +import importlib from datetime import datetime from datetime import timezone from textwrap import dedent @@ -20,10 +21,13 @@ from tornado.httpclient import HTTPRequest from tornado.web import HTTPError from tornado.web import RequestHandler +use_serverapp = os.environ.get('USE_JUPYTER_SERVER', 'False') == 'True' + +required_package = 'jupyter_server' if use_serverapp else 'notebook' try: - import notebook + parent_module = importlib.import_module(required_package) except ImportError: - raise ImportError("JupyterHub single-user server requires notebook >= 4.0") + raise ImportError("JupyterHub single-user server requires {}".format(required_package)) from traitlets import ( Any, @@ -38,14 +42,19 @@ from traitlets import ( TraitError, ) -from notebook.notebookapp import ( - NotebookApp, - aliases as notebook_aliases, - flags as notebook_flags, +app_name = 'jupyter_server.serverapp' if use_serverapp else 'notebook.notebookapp' +app_module = importlib.import_module(app_name) + +NotebookApp = getattr(app_module, 'ServerApp' if use_serverapp else 'NotebookApp') +notebook_aliases = app_module.aliases +notebook_flags = app_module.flags + +LoginHandler = getattr(importlib.import_module(required_package + '.auth.login'), 'LoginHandler') +LogoutHandler = getattr(importlib.import_module(required_package + '.auth.logout'), 'LogoutHandler') +IPythonHandler = getattr( + importlib.import_module(required_package + '.base.handlers'), + 'JupyterHandler' if use_serverapp else 'IPythonHandler' ) -from notebook.auth.login import LoginHandler -from notebook.auth.logout import LogoutHandler -from notebook.base.handlers import IPythonHandler from ._version import __version__, _check_version from .log import log_request diff --git a/jupyterhub/spawner.py b/jupyterhub/spawner.py index af84c122..348eb8d5 100644 --- a/jupyterhub/spawner.py +++ b/jupyterhub/spawner.py @@ -931,7 +931,7 @@ class Spawner(LoggingConfigurable): args.append('--notebook-dir=%s' % _quote_safe(notebook_dir)) if self.default_url: default_url = self.format_string(self.default_url) - args.append('--NotebookApp.default_url=%s' % _quote_safe(default_url)) + args.append('--SingleUserNotebookApp.default_url=%s' % _quote_safe(default_url)) if self.debug: args.append('--debug') From cab1bca6fbe7c5b87e38072499c41f26619c9f52 Mon Sep 17 00:00:00 2001 From: yuvipanda Date: Tue, 4 Jun 2019 13:42:52 +0200 Subject: [PATCH 015/541] Use jupyter_server if notebook package isn't available --- jupyterhub/singleuser.py | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/jupyterhub/singleuser.py b/jupyterhub/singleuser.py index 0ab557a5..deff5b01 100755 --- a/jupyterhub/singleuser.py +++ b/jupyterhub/singleuser.py @@ -21,13 +21,19 @@ from tornado.httpclient import HTTPRequest from tornado.web import HTTPError from tornado.web import RequestHandler -use_serverapp = os.environ.get('USE_JUPYTER_SERVER', 'False') == 'True' - -required_package = 'jupyter_server' if use_serverapp else 'notebook' try: - parent_module = importlib.import_module(required_package) + import notebook + use_serverapp = False + server_package = 'notebook' + app_name = 'notebook.notebookapp' except ImportError: - raise ImportError("JupyterHub single-user server requires {}".format(required_package)) + try: + import jupyter_server + use_serverapp = True + server_package = 'jupyter_server' + app_name = 'jupyter_server.serverapp' + except ImportError: + raise ImportError("JupyterHub single-user server requires notebook or jupyter_server packages") from traitlets import ( Any, @@ -42,17 +48,15 @@ from traitlets import ( TraitError, ) -app_name = 'jupyter_server.serverapp' if use_serverapp else 'notebook.notebookapp' app_module = importlib.import_module(app_name) - NotebookApp = getattr(app_module, 'ServerApp' if use_serverapp else 'NotebookApp') notebook_aliases = app_module.aliases notebook_flags = app_module.flags -LoginHandler = getattr(importlib.import_module(required_package + '.auth.login'), 'LoginHandler') -LogoutHandler = getattr(importlib.import_module(required_package + '.auth.logout'), 'LogoutHandler') +LoginHandler = getattr(importlib.import_module(server_package + '.auth.login'), 'LoginHandler') +LogoutHandler = getattr(importlib.import_module(server_package + '.auth.logout'), 'LogoutHandler') IPythonHandler = getattr( - importlib.import_module(required_package + '.base.handlers'), + importlib.import_module(server_package + '.base.handlers'), 'JupyterHandler' if use_serverapp else 'IPythonHandler' ) From f830b2a41798b1936639f5b98ce5434dc4c7a135 Mon Sep 17 00:00:00 2001 From: yuvipanda Date: Tue, 4 Jun 2019 13:45:57 +0200 Subject: [PATCH 016/541] Try to test notebook package is still uninstalled --- .travis.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 3980dd87..c2d83296 100644 --- a/.travis.yml +++ b/.travis.yml @@ -65,8 +65,10 @@ script: if [[ "$TEST" == "jupyter_server" ]]; then pip uninstall notebook pip install jupyter_server - export USE_JUPYTER_SERVER=True pytest -v --maxfail=2 --cov=jupyterhub jupyterhub/tests + # Make sure that the notebook package is still not installed + pip list | grep notebook + test $? -eq 1 fi after_success: - codecov From 399def182b639171d1fbf526fb0af43ab47fdff2 Mon Sep 17 00:00:00 2001 From: yuvipanda Date: Tue, 4 Jun 2019 13:57:26 +0200 Subject: [PATCH 017/541] Actually run jupyter_server test on Travis --- .travis.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.travis.yml b/.travis.yml index c2d83296..d279947d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -90,6 +90,8 @@ matrix: include: - python: 3.6 env: TEST=lint + - python: 3.6 + env: TEST=jupyter_server - python: 3.6 env: TEST=docs - python: 3.6 From 8f7e25f9a1897d1db1370338380df89b27e06c09 Mon Sep 17 00:00:00 2001 From: yuvipanda Date: Tue, 4 Jun 2019 14:24:30 +0200 Subject: [PATCH 018/541] Don't make pip uninstall wait for human input --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index d279947d..02c0645c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -63,7 +63,7 @@ script: fi - | if [[ "$TEST" == "jupyter_server" ]]; then - pip uninstall notebook + pip uninstall notebook --yes pip install jupyter_server pytest -v --maxfail=2 --cov=jupyterhub jupyterhub/tests # Make sure that the notebook package is still not installed From e9bc25cce0616b6cf1d14c4aab61b87b13617711 Mon Sep 17 00:00:00 2001 From: yuvipanda Date: Tue, 4 Jun 2019 14:42:49 +0200 Subject: [PATCH 019/541] Run all tests for jupyter_server regardless of failure --- .travis.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 02c0645c..19f05529 100644 --- a/.travis.yml +++ b/.travis.yml @@ -65,7 +65,8 @@ script: if [[ "$TEST" == "jupyter_server" ]]; then pip uninstall notebook --yes pip install jupyter_server - pytest -v --maxfail=2 --cov=jupyterhub jupyterhub/tests + # Run all tests regardless of failure, so we know what's up + pytest -v --cov=jupyterhub jupyterhub/tests # Make sure that the notebook package is still not installed pip list | grep notebook test $? -eq 1 From 1cea503292e343d5373c5d8763b1fa4d80a784bb Mon Sep 17 00:00:00 2001 From: Min RK Date: Fri, 7 Jun 2019 11:44:57 +0200 Subject: [PATCH 020/541] add activity_resolution config limits last_activity update interval to 30 seconds by default to avoid a db commit on every authenticated request --- jupyterhub/app.py | 13 +++++++++++ jupyterhub/handlers/base.py | 45 +++++++++++++++++++++++++++++++------ 2 files changed, 51 insertions(+), 7 deletions(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 63537af7..ff8ead30 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -325,6 +325,18 @@ class JupyterHub(Application): redirect_to_server = Bool( True, help="Redirect user to server (if running), instead of control panel." ).tag(config=True) + activity_resolution = Integer( + 30, + help=""" + Resolution (in seconds) for updating activity + + If activity is registered that is less than activity_resolution seconds + more recent than the current value, + the new value will be ignored. + + This avoids too many writes to the Hub database. + """, + ).tag(config=True) last_activity_interval = Integer( 300, help="Interval (in seconds) at which to update last-activity timestamps." ).tag(config=True) @@ -2011,6 +2023,7 @@ class JupyterHub(Application): db=self.db, proxy=self.proxy, hub=self.hub, + activity_resolution=self.activity_resolution, admin_users=self.authenticator.admin_users, admin_access=self.admin_access, authenticator=self.authenticator, diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index 83449750..35501a09 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -248,10 +248,40 @@ class BaseHandler(RequestHandler): orm_token = orm.OAuthAccessToken.find(self.db, token) if orm_token is None: return None - orm_token.last_activity = orm_token.user.last_activity = datetime.utcnow() - self.db.commit() + + now = datetime.utcnow() + recorded = self._record_activity(orm_token, now) + if self._record_activity(orm_token.user, now) or recorded: + self.db.commit() return self._user_from_orm(orm_token.user) + def _record_activity(self, obj, timestamp=None): + """record activity on an ORM object + + If last_activity was more recent than self.activity_resolution seconds ago, + do nothing to avoid unnecessarily frequent database commits. + + Args: + obj: an ORM object with a last_activity attribute + timestamp (datetime, optional): the timestamp of activity to register. + Returns: + recorded (bool): True if activity was recorded, False if not. + """ + if timestamp is None: + timestamp = datetime.utcnow() + resolution = self.settings.get("activity_resolution", 0) + if not obj.last_activity or resolution == 0: + self.log.debug("Recording first activity for %s", obj) + obj.last_activity = timestamp + return True + if (timestamp - obj.last_activity).total_seconds() > resolution: + # this debug line will happen just too often + # uncomment to debug last_activity updates + # self.log.debug("Recording activity for %s", obj) + obj.last_activity = timestamp + return True + return False + async def refresh_auth(self, user, force=False): """Refresh user authentication info @@ -322,14 +352,15 @@ class BaseHandler(RequestHandler): # record token activity now = datetime.utcnow() - orm_token.last_activity = now + recorded = self._record_activity(orm_token, now) if orm_token.user: # FIXME: scopes should give us better control than this # don't consider API requests originating from a server # to be activity from the user if not orm_token.note.startswith("Server at "): - orm_token.user.last_activity = now - self.db.commit() + recorded = self._record_activity(orm_token.user, now) or recorded + if recorded: + self.db.commit() if orm_token.service: return orm_token.service @@ -359,8 +390,8 @@ class BaseHandler(RequestHandler): clear() return # update user activity - user.last_activity = datetime.utcnow() - self.db.commit() + if self._record_activity(user): + self.db.commit() return user def _user_from_orm(self, orm_user): From 5e5a976ea6a97a4a38ec14e84ace17027964e4a2 Mon Sep 17 00:00:00 2001 From: "Bruno P. Kinoshita" Date: Wed, 12 Jun 2019 15:27:23 +1200 Subject: [PATCH 021/541] Replace existing redirect code by Tornado's addslash decorator --- jupyterhub/handlers/base.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index 83449750..8eff2714 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -26,6 +26,7 @@ from tornado.httputil import HTTPHeaders from tornado.httputil import url_concat from tornado.ioloop import IOLoop from tornado.log import app_log +from tornado.web import addslash from tornado.web import MissingArgumentError from tornado.web import RequestHandler @@ -1450,10 +1451,9 @@ class CSPReportHandler(BaseHandler): class AddSlashHandler(BaseHandler): """Handler for adding trailing slash to URLs that need them""" - def get(self, *args): - src = urlparse(self.request.uri) - dest = src._replace(path=src.path + '/') - self.redirect(urlunparse(dest)) + @addslash + def get(self): + pass default_handlers = [ From a6b7e303df03865d6420f6bccdf627b39f1d0dc1 Mon Sep 17 00:00:00 2001 From: Richard Darst Date: Sun, 16 Jun 2019 20:00:35 +0300 Subject: [PATCH 022/541] cull-idle: Include a hint on how to add custom culling logic - cull_idle_servers.py gets the full server state, so is capable of doing any kind of arbitrary logic on the profile in order to be more flexible in culling. - This patch does not change anything, but gives an embedded (commented out) example of how you can easily add custom logic to the script. - This was added as a tempate/demo for #2598. --- examples/cull-idle/cull_idle_servers.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/examples/cull-idle/cull_idle_servers.py b/examples/cull-idle/cull_idle_servers.py index 5740063c..8b2b3c2a 100755 --- a/examples/cull-idle/cull_idle_servers.py +++ b/examples/cull-idle/cull_idle_servers.py @@ -120,6 +120,8 @@ def cull_idle( def handle_server(user, server_name, server): """Handle (maybe) culling a single server + "server" is the entire server model from the API. + Returns True if server is now stopped (user removable), False otherwise. """ @@ -162,6 +164,20 @@ def cull_idle( # for running servers inactive = age + # CUSTOM CULLING TEST CODE HERE + # Add in additional server tests here. Return False to mean "don't + # cull", True means "cull immediately", or, for example, update some + # other variables like inactive_limit. + # + # Here, server['state'] is the result of the get_state method + # on the spawner. This does *not* contain the below by + # default, you may have to modify your spawner to make this + # work. The `user` variable is the user model from the API. + # + # if server['state']['profile_name'] == 'unlimited' + # return False + # inactive_limit = server['state']['culltime'] + should_cull = ( inactive is not None and inactive.total_seconds() >= inactive_limit ) From d5d315df08b980c26d07e0608c97f48e0a0aa48e Mon Sep 17 00:00:00 2001 From: Remi Rampin Date: Mon, 1 Jul 2019 20:40:02 -0400 Subject: [PATCH 023/541] Add missing words Copied from https://jupyterhub.readthedocs.io/en/latest/reference/services.html --- docs/source/getting-started/services-basics.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/source/getting-started/services-basics.md b/docs/source/getting-started/services-basics.md index 7e716a63..9014fb9b 100644 --- a/docs/source/getting-started/services-basics.md +++ b/docs/source/getting-started/services-basics.md @@ -3,9 +3,9 @@ When working with JupyterHub, a **Service** is defined as a process that interacts with the Hub's REST API. A Service may perform a specific or action or task. For example, shutting down individuals' single user -notebook servers that have been is a good example of a task that could -be automated by a Service. Let's look at how the [cull_idle_servers][] -script can be used as a Service. +notebook servers that have been idle for some time is a good example of +a task that could be automated by a Service. Let's look at how the +[cull_idle_servers][] script can be used as a Service. ## Real-world example to cull idle servers From 2f15d5128eb318900eca4f911faaa3ac2cff06d8 Mon Sep 17 00:00:00 2001 From: lumbric Date: Wed, 3 Jul 2019 12:05:41 +0200 Subject: [PATCH 024/541] Update doc: do not suggest depricated config key According to changelog JupyterHub.bind_url has been added in 0.9.0. --- docs/source/reference/config-proxy.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/source/reference/config-proxy.md b/docs/source/reference/config-proxy.md index 5decd697..564f2efc 100644 --- a/docs/source/reference/config-proxy.md +++ b/docs/source/reference/config-proxy.md @@ -17,10 +17,12 @@ satisfy the following: Let's start out with needed JupyterHub configuration in `jupyterhub_config.py`: ```python -# Force the proxy to only listen to connections to 127.0.0.1 -c.JupyterHub.ip = '127.0.0.1' +# Force the proxy to only listen to connections to 127.0.0.1 (on port 8000) +c.JupyterHub.bind_url = 'http://127.0.0.1:8000' ``` +(For Jupyterhub < 0.9 use `c.JupyterHub.ip = '127.0.0.1'`.) + For high-quality SSL configuration, we also generate Diffie-Helman parameters. This can take a few minutes: From de11909a04e8335d5b484b94e4c1569c4cd1c4f1 Mon Sep 17 00:00:00 2001 From: Jeremy Tuloup Date: Thu, 4 Jul 2019 11:56:34 +0200 Subject: [PATCH 025/541] Update config used for testing --- testing/jupyterhub_config.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/testing/jupyterhub_config.py b/testing/jupyterhub_config.py index 56aea917..bd70ed97 100644 --- a/testing/jupyterhub_config.py +++ b/testing/jupyterhub_config.py @@ -13,6 +13,6 @@ c.JupyterHub.authenticator_class = DummyAuthenticator # Optionally set a global password that all users must use # c.DummyAuthenticator.password = "your_password" -from jupyterhub.spawners import SimpleSpawner +from jupyterhub.spawner import SimpleLocalProcessSpawner -c.JupyterHub.spawner_class = SimpleSpawner +c.JupyterHub.spawner_class = SimpleLocalProcessSpawner From 97c27774b1c9dd7987eb080ba01c7855133f4330 Mon Sep 17 00:00:00 2001 From: GeorgianaElena Date: Thu, 4 Jul 2019 13:23:32 +0300 Subject: [PATCH 026/541] fixed running_servers count --- jupyterhub/handlers/base.py | 4 ++-- jupyterhub/metrics.py | 4 +--- jupyterhub/user.py | 2 ++ 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index c9eb5274..f9c8485b 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -759,6 +759,7 @@ class BaseHandler(RequestHandler): active_counts['spawn_pending'] + active_counts['proxy_pending'] ) active_count = active_counts['active'] + RUNNING_SERVERS.set(active_count) concurrent_spawn_limit = self.concurrent_spawn_limit active_server_limit = self.active_server_limit @@ -842,7 +843,6 @@ class BaseHandler(RequestHandler): "User %s took %.3f seconds to start", user_server_name, toc - tic ) self.statsd.timing('spawner.success', (toc - tic) * 1000) - RUNNING_SERVERS.inc() SERVER_SPAWN_DURATION_SECONDS.labels( status=ServerSpawnStatus.success ).observe(time.perf_counter() - spawn_start_time) @@ -854,6 +854,7 @@ class BaseHandler(RequestHandler): PROXY_ADD_DURATION_SECONDS.labels(status='success').observe( time.perf_counter() - proxy_add_start_time ) + RUNNING_SERVERS.inc() except Exception: self.log.exception("Failed to add %s to proxy!", user_server_name) self.log.error( @@ -1022,7 +1023,6 @@ class BaseHandler(RequestHandler): "User %s server took %.3f seconds to stop", user.name, toc - tic ) self.statsd.timing('spawner.stop', (toc - tic) * 1000) - RUNNING_SERVERS.dec() SERVER_STOP_DURATION_SECONDS.labels( status=ServerStopStatus.success ).observe(toc - tic) diff --git a/jupyterhub/metrics.py b/jupyterhub/metrics.py index 558167ff..27de7be6 100644 --- a/jupyterhub/metrics.py +++ b/jupyterhub/metrics.py @@ -39,9 +39,7 @@ RUNNING_SERVERS = Gauge( 'running_servers', 'the number of user servers currently running' ) -RUNNING_SERVERS.set(0) - -TOTAL_USERS = Gauge('total_users', 'toal number of users') +TOTAL_USERS = Gauge('total_users', 'total number of users') TOTAL_USERS.set(0) diff --git a/jupyterhub/user.py b/jupyterhub/user.py index 42dbcdf5..333175bb 100644 --- a/jupyterhub/user.py +++ b/jupyterhub/user.py @@ -21,6 +21,7 @@ from .crypto import decrypt from .crypto import encrypt from .crypto import EncryptionUnavailable from .crypto import InvalidToken +from .metrics import RUNNING_SERVERS from .metrics import TOTAL_USERS from .objects import Server from .spawner import LocalProcessSpawner @@ -753,6 +754,7 @@ class User: self.db.delete(oauth_client) self.db.commit() self.log.debug("Finished stopping %s", spawner._log_name) + RUNNING_SERVERS.dec() finally: spawner.orm_spawner.started = None self.db.commit() From 49a5f3a65415d0f06b93220c432f0625ef2d06c7 Mon Sep 17 00:00:00 2001 From: Dan Lester Date: Fri, 5 Jul 2019 10:53:47 +0100 Subject: [PATCH 027/541] Fixed docs and testing code to use refactored SimpleLocalProcessSpawner --- docs/source/contributing/setup.rst | 16 +++++++--------- testing/jupyterhub_config.py | 4 ++-- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/docs/source/contributing/setup.rst b/docs/source/contributing/setup.rst index 73ffada6..aa0f0595 100644 --- a/docs/source/contributing/setup.rst +++ b/docs/source/contributing/setup.rst @@ -112,13 +112,12 @@ happen. Happy developing! -Using DummyAuthenticator & SimpleSpawner -======================================== +Using DummyAuthenticator & SimpleLocalProcessSpawner +==================================================== To simplify testing of JupyterHub, it’s helpful to use :class:`~jupyterhub.auth.DummyAuthenticator` instead of the default JupyterHub -authenticator and `SimpleSpawner `_ -instead of the default spawner. +authenticator and SimpleLocalProcessSpawner instead of the default spawner. There is a sample configuration file that does this in ``testing/jupyterhub_config.py``. To launch jupyterhub with this @@ -126,7 +125,6 @@ configuration: .. code:: bash - pip install jupyterhub-simplespawner jupyterhub -f testing/jupyterhub_config.py The default JupyterHub `authenticator @@ -137,15 +135,15 @@ require your system to have user accounts for each user you want to log in to JupyterHub as. DummyAuthenticator allows you to log in with any username & password, -while SimpleSpawner allows you to start servers without having to +while SimpleLocalProcessSpawner allows you to start servers without having to create a unix user for each JupyterHub user. Together, these make it much easier to test JupyterHub. Tip: If you are working on parts of JupyterHub that are common to all authenticators & spawners, we recommend using both DummyAuthenticator & -SimpleSpawner. If you are working on just authenticator related parts, -use only SimpleSpawner. Similarly, if you are working on just spawner -related parts, use only DummyAuthenticator. +SimpleLocalProcessSpawner. If you are working on just authenticator related +parts, use only SimpleLocalProcessSpawner. Similarly, if you are working on +just spawner related parts, use only DummyAuthenticator. Troubleshooting =============== diff --git a/testing/jupyterhub_config.py b/testing/jupyterhub_config.py index 56aea917..bd70ed97 100644 --- a/testing/jupyterhub_config.py +++ b/testing/jupyterhub_config.py @@ -13,6 +13,6 @@ c.JupyterHub.authenticator_class = DummyAuthenticator # Optionally set a global password that all users must use # c.DummyAuthenticator.password = "your_password" -from jupyterhub.spawners import SimpleSpawner +from jupyterhub.spawner import SimpleLocalProcessSpawner -c.JupyterHub.spawner_class = SimpleSpawner +c.JupyterHub.spawner_class = SimpleLocalProcessSpawner From 55323ec2062a69bc92a1eff3b46155b1c0638fb0 Mon Sep 17 00:00:00 2001 From: Jake Bartolone Date: Fri, 5 Jul 2019 12:54:09 -0500 Subject: [PATCH 028/541] corrected docker network create instructions in dockerfiles README --- dockerfiles/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dockerfiles/README.md b/dockerfiles/README.md index 5799597a..b17546bd 100644 --- a/dockerfiles/README.md +++ b/dockerfiles/README.md @@ -12,7 +12,7 @@ Dockerfile.alpine contains base image for jupyterhub. It does not work independ * start configurable-http-proxy in another container * specify CONFIGPROXY_AUTH_TOKEN env in both containers -* put both containers on the same network (e.g. docker create network jupyterhub; docker run ... --net jupyterhub) +* put both containers on the same network (e.g. docker network create jupyterhub; docker run ... --net jupyterhub) * tell jupyterhub where CHP is (e.g. c.ConfigurableHTTPProxy.api_url = 'http://chp:8001') * tell jupyterhub not to start the proxy itself (c.ConfigurableHTTPProxy.should_start = False) * Use dummy authenticator for ease of testing. Update following in jupyterhub_config file From 19806899f24a8f1d1ba5b61d67bbdd353f6ce44d Mon Sep 17 00:00:00 2001 From: GeorgianaElena Date: Wed, 10 Jul 2019 11:16:34 +0300 Subject: [PATCH 029/541] Set running_servers at startup --- jupyterhub/app.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index be539e62..02735cf3 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -79,6 +79,7 @@ from .utils import ( print_ps_info, make_ssl_context, ) +from .metrics import RUNNING_SERVERS # classes for config from .auth import Authenticator, PAMAuthenticator @@ -1937,6 +1938,9 @@ class JupyterHub(Application): user_summaries = map(_user_summary, self.users.values()) self.log.debug("Loaded users:\n%s", '\n'.join(user_summaries)) + active_counts = self.users.count_active_users() + RUNNING_SERVERS.set(active_counts['active']) + def init_oauth(self): base_url = self.hub.base_url self.oauth_provider = make_provider( From 09cc8569b3b6224c7b3995fc4222d24f6c60789e Mon Sep 17 00:00:00 2001 From: GeorgianaElena Date: Wed, 10 Jul 2019 17:19:43 +0300 Subject: [PATCH 030/541] Set total_users at startup --- jupyterhub/app.py | 2 ++ jupyterhub/metrics.py | 2 -- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 02735cf3..5deb1181 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -80,6 +80,7 @@ from .utils import ( make_ssl_context, ) from .metrics import RUNNING_SERVERS +from .metrics import TOTAL_USERS # classes for config from .auth import Authenticator, PAMAuthenticator @@ -1940,6 +1941,7 @@ class JupyterHub(Application): active_counts = self.users.count_active_users() RUNNING_SERVERS.set(active_counts['active']) + TOTAL_USERS.set(len(self.users)) def init_oauth(self): base_url = self.hub.base_url diff --git a/jupyterhub/metrics.py b/jupyterhub/metrics.py index 27de7be6..ef7370ce 100644 --- a/jupyterhub/metrics.py +++ b/jupyterhub/metrics.py @@ -41,8 +41,6 @@ RUNNING_SERVERS = Gauge( TOTAL_USERS = Gauge('total_users', 'total number of users') -TOTAL_USERS.set(0) - CHECK_ROUTES_DURATION_SECONDS = Histogram( 'check_routes_duration_seconds', 'Time taken to validate all routes in proxy' ) From d541c1797423e21c2b4934f50c844c216399cad8 Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Fri, 12 Jul 2019 22:07:30 +0200 Subject: [PATCH 031/541] Escape usernames in the frontend To cope with special characters like backslash, to address issue https://github.com/jupyterhub/jupyterhub/issues/2128 --- share/jupyterhub/static/js/home.js | 2 +- share/jupyterhub/static/js/jhapi.js | 20 ++++++++++---------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/share/jupyterhub/static/js/home.js b/share/jupyterhub/static/js/home.js index e81b6690..f83b59ac 100644 --- a/share/jupyterhub/static/js/home.js +++ b/share/jupyterhub/static/js/home.js @@ -103,7 +103,7 @@ require(["jquery", "moment", "jhapi", "utils"], function( $(".new-server-btn").click(function() { var row = getRow($(this)); var serverName = row.find(".new-server-name").val(); - window.location.href = "../spawn/" + user + "/" + serverName; + window.location.href = "../spawn/" + escape(user) + "/" + serverName; }); $(".stop-server").click(stopServer); diff --git a/share/jupyterhub/static/js/jhapi.js b/share/jupyterhub/static/js/jhapi.js index c2d597ea..fe8765f4 100644 --- a/share/jupyterhub/static/js/jhapi.js +++ b/share/jupyterhub/static/js/jhapi.js @@ -46,14 +46,14 @@ define(["jquery", "utils"], function($, utils) { JHAPI.prototype.start_server = function(user, options) { options = options || {}; options = update(options, { type: "POST", dataType: null }); - this.api_request(utils.url_path_join("users", user, "server"), options); + this.api_request(utils.url_path_join("users", escape(user), "server"), options); }; JHAPI.prototype.start_named_server = function(user, server_name, options) { options = options || {}; options = update(options, { type: "POST", dataType: null }); this.api_request( - utils.url_path_join("users", user, "servers", server_name), + utils.url_path_join("users", escape(user), "servers", server_name), options ); }; @@ -61,14 +61,14 @@ define(["jquery", "utils"], function($, utils) { JHAPI.prototype.stop_server = function(user, options) { options = options || {}; options = update(options, { type: "DELETE", dataType: null }); - this.api_request(utils.url_path_join("users", user, "server"), options); + this.api_request(utils.url_path_join("users", escape(user), "server"), options); }; JHAPI.prototype.stop_named_server = function(user, server_name, options) { options = options || {}; options = update(options, { type: "DELETE", dataType: null }); this.api_request( - utils.url_path_join("users", user, "servers", server_name), + utils.url_path_join("users", escape(user), "servers", server_name), options ); }; @@ -84,7 +84,7 @@ define(["jquery", "utils"], function($, utils) { }; JHAPI.prototype.get_user = function(user, options) { - this.api_request(utils.url_path_join("users", user), options); + this.api_request(utils.url_path_join("users", escape(user)), options); }; JHAPI.prototype.add_users = function(usernames, userinfo, options) { @@ -107,7 +107,7 @@ define(["jquery", "utils"], function($, utils) { data: JSON.stringify(userinfo), }); - this.api_request(utils.url_path_join("users", user), options); + this.api_request(utils.url_path_join("users", escape(user), options)); }; JHAPI.prototype.admin_access = function(user, options) { @@ -118,7 +118,7 @@ define(["jquery", "utils"], function($, utils) { }); this.api_request( - utils.url_path_join("users", user, "admin-access"), + utils.url_path_join("users", escape(user), "admin-access"), options ); }; @@ -126,7 +126,7 @@ define(["jquery", "utils"], function($, utils) { JHAPI.prototype.delete_user = function(user, options) { options = options || {}; options = update(options, { type: "DELETE", dataType: null }); - this.api_request(utils.url_path_join("users", user), options); + this.api_request(utils.url_path_join("users", escape(user), options)); }; JHAPI.prototype.request_token = function(user, props, options) { @@ -135,14 +135,14 @@ define(["jquery", "utils"], function($, utils) { if (props) { options.data = JSON.stringify(props); } - this.api_request(utils.url_path_join("users", user, "tokens"), options); + this.api_request(utils.url_path_join("users", escape(user), "tokens"), options); }; JHAPI.prototype.revoke_token = function(user, token_id, options) { options = options || {}; options = update(options, { type: "DELETE" }); this.api_request( - utils.url_path_join("users", user, "tokens", token_id), + utils.url_path_join("users", escape(user), "tokens", token_id), options ); }; From dc40cfe80e676e40f6985451eab9d18b7b652088 Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Sat, 13 Jul 2019 09:35:41 +0200 Subject: [PATCH 032/541] encodeURIComponent() instead of escape() --- share/jupyterhub/static/js/home.js | 2 +- share/jupyterhub/static/js/jhapi.js | 20 ++++++++++---------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/share/jupyterhub/static/js/home.js b/share/jupyterhub/static/js/home.js index f83b59ac..66ebc741 100644 --- a/share/jupyterhub/static/js/home.js +++ b/share/jupyterhub/static/js/home.js @@ -103,7 +103,7 @@ require(["jquery", "moment", "jhapi", "utils"], function( $(".new-server-btn").click(function() { var row = getRow($(this)); var serverName = row.find(".new-server-name").val(); - window.location.href = "../spawn/" + escape(user) + "/" + serverName; + window.location.href = "../spawn/" + encodeURIComponent(user) + "/" + serverName; }); $(".stop-server").click(stopServer); diff --git a/share/jupyterhub/static/js/jhapi.js b/share/jupyterhub/static/js/jhapi.js index fe8765f4..bbe230b6 100644 --- a/share/jupyterhub/static/js/jhapi.js +++ b/share/jupyterhub/static/js/jhapi.js @@ -46,14 +46,14 @@ define(["jquery", "utils"], function($, utils) { JHAPI.prototype.start_server = function(user, options) { options = options || {}; options = update(options, { type: "POST", dataType: null }); - this.api_request(utils.url_path_join("users", escape(user), "server"), options); + this.api_request(utils.url_path_join("users", encodeURIComponent(user), "server"), options); }; JHAPI.prototype.start_named_server = function(user, server_name, options) { options = options || {}; options = update(options, { type: "POST", dataType: null }); this.api_request( - utils.url_path_join("users", escape(user), "servers", server_name), + utils.url_path_join("users", encodeURIComponent(user), "servers", server_name), options ); }; @@ -61,14 +61,14 @@ define(["jquery", "utils"], function($, utils) { JHAPI.prototype.stop_server = function(user, options) { options = options || {}; options = update(options, { type: "DELETE", dataType: null }); - this.api_request(utils.url_path_join("users", escape(user), "server"), options); + this.api_request(utils.url_path_join("users", encodeURIComponent(user), "server"), options); }; JHAPI.prototype.stop_named_server = function(user, server_name, options) { options = options || {}; options = update(options, { type: "DELETE", dataType: null }); this.api_request( - utils.url_path_join("users", escape(user), "servers", server_name), + utils.url_path_join("users", encodeURIComponent(user), "servers", server_name), options ); }; @@ -84,7 +84,7 @@ define(["jquery", "utils"], function($, utils) { }; JHAPI.prototype.get_user = function(user, options) { - this.api_request(utils.url_path_join("users", escape(user)), options); + this.api_request(utils.url_path_join("users", encodeURIComponent(user)), options); }; JHAPI.prototype.add_users = function(usernames, userinfo, options) { @@ -107,7 +107,7 @@ define(["jquery", "utils"], function($, utils) { data: JSON.stringify(userinfo), }); - this.api_request(utils.url_path_join("users", escape(user), options)); + this.api_request(utils.url_path_join("users", encodeURIComponent(user), options)); }; JHAPI.prototype.admin_access = function(user, options) { @@ -118,7 +118,7 @@ define(["jquery", "utils"], function($, utils) { }); this.api_request( - utils.url_path_join("users", escape(user), "admin-access"), + utils.url_path_join("users", encodeURIComponent(user), "admin-access"), options ); }; @@ -126,7 +126,7 @@ define(["jquery", "utils"], function($, utils) { JHAPI.prototype.delete_user = function(user, options) { options = options || {}; options = update(options, { type: "DELETE", dataType: null }); - this.api_request(utils.url_path_join("users", escape(user), options)); + this.api_request(utils.url_path_join("users", encodeURIComponent(user), options)); }; JHAPI.prototype.request_token = function(user, props, options) { @@ -135,14 +135,14 @@ define(["jquery", "utils"], function($, utils) { if (props) { options.data = JSON.stringify(props); } - this.api_request(utils.url_path_join("users", escape(user), "tokens"), options); + this.api_request(utils.url_path_join("users", encodeURIComponent(user), "tokens"), options); }; JHAPI.prototype.revoke_token = function(user, token_id, options) { options = options || {}; options = update(options, { type: "DELETE" }); this.api_request( - utils.url_path_join("users", escape(user), "tokens", token_id), + utils.url_path_join("users", encodeURIComponent(user), "tokens", token_id), options ); }; From 0dc35936613470404758a108aee6863152e4fd79 Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Sat, 13 Jul 2019 10:25:32 +0200 Subject: [PATCH 033/541] Escape user variable to frontend --- share/jupyterhub/templates/page.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/share/jupyterhub/templates/page.html b/share/jupyterhub/templates/page.html index 70c733e5..d51ac578 100644 --- a/share/jupyterhub/templates/page.html +++ b/share/jupyterhub/templates/page.html @@ -63,7 +63,7 @@ base_url: "{{base_url}}", prefix: "{{prefix}}", {% if user %} - user: "{{user.name}}", + user: "{{user.name|escapejs}}", {% endif %} {% if admin_access %} admin_access: true, From d686ae1ae76da5b38be0fa9a05869506d117ad8a Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Sat, 13 Jul 2019 10:49:06 +0200 Subject: [PATCH 034/541] json_encode for Tornado framework --- share/jupyterhub/templates/page.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/share/jupyterhub/templates/page.html b/share/jupyterhub/templates/page.html index d51ac578..3d9973e7 100644 --- a/share/jupyterhub/templates/page.html +++ b/share/jupyterhub/templates/page.html @@ -63,7 +63,7 @@ base_url: "{{base_url}}", prefix: "{{prefix}}", {% if user %} - user: "{{user.name|escapejs}}", + user: "{{json_encode(user.name)}}", {% endif %} {% if admin_access %} admin_access: true, From c0464b2e47fab18e1330efa616a1f96fdda35142 Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Tue, 16 Jul 2019 08:18:20 +0200 Subject: [PATCH 035/541] feat: unicode_escape feature --- jupyterhub/user.py | 5 +++++ share/jupyterhub/templates/page.html | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/jupyterhub/user.py b/jupyterhub/user.py index 333175bb..e7f6b451 100644 --- a/jupyterhub/user.py +++ b/jupyterhub/user.py @@ -350,6 +350,11 @@ class User: """My name, escaped for use in URLs, cookies, etc.""" return quote(self.name, safe='@~') + @property + def unicode_escaped_name(self): + """My name, escaped for use in javascript inserts, etc.""" + return self.name.decode('unicode_escape') + @property def proxy_spec(self): """The proxy routespec for my default server""" diff --git a/share/jupyterhub/templates/page.html b/share/jupyterhub/templates/page.html index 3d9973e7..c641c1c4 100644 --- a/share/jupyterhub/templates/page.html +++ b/share/jupyterhub/templates/page.html @@ -63,7 +63,7 @@ base_url: "{{base_url}}", prefix: "{{prefix}}", {% if user %} - user: "{{json_encode(user.name)}}", + user: "{{user.unicode_escaped_name}}", {% endif %} {% if admin_access %} admin_access: true, From 34e44f2eed6b3ec88071067a094fb22222d0113c Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Tue, 16 Jul 2019 10:01:11 +0200 Subject: [PATCH 036/541] feat: user function in page render function --- jupyterhub/handlers/pages.py | 2 +- share/jupyterhub/templates/page.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index d93f2638..2e2de07f 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -67,7 +67,7 @@ class HomeHandler(BaseHandler): html = self.render_template( 'home.html', - user=user, + user=user.unicode_escaped_url, url=url, allow_named_servers=self.allow_named_servers, named_server_limit_per_user=self.named_server_limit_per_user, diff --git a/share/jupyterhub/templates/page.html b/share/jupyterhub/templates/page.html index c641c1c4..cebd9d04 100644 --- a/share/jupyterhub/templates/page.html +++ b/share/jupyterhub/templates/page.html @@ -63,7 +63,7 @@ base_url: "{{base_url}}", prefix: "{{prefix}}", {% if user %} - user: "{{user.unicode_escaped_name}}", + user: "{{user}}", {% endif %} {% if admin_access %} admin_access: true, From 11e32588d791efe337c20b784a1c1b866bd88751 Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Tue, 16 Jul 2019 10:17:26 +0200 Subject: [PATCH 037/541] chore: use most likely fix for custom username property --- jupyterhub/handlers/pages.py | 2 +- share/jupyterhub/templates/page.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index 2e2de07f..d93f2638 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -67,7 +67,7 @@ class HomeHandler(BaseHandler): html = self.render_template( 'home.html', - user=user.unicode_escaped_url, + user=user, url=url, allow_named_servers=self.allow_named_servers, named_server_limit_per_user=self.named_server_limit_per_user, diff --git a/share/jupyterhub/templates/page.html b/share/jupyterhub/templates/page.html index cebd9d04..c641c1c4 100644 --- a/share/jupyterhub/templates/page.html +++ b/share/jupyterhub/templates/page.html @@ -63,7 +63,7 @@ base_url: "{{base_url}}", prefix: "{{prefix}}", {% if user %} - user: "{{user}}", + user: "{{user.unicode_escaped_name}}", {% endif %} {% if admin_access %} admin_access: true, From c24f6b0a6a4ff0b7fc94ea59e9d645d5f7dd3034 Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Tue, 16 Jul 2019 10:38:51 +0200 Subject: [PATCH 038/541] chore: add logging code --- jupyterhub/user.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/jupyterhub/user.py b/jupyterhub/user.py index e7f6b451..16803084 100644 --- a/jupyterhub/user.py +++ b/jupyterhub/user.py @@ -353,7 +353,10 @@ class User: @property def unicode_escaped_name(self): """My name, escaped for use in javascript inserts, etc.""" - return self.name.decode('unicode_escape') + unicoded = self.name.decode('unicode_escape') + self.log.info(f'unicode escaping: name={ self.name }, escaped={ unicoded }') + print("in unicode_escaped_name") + return self.name # return normal name for now @property def proxy_spec(self): From 5ae1fdf621fd5ca3eff5c2cdda2ac08ef3dadf9d Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Tue, 16 Jul 2019 10:53:14 +0200 Subject: [PATCH 039/541] chore: try custom property --- jupyterhub/handlers/pages.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index d93f2638..2e2de07f 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -67,7 +67,7 @@ class HomeHandler(BaseHandler): html = self.render_template( 'home.html', - user=user, + user=user.unicode_escaped_url, url=url, allow_named_servers=self.allow_named_servers, named_server_limit_per_user=self.named_server_limit_per_user, From 69d0a477347337730f49fe2437fd8a7668fea3e7 Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Tue, 16 Jul 2019 11:04:35 +0200 Subject: [PATCH 040/541] chore: try conversion in template Custom property in users.py didn't work, so try it in the templated file. --- share/jupyterhub/templates/page.html | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/share/jupyterhub/templates/page.html b/share/jupyterhub/templates/page.html index c641c1c4..80a7dc75 100644 --- a/share/jupyterhub/templates/page.html +++ b/share/jupyterhub/templates/page.html @@ -63,7 +63,8 @@ base_url: "{{base_url}}", prefix: "{{prefix}}", {% if user %} - user: "{{user.unicode_escaped_name}}", + user: "{{user.name}}", + user_unicode: "{{user.name.decode('unicode_escape')}}", {% endif %} {% if admin_access %} admin_access: true, From 8c8968c2b0ad0b35e65cb4fdc875e6fcccf54e27 Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Tue, 16 Jul 2019 11:06:13 +0200 Subject: [PATCH 041/541] chore: correct handler Probably this has introduced more errors --- jupyterhub/handlers/pages.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index 2e2de07f..d93f2638 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -67,7 +67,7 @@ class HomeHandler(BaseHandler): html = self.render_template( 'home.html', - user=user.unicode_escaped_url, + user=user, url=url, allow_named_servers=self.allow_named_servers, named_server_limit_per_user=self.named_server_limit_per_user, From 1555abb2bf636dce5843443e8e912040517ec3dd Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Tue, 16 Jul 2019 11:43:49 +0200 Subject: [PATCH 042/541] feat: unicode escaping method --- jupyterhub/handlers/pages.py | 1 + 1 file changed, 1 insertion(+) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index d93f2638..6440da5a 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -68,6 +68,7 @@ class HomeHandler(BaseHandler): html = self.render_template( 'home.html', user=user, + user_unicode=codecs.unicode_escape_encode(user)[0].decode(), url=url, allow_named_servers=self.allow_named_servers, named_server_limit_per_user=self.named_server_limit_per_user, From fc90be8424d14b02f925330ecbeac38828b8588d Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Tue, 16 Jul 2019 12:17:32 +0200 Subject: [PATCH 043/541] fix: user user.name instead of user --- jupyterhub/handlers/pages.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index 6440da5a..d2d90857 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -68,7 +68,7 @@ class HomeHandler(BaseHandler): html = self.render_template( 'home.html', user=user, - user_unicode=codecs.unicode_escape_encode(user)[0].decode(), + user_unicode=codecs.unicode_escape_encode(user.name)[0].decode(), url=url, allow_named_servers=self.allow_named_servers, named_server_limit_per_user=self.named_server_limit_per_user, From 3d6d60b64e306815e743d474eba130b1d173b320 Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Tue, 16 Jul 2019 12:34:07 +0200 Subject: [PATCH 044/541] fix: passthrough in template --- share/jupyterhub/templates/page.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/share/jupyterhub/templates/page.html b/share/jupyterhub/templates/page.html index 80a7dc75..1496abf3 100644 --- a/share/jupyterhub/templates/page.html +++ b/share/jupyterhub/templates/page.html @@ -64,7 +64,7 @@ prefix: "{{prefix}}", {% if user %} user: "{{user.name}}", - user_unicode: "{{user.name.decode('unicode_escape')}}", + user_unicode: "{{user_unicode}}", {% endif %} {% if admin_access %} admin_access: true, From d050242d0f74099b4af396e2679a2b89b629fa0b Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Tue, 16 Jul 2019 12:52:30 +0200 Subject: [PATCH 045/541] chore: try splitting value coding --- jupyterhub/handlers/pages.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index d2d90857..c6a1c9d6 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -2,6 +2,7 @@ # Copyright (c) Jupyter Development Team. # Distributed under the terms of the Modified BSD License. import asyncio +import codecs import copy import time from collections import defaultdict @@ -53,6 +54,10 @@ class HomeHandler(BaseHandler): @web.authenticated async def get(self): user = self.current_user + user_unicode = codecs.unicode_escape_encode(self.current_user.name)[0].decode() + self.log.info("user: %s", user) + self.log.info("user.name: %s", user.name) + self.log.info("user_unicode: %s", user_unicode) if user.running: # trigger poll_and_notify event in case of a server that died await user.spawner.poll_and_notify() @@ -68,7 +73,7 @@ class HomeHandler(BaseHandler): html = self.render_template( 'home.html', user=user, - user_unicode=codecs.unicode_escape_encode(user.name)[0].decode(), + user_unicode=user_unicode, url=url, allow_named_servers=self.allow_named_servers, named_server_limit_per_user=self.named_server_limit_per_user, From 1915ecd0c2064d45dd3720722aa64f83383a3050 Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Tue, 16 Jul 2019 13:07:18 +0200 Subject: [PATCH 046/541] feat: try unicoding in user model --- jupyterhub/handlers/pages.py | 3 +++ jupyterhub/user.py | 6 ++++-- share/jupyterhub/templates/page.html | 1 + 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index c6a1c9d6..6ce15120 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -55,9 +55,11 @@ class HomeHandler(BaseHandler): async def get(self): user = self.current_user user_unicode = codecs.unicode_escape_encode(self.current_user.name)[0].decode() + user_unicode_1 = self.current_user.unicode_escaped_name self.log.info("user: %s", user) self.log.info("user.name: %s", user.name) self.log.info("user_unicode: %s", user_unicode) + self.log.info("user_unicode_1: %s", user_unicode_1) if user.running: # trigger poll_and_notify event in case of a server that died await user.spawner.poll_and_notify() @@ -74,6 +76,7 @@ class HomeHandler(BaseHandler): 'home.html', user=user, user_unicode=user_unicode, + user_unicode_1=user_unicode_1, url=url, allow_named_servers=self.allow_named_servers, named_server_limit_per_user=self.named_server_limit_per_user, diff --git a/jupyterhub/user.py b/jupyterhub/user.py index 16803084..3f702c04 100644 --- a/jupyterhub/user.py +++ b/jupyterhub/user.py @@ -1,5 +1,6 @@ # Copyright (c) Jupyter Development Team. # Distributed under the terms of the Modified BSD License. +import codecs import warnings from collections import defaultdict from datetime import datetime @@ -353,10 +354,11 @@ class User: @property def unicode_escaped_name(self): """My name, escaped for use in javascript inserts, etc.""" - unicoded = self.name.decode('unicode_escape') + #unicoded = self.name.decode('unicode_escape') + unicoded = codecs.unicode_escape_encode(self.name)[0].decode() self.log.info(f'unicode escaping: name={ self.name }, escaped={ unicoded }') print("in unicode_escaped_name") - return self.name # return normal name for now + return unicoded # return normal name for now @property def proxy_spec(self): diff --git a/share/jupyterhub/templates/page.html b/share/jupyterhub/templates/page.html index 1496abf3..51198934 100644 --- a/share/jupyterhub/templates/page.html +++ b/share/jupyterhub/templates/page.html @@ -65,6 +65,7 @@ {% if user %} user: "{{user.name}}", user_unicode: "{{user_unicode}}", + user_unicode_1: "{{user_unicode_1}}", {% endif %} {% if admin_access %} admin_access: true, From 73309b5741b36ca9c0872285d075cdf8c9f33ecb Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Tue, 16 Jul 2019 13:31:53 +0200 Subject: [PATCH 047/541] feat: adopt unicode_escaped_name property --- jupyterhub/handlers/pages.py | 2 -- share/jupyterhub/templates/page.html | 3 ++- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index 6ce15120..e016b292 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -75,8 +75,6 @@ class HomeHandler(BaseHandler): html = self.render_template( 'home.html', user=user, - user_unicode=user_unicode, - user_unicode_1=user_unicode_1, url=url, allow_named_servers=self.allow_named_servers, named_server_limit_per_user=self.named_server_limit_per_user, diff --git a/share/jupyterhub/templates/page.html b/share/jupyterhub/templates/page.html index 51198934..4ce76e82 100644 --- a/share/jupyterhub/templates/page.html +++ b/share/jupyterhub/templates/page.html @@ -63,7 +63,8 @@ base_url: "{{base_url}}", prefix: "{{prefix}}", {% if user %} - user: "{{user.name}}", + user: "{{user.unicode_escaped_name}}", + user_original: "{{user.name}}", user_unicode: "{{user_unicode}}", user_unicode_1: "{{user_unicode_1}}", {% endif %} From f1ed6c95f01cf93086e2aadef3e10a47dd9a1311 Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Tue, 16 Jul 2019 14:03:48 +0200 Subject: [PATCH 048/541] chore: reverse url changes --- share/jupyterhub/static/js/home.js | 2 +- share/jupyterhub/static/js/jhapi.js | 20 ++++++++++---------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/share/jupyterhub/static/js/home.js b/share/jupyterhub/static/js/home.js index 66ebc741..f83b59ac 100644 --- a/share/jupyterhub/static/js/home.js +++ b/share/jupyterhub/static/js/home.js @@ -103,7 +103,7 @@ require(["jquery", "moment", "jhapi", "utils"], function( $(".new-server-btn").click(function() { var row = getRow($(this)); var serverName = row.find(".new-server-name").val(); - window.location.href = "../spawn/" + encodeURIComponent(user) + "/" + serverName; + window.location.href = "../spawn/" + escape(user) + "/" + serverName; }); $(".stop-server").click(stopServer); diff --git a/share/jupyterhub/static/js/jhapi.js b/share/jupyterhub/static/js/jhapi.js index bbe230b6..fe8765f4 100644 --- a/share/jupyterhub/static/js/jhapi.js +++ b/share/jupyterhub/static/js/jhapi.js @@ -46,14 +46,14 @@ define(["jquery", "utils"], function($, utils) { JHAPI.prototype.start_server = function(user, options) { options = options || {}; options = update(options, { type: "POST", dataType: null }); - this.api_request(utils.url_path_join("users", encodeURIComponent(user), "server"), options); + this.api_request(utils.url_path_join("users", escape(user), "server"), options); }; JHAPI.prototype.start_named_server = function(user, server_name, options) { options = options || {}; options = update(options, { type: "POST", dataType: null }); this.api_request( - utils.url_path_join("users", encodeURIComponent(user), "servers", server_name), + utils.url_path_join("users", escape(user), "servers", server_name), options ); }; @@ -61,14 +61,14 @@ define(["jquery", "utils"], function($, utils) { JHAPI.prototype.stop_server = function(user, options) { options = options || {}; options = update(options, { type: "DELETE", dataType: null }); - this.api_request(utils.url_path_join("users", encodeURIComponent(user), "server"), options); + this.api_request(utils.url_path_join("users", escape(user), "server"), options); }; JHAPI.prototype.stop_named_server = function(user, server_name, options) { options = options || {}; options = update(options, { type: "DELETE", dataType: null }); this.api_request( - utils.url_path_join("users", encodeURIComponent(user), "servers", server_name), + utils.url_path_join("users", escape(user), "servers", server_name), options ); }; @@ -84,7 +84,7 @@ define(["jquery", "utils"], function($, utils) { }; JHAPI.prototype.get_user = function(user, options) { - this.api_request(utils.url_path_join("users", encodeURIComponent(user)), options); + this.api_request(utils.url_path_join("users", escape(user)), options); }; JHAPI.prototype.add_users = function(usernames, userinfo, options) { @@ -107,7 +107,7 @@ define(["jquery", "utils"], function($, utils) { data: JSON.stringify(userinfo), }); - this.api_request(utils.url_path_join("users", encodeURIComponent(user), options)); + this.api_request(utils.url_path_join("users", escape(user), options)); }; JHAPI.prototype.admin_access = function(user, options) { @@ -118,7 +118,7 @@ define(["jquery", "utils"], function($, utils) { }); this.api_request( - utils.url_path_join("users", encodeURIComponent(user), "admin-access"), + utils.url_path_join("users", escape(user), "admin-access"), options ); }; @@ -126,7 +126,7 @@ define(["jquery", "utils"], function($, utils) { JHAPI.prototype.delete_user = function(user, options) { options = options || {}; options = update(options, { type: "DELETE", dataType: null }); - this.api_request(utils.url_path_join("users", encodeURIComponent(user), options)); + this.api_request(utils.url_path_join("users", escape(user), options)); }; JHAPI.prototype.request_token = function(user, props, options) { @@ -135,14 +135,14 @@ define(["jquery", "utils"], function($, utils) { if (props) { options.data = JSON.stringify(props); } - this.api_request(utils.url_path_join("users", encodeURIComponent(user), "tokens"), options); + this.api_request(utils.url_path_join("users", escape(user), "tokens"), options); }; JHAPI.prototype.revoke_token = function(user, token_id, options) { options = options || {}; options = update(options, { type: "DELETE" }); this.api_request( - utils.url_path_join("users", encodeURIComponent(user), "tokens", token_id), + utils.url_path_join("users", escape(user), "tokens", token_id), options ); }; From 7c78e6c3268b7c4e24aed38b33909d60d3298491 Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Tue, 16 Jul 2019 14:28:28 +0200 Subject: [PATCH 049/541] chore: try non-escaping user Now the user was double-escaped, resulting in escaped % signs --- share/jupyterhub/static/js/jhapi.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/share/jupyterhub/static/js/jhapi.js b/share/jupyterhub/static/js/jhapi.js index fe8765f4..f905f75e 100644 --- a/share/jupyterhub/static/js/jhapi.js +++ b/share/jupyterhub/static/js/jhapi.js @@ -61,7 +61,7 @@ define(["jquery", "utils"], function($, utils) { JHAPI.prototype.stop_server = function(user, options) { options = options || {}; options = update(options, { type: "DELETE", dataType: null }); - this.api_request(utils.url_path_join("users", escape(user), "server"), options); + this.api_request(utils.url_path_join("users", user, "server"), options); }; JHAPI.prototype.stop_named_server = function(user, server_name, options) { From b237ab9e7b4805239b4f6a070da50f38c6995e7b Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Tue, 16 Jul 2019 14:38:35 +0200 Subject: [PATCH 050/541] feat: try fixing the spawn url --- jupyterhub/handlers/pages.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index e016b292..cbcc7046 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -226,7 +226,7 @@ class SpawnHandler(BaseHandler): next_url = self.get_next_url( user, default=url_path_join( - self.hub.base_url, "spawn-pending", user.name, server_name + self.hub.base_url, "spawn-pending", user.unicode_escaped_name, server_name ), ) self.redirect(next_url) From 8dce5a87bc001b986acfbec33c8a0484abecc34a Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Tue, 16 Jul 2019 16:46:00 +0200 Subject: [PATCH 051/541] revert try ginfing spawn url --- jupyterhub/handlers/pages.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index cbcc7046..e016b292 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -226,7 +226,7 @@ class SpawnHandler(BaseHandler): next_url = self.get_next_url( user, default=url_path_join( - self.hub.base_url, "spawn-pending", user.unicode_escaped_name, server_name + self.hub.base_url, "spawn-pending", user.name, server_name ), ) self.redirect(next_url) From 41db9fe1164ef82fb3de3cff97a6b67b7c358a65 Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Tue, 16 Jul 2019 16:47:06 +0200 Subject: [PATCH 052/541] chore: cleanup debugging code --- jupyterhub/user.py | 6 +----- share/jupyterhub/templates/page.html | 3 --- 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/jupyterhub/user.py b/jupyterhub/user.py index 3f702c04..b929569c 100644 --- a/jupyterhub/user.py +++ b/jupyterhub/user.py @@ -354,11 +354,7 @@ class User: @property def unicode_escaped_name(self): """My name, escaped for use in javascript inserts, etc.""" - #unicoded = self.name.decode('unicode_escape') - unicoded = codecs.unicode_escape_encode(self.name)[0].decode() - self.log.info(f'unicode escaping: name={ self.name }, escaped={ unicoded }') - print("in unicode_escaped_name") - return unicoded # return normal name for now + return codecs.unicode_escape_encode(self.name)[0].decode() @property def proxy_spec(self): diff --git a/share/jupyterhub/templates/page.html b/share/jupyterhub/templates/page.html index 4ce76e82..c641c1c4 100644 --- a/share/jupyterhub/templates/page.html +++ b/share/jupyterhub/templates/page.html @@ -64,9 +64,6 @@ prefix: "{{prefix}}", {% if user %} user: "{{user.unicode_escaped_name}}", - user_original: "{{user.name}}", - user_unicode: "{{user_unicode}}", - user_unicode_1: "{{user_unicode_1}}", {% endif %} {% if admin_access %} admin_access: true, From 8a37d2daec7cf56ce7b98294e9a8b50c954e2803 Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Tue, 16 Jul 2019 17:13:19 +0200 Subject: [PATCH 053/541] chore: cleanup comments --- jupyterhub/handlers/pages.py | 6 ------ 1 file changed, 6 deletions(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index e016b292..0a7b7309 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -54,12 +54,6 @@ class HomeHandler(BaseHandler): @web.authenticated async def get(self): user = self.current_user - user_unicode = codecs.unicode_escape_encode(self.current_user.name)[0].decode() - user_unicode_1 = self.current_user.unicode_escaped_name - self.log.info("user: %s", user) - self.log.info("user.name: %s", user.name) - self.log.info("user_unicode: %s", user_unicode) - self.log.info("user_unicode_1: %s", user_unicode_1) if user.running: # trigger poll_and_notify event in case of a server that died await user.spawner.poll_and_notify() From 859dc34ea6ff07a11b570ec9986191cfe6ab4a32 Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Tue, 16 Jul 2019 18:45:48 +0200 Subject: [PATCH 054/541] chore: rename to json_escaped_name and unittests --- jupyterhub/tests/test_orm.py | 8 ++++++++ jupyterhub/user.py | 6 +++--- share/jupyterhub/templates/page.html | 2 +- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/jupyterhub/tests/test_orm.py b/jupyterhub/tests/test_orm.py index d609b27b..e364e32f 100644 --- a/jupyterhub/tests/test_orm.py +++ b/jupyterhub/tests/test_orm.py @@ -73,6 +73,14 @@ def test_user(db): found = orm.User.find(db, 'badger') assert found is None +def test_user_escaping(db): + orm_user = orm.User(name='company\\user@company.com,\"quoted\"') + db.add(orm_user) + db.commit() + user = User(orm_user) + assert user.name == 'company\\user@company.com,\"quoted\"' + assert user.escaped_name == 'company%5Cuser@company.com%2C%22quoted%22' + assert user.json_escaped_name == 'company\\\\user@company.com,\\\"quoted\\\"' def test_tokens(db): user = orm.User(name='inara') diff --git a/jupyterhub/user.py b/jupyterhub/user.py index b929569c..9444d574 100644 --- a/jupyterhub/user.py +++ b/jupyterhub/user.py @@ -1,6 +1,6 @@ # Copyright (c) Jupyter Development Team. # Distributed under the terms of the Modified BSD License. -import codecs +import json import warnings from collections import defaultdict from datetime import datetime @@ -352,9 +352,9 @@ class User: return quote(self.name, safe='@~') @property - def unicode_escaped_name(self): + def json_escaped_name(self): """My name, escaped for use in javascript inserts, etc.""" - return codecs.unicode_escape_encode(self.name)[0].decode() + return json.dumps(self.name)[1:-1] @property def proxy_spec(self): diff --git a/share/jupyterhub/templates/page.html b/share/jupyterhub/templates/page.html index c641c1c4..cd50ee11 100644 --- a/share/jupyterhub/templates/page.html +++ b/share/jupyterhub/templates/page.html @@ -63,7 +63,7 @@ base_url: "{{base_url}}", prefix: "{{prefix}}", {% if user %} - user: "{{user.unicode_escaped_name}}", + user: "{{user.json_escaped_name}}", {% endif %} {% if admin_access %} admin_access: true, From d8d58b2ebdcef17ba5333d5ab675317d9d8e234e Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Tue, 16 Jul 2019 18:51:22 +0200 Subject: [PATCH 055/541] chore: undo escape() functions --- share/jupyterhub/static/js/home.js | 2 +- share/jupyterhub/static/js/jhapi.js | 18 +++++++++--------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/share/jupyterhub/static/js/home.js b/share/jupyterhub/static/js/home.js index f83b59ac..e81b6690 100644 --- a/share/jupyterhub/static/js/home.js +++ b/share/jupyterhub/static/js/home.js @@ -103,7 +103,7 @@ require(["jquery", "moment", "jhapi", "utils"], function( $(".new-server-btn").click(function() { var row = getRow($(this)); var serverName = row.find(".new-server-name").val(); - window.location.href = "../spawn/" + escape(user) + "/" + serverName; + window.location.href = "../spawn/" + user + "/" + serverName; }); $(".stop-server").click(stopServer); diff --git a/share/jupyterhub/static/js/jhapi.js b/share/jupyterhub/static/js/jhapi.js index f905f75e..c2d597ea 100644 --- a/share/jupyterhub/static/js/jhapi.js +++ b/share/jupyterhub/static/js/jhapi.js @@ -46,14 +46,14 @@ define(["jquery", "utils"], function($, utils) { JHAPI.prototype.start_server = function(user, options) { options = options || {}; options = update(options, { type: "POST", dataType: null }); - this.api_request(utils.url_path_join("users", escape(user), "server"), options); + this.api_request(utils.url_path_join("users", user, "server"), options); }; JHAPI.prototype.start_named_server = function(user, server_name, options) { options = options || {}; options = update(options, { type: "POST", dataType: null }); this.api_request( - utils.url_path_join("users", escape(user), "servers", server_name), + utils.url_path_join("users", user, "servers", server_name), options ); }; @@ -68,7 +68,7 @@ define(["jquery", "utils"], function($, utils) { options = options || {}; options = update(options, { type: "DELETE", dataType: null }); this.api_request( - utils.url_path_join("users", escape(user), "servers", server_name), + utils.url_path_join("users", user, "servers", server_name), options ); }; @@ -84,7 +84,7 @@ define(["jquery", "utils"], function($, utils) { }; JHAPI.prototype.get_user = function(user, options) { - this.api_request(utils.url_path_join("users", escape(user)), options); + this.api_request(utils.url_path_join("users", user), options); }; JHAPI.prototype.add_users = function(usernames, userinfo, options) { @@ -107,7 +107,7 @@ define(["jquery", "utils"], function($, utils) { data: JSON.stringify(userinfo), }); - this.api_request(utils.url_path_join("users", escape(user), options)); + this.api_request(utils.url_path_join("users", user), options); }; JHAPI.prototype.admin_access = function(user, options) { @@ -118,7 +118,7 @@ define(["jquery", "utils"], function($, utils) { }); this.api_request( - utils.url_path_join("users", escape(user), "admin-access"), + utils.url_path_join("users", user, "admin-access"), options ); }; @@ -126,7 +126,7 @@ define(["jquery", "utils"], function($, utils) { JHAPI.prototype.delete_user = function(user, options) { options = options || {}; options = update(options, { type: "DELETE", dataType: null }); - this.api_request(utils.url_path_join("users", escape(user), options)); + this.api_request(utils.url_path_join("users", user), options); }; JHAPI.prototype.request_token = function(user, props, options) { @@ -135,14 +135,14 @@ define(["jquery", "utils"], function($, utils) { if (props) { options.data = JSON.stringify(props); } - this.api_request(utils.url_path_join("users", escape(user), "tokens"), options); + this.api_request(utils.url_path_join("users", user, "tokens"), options); }; JHAPI.prototype.revoke_token = function(user, token_id, options) { options = options || {}; options = update(options, { type: "DELETE" }); this.api_request( - utils.url_path_join("users", escape(user), "tokens", token_id), + utils.url_path_join("users", user, "tokens", token_id), options ); }; From fad6900779f524f7bf4233731056ffc5d4d05fb5 Mon Sep 17 00:00:00 2001 From: Jim Crist Date: Tue, 16 Jul 2019 12:03:25 -0500 Subject: [PATCH 056/541] Update a few links [ci skip] These projects recently moved under the JupyterHub organization, updated the links accordingly. --- README.md | 14 +++++++------- docs/source/gallery-jhub-deployments.md | 2 +- docs/source/reference/spawners.md | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 6c1fc6d0..2fc37039 100644 --- a/README.md +++ b/README.md @@ -145,12 +145,12 @@ To start the Hub on a specific url and port ``10.0.1.2:443`` with **https**: ### Authenticators -| Authenticator | Description | -| --------------------------------------------------------------------------- | ------------------------------------------------- | -| PAMAuthenticator | Default, built-in authenticator | -| [OAuthenticator](https://github.com/jupyterhub/oauthenticator) | OAuth + JupyterHub Authenticator = OAuthenticator | -| [ldapauthenticator](https://github.com/jupyterhub/ldapauthenticator) | Simple LDAP Authenticator Plugin for JupyterHub | -| [kerberosauthenticator](https://github.com/jcrist/kerberosauthenticator) | Kerberos Authenticator Plugin for JupyterHub | +| Authenticator | Description | +| ---------------------------------------------------------------------------- | ------------------------------------------------- | +| PAMAuthenticator | Default, built-in authenticator | +| [OAuthenticator](https://github.com/jupyterhub/oauthenticator) | OAuth + JupyterHub Authenticator = OAuthenticator | +| [ldapauthenticator](https://github.com/jupyterhub/ldapauthenticator) | Simple LDAP Authenticator Plugin for JupyterHub | +| [kerberosauthenticator](https://github.com/jupyterhub/kerberosauthenticator) | Kerberos Authenticator Plugin for JupyterHub | ### Spawners @@ -162,7 +162,7 @@ To start the Hub on a specific url and port ``10.0.1.2:443`` with **https**: | [sudospawner](https://github.com/jupyterhub/sudospawner) | Spawn single-user servers without being root | | [systemdspawner](https://github.com/jupyterhub/systemdspawner) | Spawn single-user notebook servers using systemd | | [batchspawner](https://github.com/jupyterhub/batchspawner) | Designed for clusters using batch scheduling software | -| [yarnspawner](https://github.com/jcrist/yarnspawner) | Spawn single-user notebook servers distributed on a Hadoop cluster | +| [yarnspawner](https://github.com/jupyterhub/yarnspawner) | Spawn single-user notebook servers distributed on a Hadoop cluster | | [wrapspawner](https://github.com/jupyterhub/wrapspawner) | WrapSpawner and ProfilesSpawner enabling runtime configuration of spawners | ## Docker diff --git a/docs/source/gallery-jhub-deployments.md b/docs/source/gallery-jhub-deployments.md index 84f03e97..55a3dff6 100644 --- a/docs/source/gallery-jhub-deployments.md +++ b/docs/source/gallery-jhub-deployments.md @@ -173,7 +173,7 @@ easy to do with RStudio too. ### Hadoop -- [Deploying JupyterHub on Hadoop](https://jcrist.github.io/jupyterhub-on-hadoop/) +- [Deploying JupyterHub on Hadoop](https://jupyterhub-on-hadoop.readthedocs.io) ## Miscellaneous diff --git a/docs/source/reference/spawners.md b/docs/source/reference/spawners.md index 7ecc28c8..ae2c595f 100644 --- a/docs/source/reference/spawners.md +++ b/docs/source/reference/spawners.md @@ -25,7 +25,7 @@ Some examples include: run without being root, by spawning an intermediate process via `sudo` - [BatchSpawner](https://github.com/jupyterhub/batchspawner) for spawning remote servers using batch systems -- [YarnSpawner](https://github.com/jcrist/yarnspawner) for spawning notebook +- [YarnSpawner](https://github.com/jupyterhub/yarnspawner) for spawning notebook servers in YARN containers on a Hadoop cluster - [RemoteSpawner](https://github.com/zonca/remotespawner) to spawn notebooks and a remote server and tunnel the port via SSH From 6a2876a9fa95bfe433719d00d65bc4f7f9c54670 Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Tue, 16 Jul 2019 19:23:06 +0200 Subject: [PATCH 057/541] chore: satisfy Black --- jupyterhub/tests/test_orm.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jupyterhub/tests/test_orm.py b/jupyterhub/tests/test_orm.py index e364e32f..4790f386 100644 --- a/jupyterhub/tests/test_orm.py +++ b/jupyterhub/tests/test_orm.py @@ -73,6 +73,7 @@ def test_user(db): found = orm.User.find(db, 'badger') assert found is None + def test_user_escaping(db): orm_user = orm.User(name='company\\user@company.com,\"quoted\"') db.add(orm_user) @@ -82,6 +83,7 @@ def test_user_escaping(db): assert user.escaped_name == 'company%5Cuser@company.com%2C%22quoted%22' assert user.json_escaped_name == 'company\\\\user@company.com,\\\"quoted\\\"' + def test_tokens(db): user = orm.User(name='inara') db.add(user) From 88bff9d03d562785b62a63e410a75cbffb91b97e Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Tue, 16 Jul 2019 19:25:36 +0200 Subject: [PATCH 058/541] chore: include proposed docstring fix --- jupyterhub/user.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/user.py b/jupyterhub/user.py index 9444d574..97a3543f 100644 --- a/jupyterhub/user.py +++ b/jupyterhub/user.py @@ -353,7 +353,7 @@ class User: @property def json_escaped_name(self): - """My name, escaped for use in javascript inserts, etc.""" + """The user name, escaped for use in javascript inserts, etc.""" return json.dumps(self.name)[1:-1] @property From 254687e841a4f933b9531af01552c8627fe5ddef Mon Sep 17 00:00:00 2001 From: Iram Lee Date: Tue, 16 Jul 2019 14:33:54 -0500 Subject: [PATCH 059/541] fix typos on technical reference documentation --- docs/source/reference/proxy.md | 8 ++++---- docs/source/reference/spawners.md | 2 +- docs/source/reference/websecurity.md | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/source/reference/proxy.md b/docs/source/reference/proxy.md index cdc083cf..fd58816a 100644 --- a/docs/source/reference/proxy.md +++ b/docs/source/reference/proxy.md @@ -19,7 +19,7 @@ In general, for a proxy to be usable by JupyterHub, it must: 1. support websockets without prior knowledge of the URL where websockets may occur -2. support trie-based routing (i.e. allow different routes on `/foo` and +2. support trie-based routing (i.e. allow different routes on `/foo` and `/foo/bar` and route based on specificity) 3. adding or removing a route should not cause existing connections to drop @@ -62,7 +62,7 @@ Hub should call these methods when the Hub itself starts and stops. ## Encryption When using `internal_ssl` to encrypt traffic behind the proxy, at minimum, -your `Proxy` will need client ssl certificates which the `Hub` must be made +your `Proxy` will need client ssl certificates which the `Hub` must be made aware of. These can be generated with the command `jupyterhub --generate-certs` which will write them to the `internal_certs_location` in folders named `proxy_api` and `proxy_client`. Alternatively, these can be provided to the @@ -102,7 +102,7 @@ route to be proxied, such as `/user/name/`. A routespec will: ### Adding a route When adding a route, JupyterHub may pass a JSON-serializable dict as a `data` -argument that should be attacked to the proxy route. When that route is +argument that should be attached to the proxy route. When that route is retrieved, the `data` argument should be returned as well. If your proxy implementation doesn't support storing data attached to routes, then your Python wrapper may have to handle storing the `data` piece itself, e.g in a @@ -204,7 +204,7 @@ setup( ``` If you have added this metadata to your package, -users can select your authenticator with the configuration: +users can select your proxy with the configuration: ```python c.JupyterHub.proxy_class = 'mything' diff --git a/docs/source/reference/spawners.md b/docs/source/reference/spawners.md index 7ecc28c8..91abf7ce 100644 --- a/docs/source/reference/spawners.md +++ b/docs/source/reference/spawners.md @@ -195,7 +195,7 @@ setup( ``` If you have added this metadata to your package, -users can select your authenticator with the configuration: +users can select your spawner with the configuration: ```python c.JupyterHub.spawner_class = 'myservice' diff --git a/docs/source/reference/websecurity.md b/docs/source/reference/websecurity.md index ccdc616b..b9b1df68 100644 --- a/docs/source/reference/websecurity.md +++ b/docs/source/reference/websecurity.md @@ -76,7 +76,7 @@ resolves the cross-site issues. ### Disable user config -If subdomains are not available or not desirable, JupyterHub provides a a +If subdomains are not available or not desirable, JupyterHub provides a configuration option `Spawner.disable_user_config`, which can be set to prevent the user-owned configuration files from being loaded. After implementing this option, PATHs and package installation and PATHs are the other things that the From 8a2eba1156b10dbec5b16babc97b047b17261d9b Mon Sep 17 00:00:00 2001 From: Matthias Bussonnier Date: Tue, 16 Jul 2019 13:45:36 -0700 Subject: [PATCH 060/541] Some theme updates; no double NEXT/PREV buttons. - Install pip in the docs conda env (or conda complains). - Do not override page.html, the next/previous buttons are now handled by alabaster_jupyterhub (this actually remove the duplicated next/prev buttons) - use alabaster_jupyterhub when building locally, this make it easy for new contributor to get the _exact_ same appearance than on readthedocs. --- docs/environment.yml | 1 + docs/source/_templates/page.html | 30 ------------------------------ docs/source/conf.py | 4 +--- 3 files changed, 2 insertions(+), 33 deletions(-) delete mode 100644 docs/source/_templates/page.html diff --git a/docs/environment.yml b/docs/environment.yml index b23b5601..2dbfd535 100644 --- a/docs/environment.yml +++ b/docs/environment.yml @@ -4,6 +4,7 @@ name: jhub_docs channels: - conda-forge dependencies: +- pip - nodejs - python=3.6 - alembic diff --git a/docs/source/_templates/page.html b/docs/source/_templates/page.html deleted file mode 100644 index 8df1d7ec..00000000 --- a/docs/source/_templates/page.html +++ /dev/null @@ -1,30 +0,0 @@ -{% extends '!page.html' %} - -{# Custom template for page.html - - Alabaster theme does not provide blocks for prev/next at bottom of each page. - This is _in addition_ to the prev/next in the sidebar. The "Prev/Next" text - or symbols are handled by CSS classes in _static/custom.css -#} - -{% macro prev_next(prev, next, prev_title='', next_title='') %} - {%- if prev %} - {{ prev_title or prev.title }} - {%- endif %} - {%- if next %} - {{ next_title or next.title }} - {%- endif %} -
-{% endmacro %} - - -{% block body %} -
- {{ prev_next(prev, next, 'Previous', 'Next') }} -
- - {{super()}} -
- {{ prev_next(prev, next) }} -
-{% endblock %} diff --git a/docs/source/conf.py b/docs/source/conf.py index 2e2e2087..6e83f379 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -192,9 +192,7 @@ intersphinx_mapping = {'https://docs.python.org/3/': None} # -- Read The Docs -------------------------------------------------------- on_rtd = os.environ.get('READTHEDOCS', None) == 'True' -if not on_rtd: - html_theme = 'alabaster' -else: +if on_rtd: # readthedocs.org uses their theme by default, so no need to specify it # build rest-api, since RTD doesn't run make from subprocess import check_call as sh From 30c69f94c82b35a9293f4f5928d6af6c1d73ccd5 Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Wed, 17 Jul 2019 07:23:39 +0200 Subject: [PATCH 061/541] fix: spawn redirect for users with backslash The 302 redirect served after the spawn POST was not escaping the backslash. --- jupyterhub/handlers/pages.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index d93f2638..13877adb 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -219,7 +219,7 @@ class SpawnHandler(BaseHandler): next_url = self.get_next_url( user, default=url_path_join( - self.hub.base_url, "spawn-pending", user.name, server_name + self.hub.base_url, "spawn-pending", user.escaped_name, server_name ), ) self.redirect(next_url) From ae7974564c5091df8688e05a85af84a25a29944a Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Wed, 17 Jul 2019 08:34:45 +0200 Subject: [PATCH 062/541] fix: use user.escaped_name in page urls --- jupyterhub/handlers/pages.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index 13877adb..6b72523c 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -61,9 +61,9 @@ class HomeHandler(BaseHandler): # to establish that this is an explicit spawn request rather # than an implicit one, which can be caused by any link to `/user/:name(/:server_name)` if user.active: - url = url_path_join(self.base_url, 'user', user.name) + url = url_path_join(self.base_url, 'user', user.escaped_name) else: - url = url_path_join(self.hub.base_url, 'spawn', user.name) + url = url_path_join(self.hub.base_url, 'spawn', user.escaped_name) html = self.render_template( 'home.html', @@ -132,7 +132,7 @@ class SpawnHandler(BaseHandler): # which may get handled by the default server if they aren't ready yet pending_url = url_path_join( - self.hub.base_url, "spawn-pending", user.name, server_name + self.hub.base_url, "spawn-pending", user.escaped_name, server_name ) if self.get_argument('next', None): From 9d2823e84b11294f506f3634762727abf2ccaf35 Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Wed, 17 Jul 2019 09:05:25 +0200 Subject: [PATCH 063/541] fix: user.escaped_name in base.py urls --- jupyterhub/handlers/base.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index f9c8485b..f0862cdf 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -1357,7 +1357,7 @@ class UserUrlHandler(BaseHandler): return pending_url = url_concat( - url_path_join(self.hub.base_url, 'spawn-pending', user.name, server_name), + url_path_join(self.hub.base_url, 'spawn-pending', user.escaped_name, server_name), {'next': self.request.uri}, ) if spawner.pending or spawner._failed: @@ -1371,7 +1371,7 @@ class UserUrlHandler(BaseHandler): # without explicit user action self.set_status(503) spawn_url = url_concat( - url_path_join(self.hub.base_url, "spawn", user.name, server_name), + url_path_join(self.hub.base_url, "spawn", user.escaped_name, server_name), {"next": self.request.uri}, ) html = self.render_template( @@ -1459,7 +1459,7 @@ class UserRedirectHandler(BaseHandler): user_url = url_concat(user_url, parse_qsl(self.request.query)) url = url_concat( - url_path_join(self.hub.base_url, "spawn", user.name), {"next": user_url} + url_path_join(self.hub.base_url, "spawn", user.escaped_name), {"next": user_url} ) self.redirect(url) From 37642408a481f2a3280275444056360d8de94369 Mon Sep 17 00:00:00 2001 From: Kenan Erdogan Date: Wed, 17 Jul 2019 10:44:44 +0200 Subject: [PATCH 064/541] close `
` tag in home.html --- share/jupyterhub/templates/home.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/share/jupyterhub/templates/home.html b/share/jupyterhub/templates/home.html index a141b2d4..88379e56 100644 --- a/share/jupyterhub/templates/home.html +++ b/share/jupyterhub/templates/home.html @@ -4,7 +4,6 @@ {% endif %} {% block main %} -
@@ -83,7 +82,8 @@ {% endif %} -{% endblock %} +
+{% endblock main %} {% block script %} {{ super() }} From b37b13a939f2c19340247b17d7c4f8ddbafef3f1 Mon Sep 17 00:00:00 2001 From: Nico Rikken Date: Wed, 17 Jul 2019 11:05:35 +0200 Subject: [PATCH 065/541] chore: satisfy black checker --- jupyterhub/handlers/base.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index f0862cdf..19504c9c 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -1357,7 +1357,9 @@ class UserUrlHandler(BaseHandler): return pending_url = url_concat( - url_path_join(self.hub.base_url, 'spawn-pending', user.escaped_name, server_name), + url_path_join( + self.hub.base_url, 'spawn-pending', user.escaped_name, server_name + ), {'next': self.request.uri}, ) if spawner.pending or spawner._failed: @@ -1459,7 +1461,8 @@ class UserRedirectHandler(BaseHandler): user_url = url_concat(user_url, parse_qsl(self.request.query)) url = url_concat( - url_path_join(self.hub.base_url, "spawn", user.escaped_name), {"next": user_url} + url_path_join(self.hub.base_url, "spawn", user.escaped_name), + {"next": user_url}, ) self.redirect(url) From 2e67a534cf810a4734f26ae599ed2e01924f1215 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix-Antoine=20Fortin?= Date: Wed, 24 Jul 2019 09:30:02 -0400 Subject: [PATCH 066/541] Update flask hub authentication services example in doc The flask example in the documentation was still using the input argument `cookie_cache_max_age` when instantiating `HubAuth` object. `cookie_cache_max_age` is deprecated since JupyterHub 0.8 and should be replaced by `cache_max_age`. --- docs/source/reference/services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/reference/services.md b/docs/source/reference/services.md index 24de3bdd..7686d4a4 100644 --- a/docs/source/reference/services.md +++ b/docs/source/reference/services.md @@ -249,7 +249,7 @@ prefix = os.environ.get('JUPYTERHUB_SERVICE_PREFIX', '/') auth = HubAuth( api_token=os.environ['JUPYTERHUB_API_TOKEN'], - cookie_cache_max_age=60, + cache_max_age=60, ) app = Flask(__name__) From 444f0ba00c754886dd8682100ddd06029df57f15 Mon Sep 17 00:00:00 2001 From: "Bruno P. Kinoshita" Date: Fri, 26 Jul 2019 14:29:29 +1200 Subject: [PATCH 067/541] Update spawn-form example --- examples/spawn-form/jupyterhub_config.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/examples/spawn-form/jupyterhub_config.py b/examples/spawn-form/jupyterhub_config.py index ff7c2526..58fe59dc 100644 --- a/examples/spawn-form/jupyterhub_config.py +++ b/examples/spawn-form/jupyterhub_config.py @@ -10,10 +10,15 @@ class DemoFormSpawner(LocalProcessSpawner): def _options_form_default(self): default_env = "YOURNAME=%s\n" % self.user.name return """ - - - - +
+ + +
+
+ + +
""".format( env=default_env ) From 749b9e0997da4934286c3da2663321d980e35b65 Mon Sep 17 00:00:00 2001 From: GeorgianaElena Date: Mon, 5 Aug 2019 14:42:48 +0300 Subject: [PATCH 068/541] /hub/admin redirect to login --- jupyterhub/handlers/pages.py | 1 + jupyterhub/tests/test_pages.py | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index 8f4ffb38..c27dd4a6 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -349,6 +349,7 @@ class SpawnPendingHandler(BaseHandler): class AdminHandler(BaseHandler): """Render the admin page.""" + @web.authenticated @admin_only def get(self): available = {'name', 'admin', 'running', 'last_activity'} diff --git a/jupyterhub/tests/test_pages.py b/jupyterhub/tests/test_pages.py index 61a98065..0ab01c9f 100644 --- a/jupyterhub/tests/test_pages.py +++ b/jupyterhub/tests/test_pages.py @@ -92,8 +92,9 @@ async def test_home_auth(app): async def test_admin_no_auth(app): - r = await get_page('admin', app) - assert r.status_code == 403 + r = await get_page('admin', app, allow_redirects=False) + assert r.status_code == 302 + assert '/hub/login' in r.headers['Location'] async def test_admin_not_admin(app): From 2cc0eb885a36ce38a001af4e6705d12862ee6c24 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 5 Aug 2019 13:54:32 +0200 Subject: [PATCH 069/541] Replace header logo: jupyter -> jupyterhub --- jupyterhub/app.py | 2 +- jupyterhub/tests/test_pages.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 5deb1181..d8770780 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -592,7 +592,7 @@ class JupyterHub(Application): @default('logo_file') def _logo_file_default(self): - return os.path.join(self.data_files_path, 'static', 'images', 'jupyter.png') + return os.path.join(self.data_files_path, 'static', 'images', 'jupyterhub-80.png') jinja_environment_options = Dict( help="Supply extra arguments that will be passed to Jinja environment." diff --git a/jupyterhub/tests/test_pages.py b/jupyterhub/tests/test_pages.py index 61a98065..05f5aacc 100644 --- a/jupyterhub/tests/test_pages.py +++ b/jupyterhub/tests/test_pages.py @@ -611,7 +611,7 @@ async def test_static_files(app): r = await async_requests.get(ujoin(base_url, 'logo')) r.raise_for_status() assert r.headers['content-type'] == 'image/png' - r = await async_requests.get(ujoin(base_url, 'static', 'images', 'jupyter.png')) + r = await async_requests.get(ujoin(base_url, 'static', 'images', 'jupyterhub-80.png')) r.raise_for_status() assert r.headers['content-type'] == 'image/png' r = await async_requests.get(ujoin(base_url, 'static', 'css', 'style.min.css')) From 5fa268dab119306d915f85fe8e40c28dab24f1ff Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Wed, 7 Aug 2019 00:37:30 +0200 Subject: [PATCH 070/541] Apply black autoformatting --- jupyterhub/app.py | 4 +++- jupyterhub/tests/test_pages.py | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index d8770780..7410089e 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -592,7 +592,9 @@ class JupyterHub(Application): @default('logo_file') def _logo_file_default(self): - return os.path.join(self.data_files_path, 'static', 'images', 'jupyterhub-80.png') + return os.path.join( + self.data_files_path, 'static', 'images', 'jupyterhub-80.png' + ) jinja_environment_options = Dict( help="Supply extra arguments that will be passed to Jinja environment." diff --git a/jupyterhub/tests/test_pages.py b/jupyterhub/tests/test_pages.py index 05f5aacc..82268be2 100644 --- a/jupyterhub/tests/test_pages.py +++ b/jupyterhub/tests/test_pages.py @@ -611,7 +611,9 @@ async def test_static_files(app): r = await async_requests.get(ujoin(base_url, 'logo')) r.raise_for_status() assert r.headers['content-type'] == 'image/png' - r = await async_requests.get(ujoin(base_url, 'static', 'images', 'jupyterhub-80.png')) + r = await async_requests.get( + ujoin(base_url, 'static', 'images', 'jupyterhub-80.png') + ) r.raise_for_status() assert r.headers['content-type'] == 'image/png' r = await async_requests.get(ujoin(base_url, 'static', 'css', 'style.min.css')) From 6e71e617ed3eba15a63f1e37be421de3ae6c66da Mon Sep 17 00:00:00 2001 From: Katsarov Date: Sat, 10 Aug 2019 07:48:41 +0200 Subject: [PATCH 071/541] update the pending deprecation message in api_tokens to recommend services, not service_tokens --- jupyterhub/app.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 7410089e..de788dc2 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -811,14 +811,14 @@ class JupyterHub(Application): api_tokens = Dict( Unicode(), - help="""PENDING DEPRECATION: consider using service_tokens + help="""PENDING DEPRECATION: consider using services Dict of token:username to be loaded into the database. Allows ahead-of-time generation of API tokens for use by externally managed services, which authenticate as JupyterHub users. - Consider using service_tokens for general services that talk to the JupyterHub API. + Consider using services for general services that talk to the JupyterHub API. """, ).tag(config=True) From 1d1e108e09049f06b37bd640e0ad4ebda9c6f381 Mon Sep 17 00:00:00 2001 From: Rollin Thomas Date: Mon, 12 Aug 2019 09:14:25 -0700 Subject: [PATCH 072/541] Add `server_name` to `spawn_url` --- jupyterhub/handlers/pages.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index c27dd4a6..05006cf0 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -283,7 +283,8 @@ class SpawnPendingHandler(BaseHandler): # We should point the user to Home if the most recent spawn failed. exc = spawner._spawn_future.exception() self.log.error("Previous spawn for %s failed: %s", spawner._log_name, exc) - spawn_url = url_path_join(self.hub.base_url, "spawn", user.escaped_name) + spawn_url = url_path_join(self.hub.base_url, "spawn", user.escaped_name, + server_name) self.set_status(500) html = self.render_template( "not_running.html", @@ -328,7 +329,8 @@ class SpawnPendingHandler(BaseHandler): # further, set status to 404 because this is not # serving the expected page if status is not None: - spawn_url = url_path_join(self.hub.base_url, "spawn", user.escaped_name) + spawn_url = url_path_join(self.hub.base_url, "spawn", user.escaped_name, + server_name) html = self.render_template( "not_running.html", user=user, From 037730761cec9aaa347b86504322b381e2e96d33 Mon Sep 17 00:00:00 2001 From: Rollin Thomas Date: Mon, 12 Aug 2019 10:06:22 -0700 Subject: [PATCH 073/541] Reformat --- jupyterhub/handlers/pages.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index 05006cf0..2aa2c3e8 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -283,8 +283,9 @@ class SpawnPendingHandler(BaseHandler): # We should point the user to Home if the most recent spawn failed. exc = spawner._spawn_future.exception() self.log.error("Previous spawn for %s failed: %s", spawner._log_name, exc) - spawn_url = url_path_join(self.hub.base_url, "spawn", user.escaped_name, - server_name) + spawn_url = url_path_join( + self.hub.base_url, "spawn", user.escaped_name, server_name + ) self.set_status(500) html = self.render_template( "not_running.html", @@ -329,8 +330,9 @@ class SpawnPendingHandler(BaseHandler): # further, set status to 404 because this is not # serving the expected page if status is not None: - spawn_url = url_path_join(self.hub.base_url, "spawn", user.escaped_name, - server_name) + spawn_url = url_path_join( + self.hub.base_url, "spawn", user.escaped_name, server_name + ) html = self.render_template( "not_running.html", user=user, From cda7f73cfa75138ae11b757fa24b861cb7cf4f61 Mon Sep 17 00:00:00 2001 From: Rick Gerkin Date: Fri, 16 Aug 2019 04:59:51 +0000 Subject: [PATCH 074/541] Added support for consistent UIDs at user creation time --- jupyterhub/auth.py | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/jupyterhub/auth.py b/jupyterhub/auth.py index bc906a70..0834e3d7 100644 --- a/jupyterhub/auth.py +++ b/jupyterhub/auth.py @@ -660,6 +660,15 @@ class LocalAuthenticator(Authenticator): # This appears to be the Linux non-interactive adduser command: return ['adduser', '-q', '--gecos', '""', '--disabled-password'] + uids = Dict( + help=""" + Dictionary of uids to use at user creation time. + This helps ensure that users created from the database + get the same uid each time they are created + in temporary deployments or containers. + """ + ).tag(config=True) + group_whitelist = Set( help=""" Whitelist all users from this UNIX group. @@ -762,7 +771,15 @@ class LocalAuthenticator(Authenticator): Tested to work on FreeBSD and Linux, at least. """ name = user.name - cmd = [arg.replace('USERNAME', name) for arg in self.add_user_cmd] + [name] + cmd = [arg.replace('USERNAME', name) for arg in self.add_user_cmd] + try: + uid = self.uids[name] + cmd += ['--uid', '%d' % uid] + except AttributeError: + pass + except KeyError: + self.log.warning("No UID for user %s" % name) + cmd += [name] self.log.info("Creating user: %s", ' '.join(map(pipes.quote, cmd))) p = Popen(cmd, stdout=PIPE, stderr=STDOUT) p.wait() From 8d7f55ce922ab7fef5a6cfbeaa0abb7a8b0dbf19 Mon Sep 17 00:00:00 2001 From: GeorgianaElena Date: Wed, 21 Aug 2019 13:59:25 +0300 Subject: [PATCH 075/541] Fix postgres test --- .travis.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 788bfa4f..55f32b32 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,7 +12,8 @@ env: - MYSQL_HOST=127.0.0.1 - MYSQL_TCP_PORT=13306 services: - - postgres + - postgresql + - mysql - docker # installing dependencies From 4bfc69dc80810f8083762d5e59ebace49f5a6a34 Mon Sep 17 00:00:00 2001 From: GeorgianaElena Date: Wed, 21 Aug 2019 22:01:43 +0300 Subject: [PATCH 076/541] Pin mysql-connector-python to 8.0.11 on travis --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 55f32b32..14af4ef1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -30,7 +30,7 @@ before_install: DB=mysql bash ci/init-db.sh # FIXME: mysql-connector-python 8.0.16 incorrectly decodes bytes to str # ref: https://bugs.mysql.com/bug.php?id=94944 - pip install 'mysql-connector-python==8.0.15' + pip install 'mysql-connector-python==8.0.11' elif [[ $JUPYTERHUB_TEST_DB_URL == postgresql* ]]; then psql -c "CREATE USER $PGUSER WITH PASSWORD '$PGPASSWORD';" -U postgres DB=postgres bash ci/init-db.sh From 077727595cd6f349c982dfb81a0e886966e67e9a Mon Sep 17 00:00:00 2001 From: Matt Shannon Date: Wed, 21 Aug 2019 13:05:04 -0700 Subject: [PATCH 077/541] Add Jupyter community link --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 2fc37039..4d593c2d 100644 --- a/README.md +++ b/README.md @@ -242,6 +242,7 @@ our JupyterHub [Gitter](https://gitter.im/jupyterhub/jupyterhub) channel. - [Documentation for JupyterHub's REST API](http://petstore.swagger.io/?url=https://raw.githubusercontent.com/jupyter/jupyterhub/master/docs/rest-api.yml#/default) - [Documentation for Project Jupyter](http://jupyter.readthedocs.io/en/latest/index.html) | [PDF](https://media.readthedocs.org/pdf/jupyter/latest/jupyter.pdf) - [Project Jupyter website](https://jupyter.org) +- [Project Jupyter community](https://jupyter.org/community) JupyterHub follows the Jupyter [Community Guides](https://jupyter.readthedocs.io/en/latest/community/content-community.html). From f7e5904c5b43ff4d48839fdf35f1a8acbdd1f32b Mon Sep 17 00:00:00 2001 From: GeorgianaElena Date: Thu, 22 Aug 2019 10:04:11 +0300 Subject: [PATCH 078/541] No need to start mysql service --- .travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 14af4ef1..d9dbbd7b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,7 +13,6 @@ env: - MYSQL_TCP_PORT=13306 services: - postgresql - - mysql - docker # installing dependencies From cbbead37809a4f995cdac5f78978d74889e3a343 Mon Sep 17 00:00:00 2001 From: GeorgianaElena Date: Wed, 14 Aug 2019 13:21:13 +0300 Subject: [PATCH 079/541] Fix uncaught exception in pre_spawn_start --- jupyterhub/handlers/pages.py | 14 +++++++++++++- jupyterhub/user.py | 22 ++++++++++++---------- 2 files changed, 25 insertions(+), 11 deletions(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index 2aa2c3e8..68264afc 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -172,7 +172,19 @@ class SpawnHandler(BaseHandler): spawner._spawn_future = None # not running, no form. Trigger spawn and redirect back to /user/:name f = asyncio.ensure_future(self.spawn_single_user(user, server_name)) - await asyncio.wait([f], timeout=1) + done, pending = await asyncio.wait([f], timeout=1) + # If spawn_single_user throws an exception, raise a 500 error + # otherwise it may cause a redirect loop + if f in done: + future, = done + exc = future.exception() + if exc: + raise web.HTTPError( + 500, + "Error in Authenticator.pre_spawn_start: %s %s" + % (type(exc).__name__, str(exc)), + ) + return self.redirect(pending_url) @web.authenticated diff --git a/jupyterhub/user.py b/jupyterhub/user.py index 97a3543f..407310db 100644 --- a/jupyterhub/user.py +++ b/jupyterhub/user.py @@ -529,17 +529,19 @@ class User: # trigger pre-spawn hook on authenticator authenticator = self.authenticator - if authenticator: - await maybe_future(authenticator.pre_spawn_start(self, spawner)) - - spawner._start_pending = True - # update spawner start time, and activity for both spawner and user - self.last_activity = ( - spawner.orm_spawner.started - ) = spawner.orm_spawner.last_activity = datetime.utcnow() - db.commit() - # wait for spawner.start to return try: + if authenticator: + # pre_spawn_start can thow errors that can lead to a redirect loop + # if left uncaught (see https://github.com/jupyterhub/jupyterhub/issues/2683) + await maybe_future(authenticator.pre_spawn_start(self, spawner)) + + spawner._start_pending = True + # update spawner start time, and activity for both spawner and user + self.last_activity = ( + spawner.orm_spawner.started + ) = spawner.orm_spawner.last_activity = datetime.utcnow() + db.commit() + # wait for spawner.start to return # run optional preparation work to bootstrap the notebook await maybe_future(spawner.run_pre_spawn_hook()) if self.settings.get('internal_ssl'): From 8a61eb17383c0dd128e5718e9a20d5457ce00936 Mon Sep 17 00:00:00 2001 From: GeorgianaElena Date: Wed, 14 Aug 2019 13:21:40 +0300 Subject: [PATCH 080/541] Test pre_spawn_start exception --- jupyterhub/tests/test_pages.py | 39 ++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/jupyterhub/tests/test_pages.py b/jupyterhub/tests/test_pages.py index 6bc5663d..77b5cf1e 100644 --- a/jupyterhub/tests/test_pages.py +++ b/jupyterhub/tests/test_pages.py @@ -790,3 +790,42 @@ async def test_metrics_auth(app): async def test_health_check_request(app): r = await get_page('health', app) assert r.status_code == 200 + + +async def test_pre_spawn_start_exc_no_form(app): + exc = "pre_spawn_start error" + + # throw exception from pre_spawn_start + @gen.coroutine + def mock_pre_spawn_start(user, spawner): + raise Exception(exc) + + with mock.patch.object(app.authenticator, 'pre_spawn_start', mock_pre_spawn_start): + cookies = await app.login_user('summer') + # spawn page should thow a 500 error and show the pre_spawn_start error message + r = await get_page('spawn', app, cookies=cookies) + assert r.status_code == 500 + assert exc in r.text + + +async def test_pre_spawn_start_exc_options_form(app): + exc = "pre_spawn_start error" + + # throw exception from pre_spawn_start + @gen.coroutine + def mock_pre_spawn_start(user, spawner): + raise Exception(exc) + + with mock.patch.dict( + app.users.settings, {'spawner_class': FormSpawner} + ), mock.patch.object(app.authenticator, 'pre_spawn_start', mock_pre_spawn_start): + cookies = await app.login_user('spring') + user = app.users['spring'] + # spawn page shouldn't throw any error until the spawn is started + r = await get_page('spawn', app, cookies=cookies) + assert r.url.endswith('/spawn') + r.raise_for_status() + assert FormSpawner.options_form in r.text + # spawning the user server should throw the pre_spawn_start error + with pytest.raises(Exception, match="%s" % exc): + await user.spawn() From 0058ed803d611d1d585f7d96b80c3b0586f64560 Mon Sep 17 00:00:00 2001 From: GeorgianaElena Date: Thu, 22 Aug 2019 15:06:08 +0300 Subject: [PATCH 081/541] Address feedback --- jupyterhub/handlers/pages.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index 68264afc..53525dc8 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -175,16 +175,14 @@ class SpawnHandler(BaseHandler): done, pending = await asyncio.wait([f], timeout=1) # If spawn_single_user throws an exception, raise a 500 error # otherwise it may cause a redirect loop - if f in done: - future, = done - exc = future.exception() + if f.done() and f.exception(): + exc = f.exception() if exc: raise web.HTTPError( 500, "Error in Authenticator.pre_spawn_start: %s %s" % (type(exc).__name__, str(exc)), ) - return self.redirect(pending_url) @web.authenticated From 03693c379e19f3823c3bad7f60cb0a4927e183e0 Mon Sep 17 00:00:00 2001 From: GeorgianaElena Date: Thu, 22 Aug 2019 15:53:40 +0300 Subject: [PATCH 082/541] Removed unnecesary check --- jupyterhub/handlers/pages.py | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index 53525dc8..aa2f37cc 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -177,12 +177,11 @@ class SpawnHandler(BaseHandler): # otherwise it may cause a redirect loop if f.done() and f.exception(): exc = f.exception() - if exc: - raise web.HTTPError( - 500, - "Error in Authenticator.pre_spawn_start: %s %s" - % (type(exc).__name__, str(exc)), - ) + raise web.HTTPError( + 500, + "Error in Authenticator.pre_spawn_start: %s %s" + % (type(exc).__name__, str(exc)), + ) self.redirect(pending_url) @web.authenticated From ced45d101a47f7a9af7eaae0cfae82d14634afe7 Mon Sep 17 00:00:00 2001 From: Richard C Gerkin Date: Thu, 22 Aug 2019 09:33:15 -0700 Subject: [PATCH 083/541] Update jupyterhub/auth.py Co-Authored-By: Min RK --- jupyterhub/auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/auth.py b/jupyterhub/auth.py index 0834e3d7..87ace62d 100644 --- a/jupyterhub/auth.py +++ b/jupyterhub/auth.py @@ -778,7 +778,7 @@ class LocalAuthenticator(Authenticator): except AttributeError: pass except KeyError: - self.log.warning("No UID for user %s" % name) + self.log.debug("No UID for user %s" % name) cmd += [name] self.log.info("Creating user: %s", ' '.join(map(pipes.quote, cmd))) p = Popen(cmd, stdout=PIPE, stderr=STDOUT) From 41b2e6e401f4f00b5bad2ba6281163d84484cb31 Mon Sep 17 00:00:00 2001 From: yuvipanda Date: Thu, 2 May 2019 16:10:45 -0700 Subject: [PATCH 084/541] Add eventlogging infrastructure - Introduce the EventLog class from BinderHub for emitting structured event data - Instrument server starts and stops to emit events - Defaults to not saving any events anywhere --- jupyterhub/app.py | 10 ++ jupyterhub/event-schemas/server-actions.json | 24 ++++ jupyterhub/events.py | 119 +++++++++++++++++++ jupyterhub/handlers/base.py | 14 +++ 4 files changed, 167 insertions(+) create mode 100644 jupyterhub/event-schemas/server-actions.json create mode 100644 jupyterhub/events.py diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 7410089e..0ec5355c 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -11,6 +11,8 @@ import re import signal import socket import sys +import json +from glob import glob from concurrent.futures import ThreadPoolExecutor from datetime import datetime from datetime import timezone @@ -87,6 +89,7 @@ from .auth import Authenticator, PAMAuthenticator from .crypto import CryptKeeper from .spawner import Spawner, LocalProcessSpawner from .objects import Hub, Server +from .events import EventLog # For faking stats from .emptyclass import EmptyClass @@ -2069,6 +2072,7 @@ class JupyterHub(Application): internal_ssl_ca=self.internal_ssl_ca, trusted_alt_names=self.trusted_alt_names, shutdown_on_logout=self.shutdown_on_logout, + event_log=self.event_log ) # allow configured settings to have priority settings.update(self.tornado_settings) @@ -2144,6 +2148,12 @@ class JupyterHub(Application): _log_cls("Authenticator", self.authenticator_class) _log_cls("Spawner", self.spawner_class) + self.event_log = EventLog(parent=self) + + for schema_file in glob(os.path.join(here, 'event-schemas','*.json')): + with open(schema_file) as f: + self.event_log.register_schema(json.load(f)) + self.init_pycurl() self.init_secrets() self.init_internal_ssl() diff --git a/jupyterhub/event-schemas/server-actions.json b/jupyterhub/event-schemas/server-actions.json new file mode 100644 index 00000000..0b390aa4 --- /dev/null +++ b/jupyterhub/event-schemas/server-actions.json @@ -0,0 +1,24 @@ +{ + "$id": "hub.jupyter.org/server-action", + "version": 1, + "title": "JupyterHub server events", + "description": "JupyterHub emits this event when a user's server starts or stops", + "type": "object", + "properties": { + "action": { + "enum": [ + "start", + "stop" + ], + "description": "Action taken on this user's server" + }, + "username": { + "type": "string", + "description": "Name of the user whose server this action applies to" + }, + "servername": { + "type": "string", + "description": "Name of the server this action applies to" + } + } +} \ No newline at end of file diff --git a/jupyterhub/events.py b/jupyterhub/events.py new file mode 100644 index 00000000..14b9f1d6 --- /dev/null +++ b/jupyterhub/events.py @@ -0,0 +1,119 @@ +""" +Emit structured, discrete events when various actions happen. +""" +from traitlets.config import Configurable + +import logging +from datetime import datetime +import jsonschema +from pythonjsonlogger import jsonlogger +from traitlets import TraitType +import json +import six + + +class Callable(TraitType): + """ + A trait which is callable. + + Classes are callable, as are instances + with a __call__() method. + """ + info_text = 'a callable' + def validate(self, obj, value): + if six.callable(value): + return value + else: + self.error(obj, value) + +def _skip_message(record, **kwargs): + """ + Remove 'message' from log record. + + It is always emitted with 'null', and we do not want it, + since we are always emitting events only + """ + del record['message'] + return json.dumps(record, **kwargs) + + +class EventLog(Configurable): + """ + Send structured events to a logging sink + """ + handlers_maker = Callable( + None, + config=True, + allow_none=True, + help=""" + Callable that returns a list of logging.Handler instances to send events to. + + When set to None (the default), events are discarded. + """ + ) + + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + + self.log = logging.getLogger(__name__) + # We don't want events to show up in the default logs + self.log.propagate = False + self.log.setLevel(logging.INFO) + + if self.handlers_maker: + self.handlers = self.handlers_maker(self) + formatter = jsonlogger.JsonFormatter(json_serializer=_skip_message) + for handler in self.handlers: + handler.setFormatter(formatter) + self.log.addHandler(handler) + + self.schemas = {} + + def register_schema(self, schema): + """ + Register a given JSON Schema with this event emitter + + 'version' and '$id' are required fields. + """ + # Check if our schema itself is valid + # This throws an exception if it isn't valid + jsonschema.validators.validator_for(schema).check_schema(schema) + + # Check that the properties we require are present + required_schema_fields = {'$id', 'version'} + for rsf in required_schema_fields: + if rsf not in schema: + raise ValueError( + f'{rsf} is required in schema specification' + ) + + # Make sure reserved, auto-added fields are not in schema + reserved_fields = {'timestamp', 'schema', 'version'} + for rf in reserved_fields: + if rf in schema['properties']: + raise ValueError( + f'{rf} field is reserved by event emitter & can not be explicitly set in schema' + ) + + self.schemas[(schema['$id'], schema['version'])] = schema + + def emit(self, schema_name, version, event): + """ + Emit event with given schema / version in a capsule. + """ + if not self.handlers_maker: + # If we don't have a handler setup, ignore everything + return + + if (schema_name, version) not in self.schemas: + raise ValueError(f'Schema {schema_name} version {version} not registered') + schema = self.schemas[(schema_name, version)] + jsonschema.validate(event, schema) + + capsule = { + 'timestamp': datetime.utcnow().isoformat() + 'Z', + 'schema': schema_name, + 'version': version + } + capsule.update(event) + self.log.info(capsule) \ No newline at end of file diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index 19504c9c..19dfd467 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -156,6 +156,10 @@ class BaseHandler(RequestHandler): def oauth_provider(self): return self.settings['oauth_provider'] + @property + def event_log(self): + return self.settings['event_log'] + def finish(self, *args, **kwargs): """Roll back any uncommitted transactions from the handler.""" if self.db.dirty: @@ -846,6 +850,11 @@ class BaseHandler(RequestHandler): SERVER_SPAWN_DURATION_SECONDS.labels( status=ServerSpawnStatus.success ).observe(time.perf_counter() - spawn_start_time) + self.event_log.emit('hub.jupyter.org/server-action', 1, { + 'action': 'start', + 'username': user.name, + 'servername': server_name + }) proxy_add_start_time = time.perf_counter() spawner._proxy_pending = True try: @@ -1026,6 +1035,11 @@ class BaseHandler(RequestHandler): SERVER_STOP_DURATION_SECONDS.labels( status=ServerStopStatus.success ).observe(toc - tic) + self.event_log.emit('hub.jupyter.org/server-action', 1, { + 'action': 'stop', + 'username': user.name, + 'servername': server_name + }) except: SERVER_STOP_DURATION_SECONDS.labels( status=ServerStopStatus.failure From 1e578a25d37a5bb73d77e40cbec2cb8c8eb65b7d Mon Sep 17 00:00:00 2001 From: yuvipanda Date: Thu, 2 May 2019 16:23:02 -0700 Subject: [PATCH 085/541] Add jsonschema and python-json-logger as dependencies They're pure python, and should be ok --- requirements.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/requirements.txt b/requirements.txt index ad40788f..3b49dc97 100644 --- a/requirements.txt +++ b/requirements.txt @@ -11,3 +11,5 @@ requests SQLAlchemy>=1.1 tornado>=5.0 traitlets>=4.3.2 +jsonschema +python-json-logger From eca4f33afc4b09844643f1de14a6cb4aea99dfcf Mon Sep 17 00:00:00 2001 From: yuvipanda Date: Thu, 2 May 2019 16:42:17 -0700 Subject: [PATCH 086/541] Don't use f strings yet jupyterhub still supports Python 3.5 --- jupyterhub/events.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/jupyterhub/events.py b/jupyterhub/events.py index 14b9f1d6..9176fcad 100644 --- a/jupyterhub/events.py +++ b/jupyterhub/events.py @@ -84,7 +84,7 @@ class EventLog(Configurable): for rsf in required_schema_fields: if rsf not in schema: raise ValueError( - f'{rsf} is required in schema specification' + '{} is required in schema specification'.format(rsf) ) # Make sure reserved, auto-added fields are not in schema @@ -92,7 +92,9 @@ class EventLog(Configurable): for rf in reserved_fields: if rf in schema['properties']: raise ValueError( - f'{rf} field is reserved by event emitter & can not be explicitly set in schema' + '{rf} field is reserved by event emitter & can not be explicitly set in schema'.format( + rf=rf + ) ) self.schemas[(schema['$id'], schema['version'])] = schema @@ -106,7 +108,9 @@ class EventLog(Configurable): return if (schema_name, version) not in self.schemas: - raise ValueError(f'Schema {schema_name} version {version} not registered') + raise ValueError('Schema {schema_name} version {version} not registered'.format( + schema_name=schema_name, version=version + )) schema = self.schemas[(schema_name, version)] jsonschema.validate(event, schema) From 5aaa5263fab0439fe1d87ada85a1746a65c45a87 Mon Sep 17 00:00:00 2001 From: yuvipanda Date: Thu, 2 May 2019 16:56:50 -0700 Subject: [PATCH 087/541] Emitted schemas must be whitelisted by admins Privacy by default! --- jupyterhub/events.py | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/jupyterhub/events.py b/jupyterhub/events.py index 9176fcad..688b4e5b 100644 --- a/jupyterhub/events.py +++ b/jupyterhub/events.py @@ -7,7 +7,7 @@ import logging from datetime import datetime import jsonschema from pythonjsonlogger import jsonlogger -from traitlets import TraitType +from traitlets import TraitType, List import json import six @@ -52,6 +52,17 @@ class EventLog(Configurable): """ ) + allowed_schemas = List( + [], + config=True, + help=""" + Fully qualified names of schemas to record. + + Each schema you want to record must be manually specified. + The default, an empty list, means no events are recorded. + """ + ) + def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) @@ -103,8 +114,9 @@ class EventLog(Configurable): """ Emit event with given schema / version in a capsule. """ - if not self.handlers_maker: - # If we don't have a handler setup, ignore everything + if not (self.handlers_maker and schema_name in self.allowed_schemas): + # if handler isn't set up or schema is not explicitly whitelisted, + # don't do anything return if (schema_name, version) not in self.schemas: From 1225ff47be2f5a7ea4ae1a4806b77320978fc895 Mon Sep 17 00:00:00 2001 From: yuvipanda Date: Wed, 12 Jun 2019 09:41:29 -0700 Subject: [PATCH 088/541] Use dunder formatting for capsule --- jupyterhub/events.py | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/jupyterhub/events.py b/jupyterhub/events.py index 688b4e5b..0f4db756 100644 --- a/jupyterhub/events.py +++ b/jupyterhub/events.py @@ -99,14 +99,10 @@ class EventLog(Configurable): ) # Make sure reserved, auto-added fields are not in schema - reserved_fields = {'timestamp', 'schema', 'version'} - for rf in reserved_fields: - if rf in schema['properties']: - raise ValueError( - '{rf} field is reserved by event emitter & can not be explicitly set in schema'.format( - rf=rf - ) - ) + if any([p.startswith('__') for p in schema['properties']]): + raise ValueError( + 'Schema {} has properties beginning with __, which is not allowed' + ) self.schemas[(schema['$id'], schema['version'])] = schema @@ -127,9 +123,9 @@ class EventLog(Configurable): jsonschema.validate(event, schema) capsule = { - 'timestamp': datetime.utcnow().isoformat() + 'Z', - 'schema': schema_name, - 'version': version + '__timestamp__': datetime.utcnow().isoformat() + 'Z', + '__schema__': schema_name, + '__version__': version } capsule.update(event) self.log.info(capsule) \ No newline at end of file From dcde4020c21a4fa137c652e59082d3276719b190 Mon Sep 17 00:00:00 2001 From: yuvipanda Date: Tue, 9 Jul 2019 13:44:50 -0700 Subject: [PATCH 089/541] Use EventLog class from jupyter_telemetry Full circle, since the code in jupyter_telemetry came from here: https://github.com/jupyter/telemetry/pull/6 --- jupyterhub/app.py | 12 ++-- jupyterhub/events.py | 131 ------------------------------------ jupyterhub/handlers/base.py | 8 +-- 3 files changed, 10 insertions(+), 141 deletions(-) delete mode 100644 jupyterhub/events.py diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 0ec5355c..1353a3b7 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -59,6 +59,8 @@ from traitlets import ( ) from traitlets.config import Application, Configurable, catch_config_error +from jupyter_telemetry.eventlog import EventLog + here = os.path.dirname(__file__) import jupyterhub @@ -89,7 +91,6 @@ from .auth import Authenticator, PAMAuthenticator from .crypto import CryptKeeper from .spawner import Spawner, LocalProcessSpawner from .objects import Hub, Server -from .events import EventLog # For faking stats from .emptyclass import EmptyClass @@ -2072,7 +2073,7 @@ class JupyterHub(Application): internal_ssl_ca=self.internal_ssl_ca, trusted_alt_names=self.trusted_alt_names, shutdown_on_logout=self.shutdown_on_logout, - event_log=self.event_log + eventlog=self.eventlog ) # allow configured settings to have priority settings.update(self.tornado_settings) @@ -2148,11 +2149,10 @@ class JupyterHub(Application): _log_cls("Authenticator", self.authenticator_class) _log_cls("Spawner", self.spawner_class) - self.event_log = EventLog(parent=self) + self.eventlog = EventLog(parent=self) - for schema_file in glob(os.path.join(here, 'event-schemas','*.json')): - with open(schema_file) as f: - self.event_log.register_schema(json.load(f)) + for schema_file in glob(os.path.join(here, 'event-schemas', '*.json')): + self.eventlog.register_schema_file(schema_file) self.init_pycurl() self.init_secrets() diff --git a/jupyterhub/events.py b/jupyterhub/events.py deleted file mode 100644 index 0f4db756..00000000 --- a/jupyterhub/events.py +++ /dev/null @@ -1,131 +0,0 @@ -""" -Emit structured, discrete events when various actions happen. -""" -from traitlets.config import Configurable - -import logging -from datetime import datetime -import jsonschema -from pythonjsonlogger import jsonlogger -from traitlets import TraitType, List -import json -import six - - -class Callable(TraitType): - """ - A trait which is callable. - - Classes are callable, as are instances - with a __call__() method. - """ - info_text = 'a callable' - def validate(self, obj, value): - if six.callable(value): - return value - else: - self.error(obj, value) - -def _skip_message(record, **kwargs): - """ - Remove 'message' from log record. - - It is always emitted with 'null', and we do not want it, - since we are always emitting events only - """ - del record['message'] - return json.dumps(record, **kwargs) - - -class EventLog(Configurable): - """ - Send structured events to a logging sink - """ - handlers_maker = Callable( - None, - config=True, - allow_none=True, - help=""" - Callable that returns a list of logging.Handler instances to send events to. - - When set to None (the default), events are discarded. - """ - ) - - allowed_schemas = List( - [], - config=True, - help=""" - Fully qualified names of schemas to record. - - Each schema you want to record must be manually specified. - The default, an empty list, means no events are recorded. - """ - ) - - def __init__(self, *args, **kwargs): - super().__init__(*args, **kwargs) - - self.log = logging.getLogger(__name__) - # We don't want events to show up in the default logs - self.log.propagate = False - self.log.setLevel(logging.INFO) - - if self.handlers_maker: - self.handlers = self.handlers_maker(self) - formatter = jsonlogger.JsonFormatter(json_serializer=_skip_message) - for handler in self.handlers: - handler.setFormatter(formatter) - self.log.addHandler(handler) - - self.schemas = {} - - def register_schema(self, schema): - """ - Register a given JSON Schema with this event emitter - - 'version' and '$id' are required fields. - """ - # Check if our schema itself is valid - # This throws an exception if it isn't valid - jsonschema.validators.validator_for(schema).check_schema(schema) - - # Check that the properties we require are present - required_schema_fields = {'$id', 'version'} - for rsf in required_schema_fields: - if rsf not in schema: - raise ValueError( - '{} is required in schema specification'.format(rsf) - ) - - # Make sure reserved, auto-added fields are not in schema - if any([p.startswith('__') for p in schema['properties']]): - raise ValueError( - 'Schema {} has properties beginning with __, which is not allowed' - ) - - self.schemas[(schema['$id'], schema['version'])] = schema - - def emit(self, schema_name, version, event): - """ - Emit event with given schema / version in a capsule. - """ - if not (self.handlers_maker and schema_name in self.allowed_schemas): - # if handler isn't set up or schema is not explicitly whitelisted, - # don't do anything - return - - if (schema_name, version) not in self.schemas: - raise ValueError('Schema {schema_name} version {version} not registered'.format( - schema_name=schema_name, version=version - )) - schema = self.schemas[(schema_name, version)] - jsonschema.validate(event, schema) - - capsule = { - '__timestamp__': datetime.utcnow().isoformat() + 'Z', - '__schema__': schema_name, - '__version__': version - } - capsule.update(event) - self.log.info(capsule) \ No newline at end of file diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index 19dfd467..b5f37cc8 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -157,8 +157,8 @@ class BaseHandler(RequestHandler): return self.settings['oauth_provider'] @property - def event_log(self): - return self.settings['event_log'] + def eventlog(self): + return self.settings['eventlog'] def finish(self, *args, **kwargs): """Roll back any uncommitted transactions from the handler.""" @@ -850,7 +850,7 @@ class BaseHandler(RequestHandler): SERVER_SPAWN_DURATION_SECONDS.labels( status=ServerSpawnStatus.success ).observe(time.perf_counter() - spawn_start_time) - self.event_log.emit('hub.jupyter.org/server-action', 1, { + self.eventlog.record_event('hub.jupyter.org/server-action', 1, { 'action': 'start', 'username': user.name, 'servername': server_name @@ -1035,7 +1035,7 @@ class BaseHandler(RequestHandler): SERVER_STOP_DURATION_SECONDS.labels( status=ServerStopStatus.success ).observe(toc - tic) - self.event_log.emit('hub.jupyter.org/server-action', 1, { + self.eventlog.record_event('hub.jupyter.org/server-action', 1, { 'action': 'stop', 'username': user.name, 'servername': server_name From aea2eefa778386b1837b3c10fab1a442a0510ac5 Mon Sep 17 00:00:00 2001 From: yuvipanda Date: Tue, 9 Jul 2019 16:50:20 -0700 Subject: [PATCH 090/541] Add lots of documentation to event schema Move it to YAML, since jupyter_telemetry supports these natively. --- jupyterhub/app.py | 7 ++- jupyterhub/event-schemas/server-actions.json | 24 -------- .../event-schemas/server-actions/v1.yaml | 59 +++++++++++++++++++ 3 files changed, 64 insertions(+), 26 deletions(-) delete mode 100644 jupyterhub/event-schemas/server-actions.json create mode 100644 jupyterhub/event-schemas/server-actions/v1.yaml diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 1353a3b7..d34740f0 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -2151,8 +2151,11 @@ class JupyterHub(Application): self.eventlog = EventLog(parent=self) - for schema_file in glob(os.path.join(here, 'event-schemas', '*.json')): - self.eventlog.register_schema_file(schema_file) + for dirname, _, files in os.walk(os.path.join(here, 'event-schemas')): + for file in files: + if not file.endswith('.yaml'): + continue + self.eventlog.register_schema_file(os.path.join(dirname, file)) self.init_pycurl() self.init_secrets() diff --git a/jupyterhub/event-schemas/server-actions.json b/jupyterhub/event-schemas/server-actions.json deleted file mode 100644 index 0b390aa4..00000000 --- a/jupyterhub/event-schemas/server-actions.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "$id": "hub.jupyter.org/server-action", - "version": 1, - "title": "JupyterHub server events", - "description": "JupyterHub emits this event when a user's server starts or stops", - "type": "object", - "properties": { - "action": { - "enum": [ - "start", - "stop" - ], - "description": "Action taken on this user's server" - }, - "username": { - "type": "string", - "description": "Name of the user whose server this action applies to" - }, - "servername": { - "type": "string", - "description": "Name of the server this action applies to" - } - } -} \ No newline at end of file diff --git a/jupyterhub/event-schemas/server-actions/v1.yaml b/jupyterhub/event-schemas/server-actions/v1.yaml new file mode 100644 index 00000000..35ffad67 --- /dev/null +++ b/jupyterhub/event-schemas/server-actions/v1.yaml @@ -0,0 +1,59 @@ +"$id": hub.jupyter.org/server-action +version: 1 +title: JupyterHub server events +description: | + Record actions on user servers made via JupyterHub. + + JupyterHub can perform various actions on user servers via + direct interaction from users, or via the API. This event is + recorded whenever either of those happen. + + Limitations: + + 1. This does not record all server starts / stops, only those + explicitly performed by JupyterHub. For example, a user's server + can go down because the node it was running on dies. That will + not cause an event to be recorded, since it was not initiated + by JupyterHub. In practice this happens often, so this is not + a complete record. + 2. Events are only recorded when an action succeeds. +type: object +required: +- action +- username +- servername +properties: + action: + enum: + - start + - stop + description: | + Action performed by JupyterHub. + + This is a required field. + + Possibl Values: + + 1. start + A user's server was successfully started + + 2. stop + A user's server was successfully stopped + username: + type: string + description: | + Name of the user whose server this action was performed on. + + This is the normalized name used by JupyterHub itself, + which is derived from the authentication provider used but + might not be the same as used in the authentication provider. + servername: + type: string + description: | + Name of the server this action was performed on. + + JupyterHub supports each user having multiple servers with + arbitrary names, and this field specifies the name of the + server. + + The 'default' server is denoted by the empty string From 2b1bfa0ba7eb82fbd3d51f17ffa0f0ee963fbd63 Mon Sep 17 00:00:00 2001 From: yuvipanda Date: Tue, 9 Jul 2019 16:51:17 -0700 Subject: [PATCH 091/541] Depend on the jupyter_telemetry package --- requirements.txt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index 3b49dc97..3ae33109 100644 --- a/requirements.txt +++ b/requirements.txt @@ -11,5 +11,4 @@ requests SQLAlchemy>=1.1 tornado>=5.0 traitlets>=4.3.2 -jsonschema -python-json-logger +jupyter_telemetry From c34bcabcb970ce0f3328a453e8b98d5b72a44bfa Mon Sep 17 00:00:00 2001 From: Zsailer Date: Wed, 21 Aug 2019 11:00:37 -0700 Subject: [PATCH 092/541] add docs for event-logging --- docs/requirements.txt | 1 + docs/source/conf.py | 1 + docs/source/events/index.rst | 50 +++++++++++++++++++++++++++ docs/source/events/server-actions.rst | 1 + docs/source/index.rst | 8 +++++ 5 files changed, 61 insertions(+) create mode 100644 docs/source/events/index.rst create mode 100644 docs/source/events/server-actions.rst diff --git a/docs/requirements.txt b/docs/requirements.txt index 5f8b447a..0ac4a7ce 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -5,3 +5,4 @@ alabaster_jupyterhub recommonmark==0.5.0 sphinx-copybutton sphinx>=1.7 +sphinx-jsonschema \ No newline at end of file diff --git a/docs/source/conf.py b/docs/source/conf.py index 6e83f379..0e84f38c 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -19,6 +19,7 @@ extensions = [ 'sphinx.ext.napoleon', 'autodoc_traits', 'sphinx_copybutton', + 'sphinx-jsonschema' ] templates_path = ['_templates'] diff --git a/docs/source/events/index.rst b/docs/source/events/index.rst new file mode 100644 index 00000000..4ecf1ebd --- /dev/null +++ b/docs/source/events/index.rst @@ -0,0 +1,50 @@ +Eventlogging and Telemetry +========================== + +JupyterHub can be configured to record structured events from a running server using Jupyter's `Telemetry System`_. The types of events that JupyterHub emits are defined by `JSON schemas`_ listed below_ + + emitted as JSON data, defined and validated by the JSON schemas listed below. + + +.. _logging: https://docs.python.org/3/library/logging.html +.. _`Telemetry System`: https://github.com/jupyter/telemetry +.. _`JSON schemas`: https://json-schema.org/ + +How to emit events +------------------ + +Eventlogging is handled by its ``Eventlog`` object. This leverages Python's standing logging_ library to emit, filter, and collect event data. + + +To begin recording events, you'll need to set two configurations: + + 1. ``handlers``: tells the EventLog *where* to route your events. This trait is a list of Python logging handlers that route events to + 2. ``allows_schemas``: tells the EventLog *which* events should be recorded. No events are emitted by default; all recorded events must be listed here. + +Here's a basic example: + +.. code-block:: + + import logging + + c.EventLog.handlers = [ + logging.FileHandler('event.log'), + ] + + c.EventLog.allowed_schemas = [ + 'hub.jupyter.org/server-action' + ] + +The output is a file, ``"event.log"``, with events recorded as JSON data. + + + +.. _below: + +Event schemas +------------- + +.. toctree:: + :maxdepth: 2 + + server-actions.rst \ No newline at end of file diff --git a/docs/source/events/server-actions.rst b/docs/source/events/server-actions.rst new file mode 100644 index 00000000..7db66a27 --- /dev/null +++ b/docs/source/events/server-actions.rst @@ -0,0 +1 @@ +.. jsonschema:: ../../../jupyterhub/event-schemas/server-actions/v1.yaml \ No newline at end of file diff --git a/docs/source/index.rst b/docs/source/index.rst index db23641a..274905f5 100644 --- a/docs/source/index.rst +++ b/docs/source/index.rst @@ -134,6 +134,14 @@ helps keep our community welcoming to as many people as possible. contributing/roadmap contributing/security +Eventlogging and Telemetry +-------------------------- + +.. toctree:: + :maxdepth: 1 + + events/index + Upgrading JupyterHub -------------------- From 439e4381f06f2cda69afd09992d9b04410fc4947 Mon Sep 17 00:00:00 2001 From: Zsailer Date: Thu, 22 Aug 2019 10:51:47 -0700 Subject: [PATCH 093/541] add tests for eventlog --- jupyterhub/app.py | 20 ++++---- jupyterhub/tests/test_eventlog.py | 79 +++++++++++++++++++++++++++++++ 2 files changed, 91 insertions(+), 8 deletions(-) create mode 100644 jupyterhub/tests/test_eventlog.py diff --git a/jupyterhub/app.py b/jupyterhub/app.py index d34740f0..1451cc64 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -2099,6 +2099,17 @@ class JupyterHub(Application): e, ) + def init_eventlog(self): + """Set up the event logging system.""" + self.eventlog = EventLog(parent=self) + + for dirname, _, files in os.walk(os.path.join(here, 'event-schemas')): + for file in files: + if not file.endswith('.yaml'): + continue + self.eventlog.register_schema_file(os.path.join(dirname, file)) + + def write_pid_file(self): pid = os.getpid() if self.pid_file: @@ -2149,14 +2160,7 @@ class JupyterHub(Application): _log_cls("Authenticator", self.authenticator_class) _log_cls("Spawner", self.spawner_class) - self.eventlog = EventLog(parent=self) - - for dirname, _, files in os.walk(os.path.join(here, 'event-schemas')): - for file in files: - if not file.endswith('.yaml'): - continue - self.eventlog.register_schema_file(os.path.join(dirname, file)) - + self.init_eventlog() self.init_pycurl() self.init_secrets() self.init_internal_ssl() diff --git a/jupyterhub/tests/test_eventlog.py b/jupyterhub/tests/test_eventlog.py new file mode 100644 index 00000000..1bb7cf68 --- /dev/null +++ b/jupyterhub/tests/test_eventlog.py @@ -0,0 +1,79 @@ +"""Tests for Eventlogging in JupyterHub. + +To test a new schema or event, simply add it to the +`valid_events` and `invalid_events` variables below. + +You *shouldn't* need to write new tests. +""" +import io +import json +import logging +import jsonschema +import pytest +from .mocking import MockHub +from traitlets.config import Config + + +# To test new schemas, add them to the `valid_events` +# and `invalid_events` dictionary below. + +# To test valid events, add event item with the form: +# { ( '', ) : { } } +valid_events = [ + ('hub.jupyter.org/server-action', 1, dict(action='start', username='test-username', servername='test-servername')), +] + +# To test invalid events, add event item with the form: +# { ( '', ) : { } } +invalid_events = [ + # Missing required keys + ('hub.jupyter.org/server-action', 1, dict(action='start')), +] + + +@pytest.fixture +def get_hub_and_sink(): + """Get a hub instance with all registered schemas and record an event with it.""" + # Get a mockhub. + hub = MockHub.instance() + sink = io.StringIO() + handler = logging.StreamHandler(sink) + + def _record_from_hub(schema): + # Update the hub config with handler info. + cfg = Config() + cfg.EventLog.handlers = [handler] + cfg.EventLog.allowed_schemas = [schema] + + # Get hub app. + hub.update_config(cfg) + hub.init_eventlog() + + # Record an event from the hub. + return hub, sink + + yield _record_from_hub + + # teardown + hub.clear_instance() + handler.flush() + + +@pytest.mark.parametrize('schema, version, event', valid_events) +def test_valid_events(get_hub_and_sink, schema, version, event): + hub, sink = get_hub_and_sink(schema) + # Record event. + hub.eventlog.record_event(schema, version, event) + # Inspect consumed event. + output = sink.getvalue() + x = json.loads(output) + + assert x is not None + +@pytest.mark.parametrize('schema, version, event', invalid_events) +def test_invalid_events(get_hub_and_sink, schema, version, event): + hub, sink = get_hub_and_sink(schema) + + # Make sure an error is thrown when bad events are recorded. + with pytest.raises(jsonschema.ValidationError): + recorded_event = hub.eventlog.record_event(schema, version, event) From 263c5e838e25b25bd4c10c4eb55fa5ab1c8d8d3f Mon Sep 17 00:00:00 2001 From: Zsailer Date: Thu, 22 Aug 2019 11:11:27 -0700 Subject: [PATCH 094/541] rename test fixture --- jupyterhub/tests/test_eventlog.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jupyterhub/tests/test_eventlog.py b/jupyterhub/tests/test_eventlog.py index 1bb7cf68..99591b7b 100644 --- a/jupyterhub/tests/test_eventlog.py +++ b/jupyterhub/tests/test_eventlog.py @@ -39,7 +39,7 @@ def get_hub_and_sink(): sink = io.StringIO() handler = logging.StreamHandler(sink) - def _record_from_hub(schema): + def _get_hub_and_sink(schema): # Update the hub config with handler info. cfg = Config() cfg.EventLog.handlers = [handler] @@ -52,7 +52,7 @@ def get_hub_and_sink(): # Record an event from the hub. return hub, sink - yield _record_from_hub + yield _get_hub_and_sink # teardown hub.clear_instance() From c9d52bea43ea9b6d90336ae7961402c512615f62 Mon Sep 17 00:00:00 2001 From: Zsailer Date: Thu, 22 Aug 2019 12:19:46 -0700 Subject: [PATCH 095/541] verify test data was emitted --- jupyterhub/tests/test_eventlog.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/jupyterhub/tests/test_eventlog.py b/jupyterhub/tests/test_eventlog.py index 99591b7b..4b3d3fe6 100644 --- a/jupyterhub/tests/test_eventlog.py +++ b/jupyterhub/tests/test_eventlog.py @@ -66,9 +66,9 @@ def test_valid_events(get_hub_and_sink, schema, version, event): hub.eventlog.record_event(schema, version, event) # Inspect consumed event. output = sink.getvalue() - x = json.loads(output) - - assert x is not None + data = json.loads(output) + # Verify event data was recorded + assert data is not None @pytest.mark.parametrize('schema, version, event', invalid_events) def test_invalid_events(get_hub_and_sink, schema, version, event): From 572e008f1dfda93911d076b9a0adad4655738d9d Mon Sep 17 00:00:00 2001 From: Roman Lukin Date: Fri, 23 Aug 2019 16:09:38 +0300 Subject: [PATCH 096/541] Fix mistypos --- docs/source/changelog.md | 2 +- onbuild/Dockerfile | 2 +- onbuild/README.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 4cd14dbd..5a5b6112 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -283,7 +283,7 @@ and tornado < 5.0. coroutines, and CPU/memory/FD consumption. - Add async `Spawner.get_options_form` alternative to `.options_form`, so it can be a coroutine. - Add `JupyterHub.redirect_to_server` config to govern whether - users should be sent to their server on login or the JuptyerHub home page. + users should be sent to their server on login or the JupyterHub home page. - html page templates can be more easily customized and extended. - Allow registering external OAuth clients for using the Hub as an OAuth provider. - Add basic prometheus metrics at `/hub/metrics` endpoint. diff --git a/onbuild/Dockerfile b/onbuild/Dockerfile index ad941aac..1e1bf8f4 100644 --- a/onbuild/Dockerfile +++ b/onbuild/Dockerfile @@ -1,6 +1,6 @@ # JupyterHub Dockerfile that loads your jupyterhub_config.py # -# Adds ONBUILD step to jupyter/jupyterhub to load your juptyerhub_config.py into the image +# Adds ONBUILD step to jupyter/jupyterhub to load your jupyterhub_config.py into the image # # Derivative images must have jupyterhub_config.py next to the Dockerfile. diff --git a/onbuild/README.md b/onbuild/README.md index 8964110d..fae5e4fb 100644 --- a/onbuild/README.md +++ b/onbuild/README.md @@ -2,7 +2,7 @@ If you base a Dockerfile on this image: - FROM juptyerhub/jupyterhub-onbuild:0.6 + FROM jupyterhub/jupyterhub-onbuild:0.6 ... then your `jupyterhub_config.py` adjacent to your Dockerfile will be loaded into the image and used by JupyterHub. From 7b1c4aedcf3be4d8445757ee54ab78a5e25ec14a Mon Sep 17 00:00:00 2001 From: Richard C Gerkin Date: Fri, 23 Aug 2019 08:19:32 -0700 Subject: [PATCH 097/541] Don't catch AttributeError --- jupyterhub/auth.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/jupyterhub/auth.py b/jupyterhub/auth.py index 87ace62d..342abfac 100644 --- a/jupyterhub/auth.py +++ b/jupyterhub/auth.py @@ -1,4 +1,4 @@ -"""Base Authenticator class and the default PAM Authenticator""" + """Base Authenticator class and the default PAM Authenticator""" # Copyright (c) IPython Development Team. # Distributed under the terms of the Modified BSD License. import inspect @@ -775,8 +775,6 @@ class LocalAuthenticator(Authenticator): try: uid = self.uids[name] cmd += ['--uid', '%d' % uid] - except AttributeError: - pass except KeyError: self.log.debug("No UID for user %s" % name) cmd += [name] From a800496f6c1afe8d2a088d75892f52836a61593d Mon Sep 17 00:00:00 2001 From: Katsarov Date: Sat, 24 Aug 2019 11:58:37 +0200 Subject: [PATCH 098/541] create a warning when creating a service implicitly from service_tokens --- jupyterhub/app.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index de788dc2..2f2c1d05 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -1673,6 +1673,12 @@ class JupyterHub(Application): raise ValueError("Token name %r is not in whitelist" % name) if not self.authenticator.validate_username(name): raise ValueError("Token name %r is not valid" % name) + if kind == 'service': + if not any(service["name"] == name for service in self.services): + self.log.warn( + "Warning: service '%s' not in services, creating implicitly. It is recommended to register services using services list." + % name + ) orm_token = orm.APIToken.find(db, token) if orm_token is None: obj = Class.find(db, name) From 2b6ad596d27a32e9e4d6885feed5630509367152 Mon Sep 17 00:00:00 2001 From: Aaron Huang Date: Wed, 22 May 2019 14:01:01 +0800 Subject: [PATCH 099/541] Remove user after login cookie cleared Signed-off-by: Aaron Huang --- jupyterhub/handlers/base.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index 19504c9c..8eebae94 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -484,6 +484,8 @@ class BaseHandler(RequestHandler): path=url_path_join(self.base_url, 'services'), **kwargs ) + # Reset _jupyterhub_user + self._jupyterhub_user = None def _set_cookie(self, key, value, encrypted=True, **overrides): """Setting any cookie should go through here From 9db18439af8c0f3caf7567ba33cf3b000939dfab Mon Sep 17 00:00:00 2001 From: Min RK Date: Wed, 28 Aug 2019 19:01:42 +0200 Subject: [PATCH 100/541] Add JupyterHub.init_spawners_timeout If init_spawners takes too long (default: 10 seconds) to complete, app start will be allowed to continue while finishing in the background. Adds new `check` pending state for the initial check. Checking lots of spawners can take a long time, so allowing this to be async limits the impact on startup time at the expense of starting the Hub in a not-quite-fully-ready state. --- jupyterhub/app.py | 98 +++++++++++++++++++++++++++++++++++++++++-- jupyterhub/spawner.py | 3 ++ jupyterhub/user.py | 1 + 3 files changed, 98 insertions(+), 4 deletions(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index de788dc2..6d47d1f8 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -11,8 +11,10 @@ import re import signal import socket import sys +import time from concurrent.futures import ThreadPoolExecutor from datetime import datetime +from datetime import timedelta from datetime import timezone from functools import partial from getpass import getuser @@ -984,6 +986,28 @@ class JupyterHub(Application): """, ).tag(config=True) + init_spawners_timeout = Integer( + 10, + help=""" + Timeout (in seconds) to wait for spawners to initialize + + Checking if spawners are healthy can take a long time + if many spawners are active at hub start time. + + If it takes longer than this timeout to check, + init_spawner will be left to complete in the background + and the http server is allowed to start. + + A timeout of -1 means wait forever, + which can mean a slow startup of the Hub + but ensures that the Hub is fully consistent by the time it starts responding to requests. + This matches the behavior of jupyterhub 1.0. + + .. versionadded: 1.1.0 + + """, + ).tag(config=True) + db_url = Unicode( 'sqlite:///jupyterhub.sqlite', help="url for the database. e.g. `sqlite:///jupyterhub.sqlite`", @@ -1829,6 +1853,7 @@ class JupyterHub(Application): ) async def init_spawners(self): + self.log.debug("Initializing spawners") db = self.db def _user_summary(user): @@ -1919,6 +1944,8 @@ class JupyterHub(Application): else: self.log.debug("%s not running", spawner._log_name) + spawner._check_pending = False + # parallelize checks for running Spawners check_futures = [] for orm_user in db.query(orm.User): @@ -1929,11 +1956,22 @@ class JupyterHub(Application): # spawner should be running # instantiate Spawner wrapper and check if it's still alive spawner = user.spawners[name] + # signal that check is pending to avoid race conditions + spawner._check_pending = True f = asyncio.ensure_future(check_spawner(user, name, spawner)) check_futures.append(f) + TOTAL_USERS.set(len(self.users)) + + # it's important that we get here before the first await + # so that we know all spawners are instantiated and in the check-pending state + # await checks after submitting them all - await gen.multi(check_futures) + if check_futures: + self.log.debug( + "Awaiting checks for %i possibly-running spawners", len(check_futures) + ) + await gen.multi(check_futures) db.commit() # only perform this query if we are going to log it @@ -1943,7 +1981,7 @@ class JupyterHub(Application): active_counts = self.users.count_active_users() RUNNING_SERVERS.set(active_counts['active']) - TOTAL_USERS.set(len(self.users)) + return len(check_futures) def init_oauth(self): base_url = self.hub.base_url @@ -2106,6 +2144,7 @@ class JupyterHub(Application): super().initialize(*args, **kwargs) if self.generate_config or self.generate_certs or self.subapp: return + self._start_future = asyncio.Future() self.load_config_file(self.config_file) self.init_logging() if 'JupyterHubApp' in self.config: @@ -2156,11 +2195,61 @@ class JupyterHub(Application): self.init_services() await self.init_api_tokens() self.init_tornado_settings() - await self.init_spawners() - self.cleanup_oauth_clients() self.init_handlers() self.init_tornado_application() + # init_spawners can take a while + init_spawners_timeout = self.init_spawners_timeout + if init_spawners_timeout < 0: + # negative timeout means forever (previous, most stable behavior) + init_spawners_timeout = 86400 + print(init_spawners_timeout) + + init_start_time = time.perf_counter() + init_spawners_future = asyncio.ensure_future(self.init_spawners()) + + def log_init_time(f): + n_spawners = f.result() + self.log.info( + "Initialized %i spawners in %.3f seconds", + n_spawners, + time.perf_counter() - init_start_time, + ) + + init_spawners_future.add_done_callback(log_init_time) + + try: + + # don't allow a zero timeout because we still need to be sure + # that the Spawner objects are defined and pending + await gen.with_timeout( + timedelta(seconds=max(init_spawners_timeout, 1)), init_spawners_future + ) + except gen.TimeoutError: + self.log.warning( + "init_spawners did not complete within %i seconds. " + "Allowing to complete in the background.", + self.init_spawners_timeout, + ) + + if init_spawners_future.done(): + self.cleanup_oauth_clients() + else: + # schedule async operations after init_spawners finishes + async def finish_init_spawners(): + await init_spawners_future + # schedule cleanup after spawners are all set up + # because it relies on the state resolved by init_spawners + self.cleanup_oauth_clients() + # trigger a proxy check as soon as all spawners are ready + # because this may be *after* the check made as part of normal startup. + # To avoid races with partially-complete start, + # ensure that start is complete before running this check. + await self._start_future + await self.proxy.check_routes(self.users, self._service_map) + + asyncio.ensure_future(finish_init_spawners()) + async def cleanup(self): """Shutdown managed services and various subprocesses. Cleanup runtime files.""" @@ -2446,6 +2535,7 @@ class JupyterHub(Application): atexit.register(self.atexit) # register cleanup on both TERM and INT self.init_signal() + self._start_future.set_result(None) def init_signal(self): loop = asyncio.get_event_loop() diff --git a/jupyterhub/spawner.py b/jupyterhub/spawner.py index af84c122..5bcbfa54 100644 --- a/jupyterhub/spawner.py +++ b/jupyterhub/spawner.py @@ -86,6 +86,7 @@ class Spawner(LoggingConfigurable): _start_pending = False _stop_pending = False _proxy_pending = False + _check_pending = False _waiting_for_response = False _jupyterhub_version = None _spawn_future = None @@ -121,6 +122,8 @@ class Spawner(LoggingConfigurable): return 'spawn' elif self._stop_pending: return 'stop' + elif self._check_pending: + return 'check' return None @property diff --git a/jupyterhub/user.py b/jupyterhub/user.py index 97a3543f..4b7ca622 100644 --- a/jupyterhub/user.py +++ b/jupyterhub/user.py @@ -725,6 +725,7 @@ class User: spawner = self.spawners[server_name] spawner._spawn_pending = False spawner._start_pending = False + spawner._check_pending = False spawner.stop_polling() spawner._stop_pending = True From 74958d93976eb18bf333d1b7c6d20d8670c7acac Mon Sep 17 00:00:00 2001 From: Min RK Date: Wed, 28 Aug 2019 19:02:58 +0200 Subject: [PATCH 101/541] catch some CancelledErrors which can occur during app shutdown --- jupyterhub/apihandlers/users.py | 13 ++++++++----- jupyterhub/handlers/base.py | 4 ++-- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/jupyterhub/apihandlers/users.py b/jupyterhub/apihandlers/users.py index 1c633723..7231ea2d 100644 --- a/jupyterhub/apihandlers/users.py +++ b/jupyterhub/apihandlers/users.py @@ -589,11 +589,14 @@ class SpawnProgressAPIHandler(APIHandler): async with aclosing( iterate_until(spawn_future, spawner._generate_progress()) ) as events: - async for event in events: - # don't allow events to sneakily set the 'ready' flag - if 'ready' in event: - event.pop('ready', None) - await self.send_event(event) + try: + async for event in events: + # don't allow events to sneakily set the 'ready' flag + if 'ready' in event: + event.pop('ready', None) + await self.send_event(event) + except asyncio.CancelledError: + pass # progress finished, wait for spawn to actually resolve, # in case progress finished early diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index 19504c9c..2b2d18e3 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -877,7 +877,7 @@ class BaseHandler(RequestHandler): # clear spawner._spawn_future when it's done # keep an exception around, though, to prevent repeated implicit spawns # if spawn is failing - if f.exception() is None: + if f.cancelled() or f.exception() is None: spawner._spawn_future = None # Now we're all done. clear _spawn_pending flag spawner._spawn_pending = False @@ -888,7 +888,7 @@ class BaseHandler(RequestHandler): # update failure count and abort if consecutive failure limit # is reached def _track_failure_count(f): - if f.exception() is None: + if f.cancelled() or f.exception() is None: # spawn succeeded, reset failure count self.settings['failure_count'] = 0 return From 096b159c23a81dac37c73de9e373dadf9e59d78d Mon Sep 17 00:00:00 2001 From: Chico Venancio Date: Fri, 30 Aug 2019 13:00:56 -0300 Subject: [PATCH 102/541] ORM: allow MySQL variables to not exist In current versions of MySQL and MariaDB `innodb_file_format` and `innodb_large_prefix` have been removed. This allows them to not exist and makes sure the format for the rows are `Dynamic` (default for current versions). --- jupyterhub/orm.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jupyterhub/orm.py b/jupyterhub/orm.py index 471dd4e2..3198a046 100644 --- a/jupyterhub/orm.py +++ b/jupyterhub/orm.py @@ -770,8 +770,8 @@ def mysql_large_prefix_check(engine): ).fetchall() ) if ( - variables['innodb_file_format'] == 'Barracuda' - and variables['innodb_large_prefix'] == 'ON' + variables.get('innodb_file_format', 'Barracuda') == 'Barracuda' + and variables.get('innodb_large_prefix', 'ON') == 'ON' ): return True else: From 2545cd9bb39fbee5fad55548ea2c7654facf69a9 Mon Sep 17 00:00:00 2001 From: Kenan Erdogan Date: Mon, 2 Sep 2019 19:04:59 +0200 Subject: [PATCH 103/541] change redirecting to relative to home page in js --- share/jupyterhub/static/js/home.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/share/jupyterhub/static/js/home.js b/share/jupyterhub/static/js/home.js index e81b6690..e893e23c 100644 --- a/share/jupyterhub/static/js/home.js +++ b/share/jupyterhub/static/js/home.js @@ -103,7 +103,7 @@ require(["jquery", "moment", "jhapi", "utils"], function( $(".new-server-btn").click(function() { var row = getRow($(this)); var serverName = row.find(".new-server-name").val(); - window.location.href = "../spawn/" + user + "/" + serverName; + window.location.href = "./spawn/" + user + "/" + serverName; }); $(".stop-server").click(stopServer); From 6d696758e43ed8d236d8c705b34b7243d2f620a2 Mon Sep 17 00:00:00 2001 From: Carol Willing Date: Fri, 6 Sep 2019 17:41:34 +0200 Subject: [PATCH 104/541] use autodoc-traits extension for docbuild --- docs/environment.yml | 1 + docs/requirements.txt | 1 + docs/source/conf.py | 3 +-- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/environment.yml b/docs/environment.yml index 2dbfd535..faa2f1ca 100644 --- a/docs/environment.yml +++ b/docs/environment.yml @@ -24,3 +24,4 @@ dependencies: - attrs>=17.4.0 - sphinx-copybutton - alabaster_jupyterhub + - autodoc-traits diff --git a/docs/requirements.txt b/docs/requirements.txt index 5f8b447a..44c782f0 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -2,6 +2,7 @@ # if you change this file -r ../requirements.txt alabaster_jupyterhub +autodoc-traits recommonmark==0.5.0 sphinx-copybutton sphinx>=1.7 diff --git a/docs/source/conf.py b/docs/source/conf.py index 6e83f379..45411969 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -17,7 +17,7 @@ extensions = [ 'sphinx.ext.autodoc', 'sphinx.ext.intersphinx', 'sphinx.ext.napoleon', - 'autodoc_traits', + 'autodoc-traits', 'sphinx_copybutton', ] @@ -37,7 +37,6 @@ from os.path import dirname docs = dirname(dirname(__file__)) root = dirname(docs) sys.path.insert(0, root) -sys.path.insert(0, os.path.join(docs, 'sphinxext')) import jupyterhub From 36a1ad0078a9f03d1c9655f85189fb2d25c92409 Mon Sep 17 00:00:00 2001 From: Carol Willing Date: Fri, 6 Sep 2019 17:42:32 +0200 Subject: [PATCH 105/541] remove sphinxext directory --- docs/sphinxext/autodoc_traits.py | 57 -------------------------------- 1 file changed, 57 deletions(-) delete mode 100644 docs/sphinxext/autodoc_traits.py diff --git a/docs/sphinxext/autodoc_traits.py b/docs/sphinxext/autodoc_traits.py deleted file mode 100644 index 3d54f8bb..00000000 --- a/docs/sphinxext/autodoc_traits.py +++ /dev/null @@ -1,57 +0,0 @@ -"""autodoc extension for configurable traits""" -from sphinx.domains.python import PyClassmember -from sphinx.ext.autodoc import AttributeDocumenter -from sphinx.ext.autodoc import ClassDocumenter -from traitlets import TraitType -from traitlets import Undefined - - -class ConfigurableDocumenter(ClassDocumenter): - """Specialized Documenter subclass for traits with config=True""" - - objtype = 'configurable' - directivetype = 'class' - - def get_object_members(self, want_all): - """Add traits with .tag(config=True) to members list""" - check, members = super().get_object_members(want_all) - get_traits = ( - self.object.class_own_traits - if self.options.inherited_members - else self.object.class_traits - ) - trait_members = [] - for name, trait in sorted(get_traits(config=True).items()): - # put help in __doc__ where autodoc will look for it - trait.__doc__ = trait.help - trait_members.append((name, trait)) - return check, trait_members + members - - -class TraitDocumenter(AttributeDocumenter): - objtype = 'trait' - directivetype = 'attribute' - member_order = 1 - priority = 100 - - @classmethod - def can_document_member(cls, member, membername, isattr, parent): - return isinstance(member, TraitType) - - def add_directive_header(self, sig): - default = self.object.get_default_value() - if default is Undefined: - default_s = '' - else: - default_s = repr(default) - self.options.annotation = 'c.{name} = {trait}({default})'.format( - name=self.format_name(), - trait=self.object.__class__.__name__, - default=default_s, - ) - super().add_directive_header(sig) - - -def setup(app): - app.add_autodocumenter(ConfigurableDocumenter) - app.add_autodocumenter(TraitDocumenter) From a239a25ae0499c49021e3e4cc368b8fd6f5c20c3 Mon Sep 17 00:00:00 2001 From: Carol Willing Date: Sat, 7 Sep 2019 02:19:19 +0200 Subject: [PATCH 106/541] fix case --- docs/source/conf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/conf.py b/docs/source/conf.py index 45411969..5f8d3632 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -17,7 +17,7 @@ extensions = [ 'sphinx.ext.autodoc', 'sphinx.ext.intersphinx', 'sphinx.ext.napoleon', - 'autodoc-traits', + 'autodoc_traits', 'sphinx_copybutton', ] From b9bdc99c1d0632ccdbf434aae019d87659408443 Mon Sep 17 00:00:00 2001 From: Carol Willing Date: Sun, 8 Sep 2019 12:14:59 +0200 Subject: [PATCH 107/541] move pull request template --- .github/PULL_REQUEST_TEMPLATE/.keep | 0 .../PULL_REQUEST_TEMPLATE/PULL_REQUEST_TEMPLATE.md | 0 2 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 .github/PULL_REQUEST_TEMPLATE/.keep rename PULL_REQUEST_TEMPLATE.md => .github/PULL_REQUEST_TEMPLATE/PULL_REQUEST_TEMPLATE.md (100%) diff --git a/.github/PULL_REQUEST_TEMPLATE/.keep b/.github/PULL_REQUEST_TEMPLATE/.keep deleted file mode 100644 index e69de29b..00000000 diff --git a/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE/PULL_REQUEST_TEMPLATE.md similarity index 100% rename from PULL_REQUEST_TEMPLATE.md rename to .github/PULL_REQUEST_TEMPLATE/PULL_REQUEST_TEMPLATE.md From 444029699a5c785edf4edc0577e867cfc2615f25 Mon Sep 17 00:00:00 2001 From: Carol Willing Date: Sun, 8 Sep 2019 12:30:44 +0200 Subject: [PATCH 108/541] update the issue template --- .../installation-and-configuration-issues.md | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/installation-and-configuration-issues.md b/.github/ISSUE_TEMPLATE/installation-and-configuration-issues.md index 9a6c731b..57db1984 100644 --- a/.github/ISSUE_TEMPLATE/installation-and-configuration-issues.md +++ b/.github/ISSUE_TEMPLATE/installation-and-configuration-issues.md @@ -4,4 +4,19 @@ about: Installation and configuration assistance --- -If you are having issues with installation or configuration, you may ask for help on the JupyterHub gitter channel or file an issue here. + From 0bcd6adde6a65eccc567a278f6ef9feb79030e69 Mon Sep 17 00:00:00 2001 From: Carol Willing Date: Sun, 8 Sep 2019 12:39:11 +0200 Subject: [PATCH 109/541] Edit bug report --- .github/ISSUE_TEMPLATE/bug_report.md | 36 ++++++++++--------- .../installation-and-configuration-issues.md | 2 +- 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 476d8bb6..f5540a34 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -1,37 +1,39 @@ --- -name: Bug report +name: Issue report about: Create a report to help us improve --- + **Describe the bug** A clear and concise description of what the bug is. + + **To Reproduce** -Steps to reproduce the behavior: + **Expected behavior** + -**Screenshots** -If applicable, add screenshots to help explain your problem. - -**Desktop (please complete the following information):** - - OS: [e.g. iOS] - - Browser [e.g. chrome, safari] - - Version [e.g. 22] - -**Additional context** -Add any other context about the problem here. - -- Running `jupyter troubleshoot` from the command line, if possible, and posting -its output would also be helpful. -- Running in `--debug` mode can also be helpful for troubleshooting. +**Compute Information** + - Operating System + - JupyterHub Version [e.g. 22] diff --git a/.github/ISSUE_TEMPLATE/installation-and-configuration-issues.md b/.github/ISSUE_TEMPLATE/installation-and-configuration-issues.md index 57db1984..2505d1d8 100644 --- a/.github/ISSUE_TEMPLATE/installation-and-configuration-issues.md +++ b/.github/ISSUE_TEMPLATE/installation-and-configuration-issues.md @@ -1,5 +1,5 @@ --- -name: Installation and configuration issues +name: Installation and configuration questions about: Installation and configuration assistance --- From e07aaa603ae098132eb9996b55c0aa659277547f Mon Sep 17 00:00:00 2001 From: Carol Willing Date: Sun, 8 Sep 2019 15:59:58 +0200 Subject: [PATCH 110/541] fix typo found by @blink1073 review --- .github/ISSUE_TEMPLATE/bug_report.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index f5540a34..dde161d9 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -12,7 +12,7 @@ If you are reporting an issue with JupyterHub, please use the GitHub search feat Some tips: - Running `jupyter troubleshoot` from the command line, if possible, and posting its output would also be helpful. -- Running JupyterHub in `--debug` mode (`jupyterhub --debug` can also be helpful for troubleshooting. +- Running JupyterHub in `--debug` mode (`jupyterhub --debug`) can also be helpful for troubleshooting. ---> **Describe the bug** From dcde9f6222b5e3f61cbb2254296bab77668f2d7a Mon Sep 17 00:00:00 2001 From: Ed Slavich Date: Wed, 18 Sep 2019 18:34:05 -0400 Subject: [PATCH 111/541] Remove duplicate hub and authenticator traitlets from Spawner --- jupyterhub/spawner.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/jupyterhub/spawner.py b/jupyterhub/spawner.py index af84c122..6f3e4009 100644 --- a/jupyterhub/spawner.py +++ b/jupyterhub/spawner.py @@ -207,8 +207,6 @@ class Spawner(LoggingConfigurable): return self.orm_spawner.name return '' - hub = Any() - authenticator = Any() internal_ssl = Bool(False) internal_trust_bundles = Dict() internal_certs_location = Unicode('') From 7fcd6ad45038720a06977b9b76891fe9df70bf89 Mon Sep 17 00:00:00 2001 From: William Krinsman Date: Wed, 18 Sep 2019 12:07:48 -0700 Subject: [PATCH 112/541] Added configurable default server name attribute to better match behavior described for user-redirect in urls.md in the docs --- jupyterhub/app.py | 17 +++++++++++++++++ jupyterhub/user.py | 9 +++++++-- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 2f2c1d05..78898dcd 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -911,6 +911,22 @@ class JupyterHub(Application): """, ).tag(config=True) + default_server_name = Unicode( + "", + help="If named servers are enabled, default name of server to spawn or open, e.g. by user-redirect.", + ).tag(config=True) + # Ensure that default_server_name doesn't do anything if named servers aren't allowed + _default_server_name = Unicode( + help="Non-configurable version exposed to JupyterHub." + ) + + @default('_default_server_name') + def _set_default_server_name(self): + if self.allow_named_servers: + return self.default_server_name + else: + return "" + # class for spawning single-user servers spawner_class = EntryPointType( default_value=LocalProcessSpawner, @@ -2060,6 +2076,7 @@ class JupyterHub(Application): domain=self.domain, statsd=self.statsd, allow_named_servers=self.allow_named_servers, + default_server_name=self._default_server_name, named_server_limit_per_user=self.named_server_limit_per_user, oauth_provider=self.oauth_provider, concurrent_spawn_limit=self.concurrent_spawn_limit, diff --git a/jupyterhub/user.py b/jupyterhub/user.py index 97a3543f..6a5ad1a9 100644 --- a/jupyterhub/user.py +++ b/jupyterhub/user.py @@ -389,9 +389,14 @@ class User: Full name.domain/path if using subdomains, otherwise just my /base/url """ if self.settings.get('subdomain_host'): - return '{host}{path}'.format(host=self.host, path=self.base_url) + url = '{host}{path}'.format(host=self.host, path=self.base_url) else: - return self.base_url + url = self.base_url + + if self.settings.get('default_server_name'): + return url_path_join(url, self.settings.get('default_server_name')) + else: + return url def server_url(self, server_name=''): """Get the url for a server with a given name""" From 7fd3271c9bd1f793a550989e5f4f4dfa0a2a6c01 Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 19 Sep 2019 15:16:37 +0200 Subject: [PATCH 113/541] rely on app fixture to get configured app re-run init_eventlog to ensure event logging is hooked up --- jupyterhub/tests/test_eventlog.py | 78 +++++++++++++++---------------- 1 file changed, 39 insertions(+), 39 deletions(-) diff --git a/jupyterhub/tests/test_eventlog.py b/jupyterhub/tests/test_eventlog.py index 4b3d3fe6..dc9cfda2 100644 --- a/jupyterhub/tests/test_eventlog.py +++ b/jupyterhub/tests/test_eventlog.py @@ -1,18 +1,21 @@ -"""Tests for Eventlogging in JupyterHub. +"""Tests for Eventlogging in JupyterHub. -To test a new schema or event, simply add it to the -`valid_events` and `invalid_events` variables below. +To test a new schema or event, simply add it to the +`valid_events` and `invalid_events` variables below. You *shouldn't* need to write new tests. """ import io import json import logging +from unittest import mock + import jsonschema import pytest -from .mocking import MockHub from traitlets.config import Config +from .mocking import MockHub + # To test new schemas, add them to the `valid_events` # and `invalid_events` dictionary below. @@ -20,60 +23,57 @@ from traitlets.config import Config # To test valid events, add event item with the form: # { ( '', ) : { } } valid_events = [ - ('hub.jupyter.org/server-action', 1, dict(action='start', username='test-username', servername='test-servername')), + ( + 'hub.jupyter.org/server-action', + 1, + dict(action='start', username='test-username', servername='test-servername'), + ) ] # To test invalid events, add event item with the form: # { ( '', ) : { } } invalid_events = [ # Missing required keys - ('hub.jupyter.org/server-action', 1, dict(action='start')), + ('hub.jupyter.org/server-action', 1, dict(action='start')) ] @pytest.fixture -def get_hub_and_sink(): - """Get a hub instance with all registered schemas and record an event with it.""" - # Get a mockhub. - hub = MockHub.instance() - sink = io.StringIO() +def eventlog_sink(app): + """Return eventlog and sink objects""" + sink = io.StringIO() handler = logging.StreamHandler(sink) + # Update the EventLog config with handler + cfg = Config() + cfg.EventLog.handlers = [handler] - def _get_hub_and_sink(schema): - # Update the hub config with handler info. - cfg = Config() - cfg.EventLog.handlers = [handler] - cfg.EventLog.allowed_schemas = [schema] - - # Get hub app. - hub.update_config(cfg) - hub.init_eventlog() - - # Record an event from the hub. - return hub, sink - - yield _get_hub_and_sink - - # teardown - hub.clear_instance() - handler.flush() + with mock.patch.object(app.config, 'EventLog', cfg.EventLog): + # recreate the eventlog object with our config + app.init_eventlog() + # return the sink from the fixture + yield app.eventlog, sink + # reset eventlog with original config + app.init_eventlog() @pytest.mark.parametrize('schema, version, event', valid_events) -def test_valid_events(get_hub_and_sink, schema, version, event): - hub, sink = get_hub_and_sink(schema) - # Record event. - hub.eventlog.record_event(schema, version, event) - # Inspect consumed event. +def test_valid_events(eventlog_sink, schema, version, event): + eventlog, sink = eventlog_sink + eventlog.allowed_schemas = [schema] + # Record event + eventlog.record_event(schema, version, event) + # Inspect consumed event output = sink.getvalue() data = json.loads(output) # Verify event data was recorded assert data is not None + @pytest.mark.parametrize('schema, version, event', invalid_events) -def test_invalid_events(get_hub_and_sink, schema, version, event): - hub, sink = get_hub_and_sink(schema) - - # Make sure an error is thrown when bad events are recorded. +def test_invalid_events(eventlog_sink, schema, version, event): + eventlog, sink = eventlog_sink + eventlog.allowed_schemas = [schema] + + # Make sure an error is thrown when bad events are recorded with pytest.raises(jsonschema.ValidationError): - recorded_event = hub.eventlog.record_event(schema, version, event) + recorded_event = eventlog.record_event(schema, version, event) From 949d8d0bfa7e565f2de808593c1fb32a5d86808b Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 19 Sep 2019 15:46:09 +0200 Subject: [PATCH 114/541] avoid disabling existing loggers when invoking alembic causes some weird behavior, such as event log not working --- jupyterhub/alembic/env.py | 2 +- jupyterhub/tests/test_eventlog.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/jupyterhub/alembic/env.py b/jupyterhub/alembic/env.py index 4846f4c1..584f82c1 100644 --- a/jupyterhub/alembic/env.py +++ b/jupyterhub/alembic/env.py @@ -28,7 +28,7 @@ if 'jupyterhub' in sys.modules: alembic_logger.propagate = True alembic_logger.parent = app.log else: - fileConfig(config.config_file_name) + fileConfig(config.config_file_name, disable_existing_loggers=False) else: fileConfig(config.config_file_name) diff --git a/jupyterhub/tests/test_eventlog.py b/jupyterhub/tests/test_eventlog.py index dc9cfda2..3cfbaec1 100644 --- a/jupyterhub/tests/test_eventlog.py +++ b/jupyterhub/tests/test_eventlog.py @@ -64,6 +64,7 @@ def test_valid_events(eventlog_sink, schema, version, event): eventlog.record_event(schema, version, event) # Inspect consumed event output = sink.getvalue() + assert output data = json.loads(output) # Verify event data was recorded assert data is not None From ac32ae496e6dfb645e35f3cf1ae2d0c77ec21edf Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 19 Sep 2019 15:51:02 +0200 Subject: [PATCH 115/541] run pre-commit hook --- docs/requirements.txt | 2 +- docs/source/conf.py | 2 +- docs/source/events/index.rst | 2 +- docs/source/events/server-actions.rst | 2 +- jupyterhub/app.py | 7 +++---- jupyterhub/handlers/base.py | 20 ++++++++++++-------- requirements.txt | 2 +- 7 files changed, 20 insertions(+), 17 deletions(-) diff --git a/docs/requirements.txt b/docs/requirements.txt index 0ac4a7ce..980376d5 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -4,5 +4,5 @@ alabaster_jupyterhub recommonmark==0.5.0 sphinx-copybutton +sphinx-jsonschema sphinx>=1.7 -sphinx-jsonschema \ No newline at end of file diff --git a/docs/source/conf.py b/docs/source/conf.py index 0e84f38c..036cac22 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -19,7 +19,7 @@ extensions = [ 'sphinx.ext.napoleon', 'autodoc_traits', 'sphinx_copybutton', - 'sphinx-jsonschema' + 'sphinx-jsonschema', ] templates_path = ['_templates'] diff --git a/docs/source/events/index.rst b/docs/source/events/index.rst index 4ecf1ebd..d662b8bf 100644 --- a/docs/source/events/index.rst +++ b/docs/source/events/index.rst @@ -47,4 +47,4 @@ Event schemas .. toctree:: :maxdepth: 2 - server-actions.rst \ No newline at end of file + server-actions.rst diff --git a/docs/source/events/server-actions.rst b/docs/source/events/server-actions.rst index 7db66a27..12018713 100644 --- a/docs/source/events/server-actions.rst +++ b/docs/source/events/server-actions.rst @@ -1 +1 @@ -.. jsonschema:: ../../../jupyterhub/event-schemas/server-actions/v1.yaml \ No newline at end of file +.. jsonschema:: ../../../jupyterhub/event-schemas/server-actions/v1.yaml diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 1451cc64..b7da6a4f 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -5,19 +5,19 @@ import asyncio import atexit import binascii +import json import logging import os import re import signal import socket import sys -import json -from glob import glob from concurrent.futures import ThreadPoolExecutor from datetime import datetime from datetime import timezone from functools import partial from getpass import getuser +from glob import glob from operator import itemgetter from textwrap import dedent from urllib.parse import unquote @@ -2073,7 +2073,7 @@ class JupyterHub(Application): internal_ssl_ca=self.internal_ssl_ca, trusted_alt_names=self.trusted_alt_names, shutdown_on_logout=self.shutdown_on_logout, - eventlog=self.eventlog + eventlog=self.eventlog, ) # allow configured settings to have priority settings.update(self.tornado_settings) @@ -2109,7 +2109,6 @@ class JupyterHub(Application): continue self.eventlog.register_schema_file(os.path.join(dirname, file)) - def write_pid_file(self): pid = os.getpid() if self.pid_file: diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index b5f37cc8..e5249cb5 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -850,11 +850,11 @@ class BaseHandler(RequestHandler): SERVER_SPAWN_DURATION_SECONDS.labels( status=ServerSpawnStatus.success ).observe(time.perf_counter() - spawn_start_time) - self.eventlog.record_event('hub.jupyter.org/server-action', 1, { - 'action': 'start', - 'username': user.name, - 'servername': server_name - }) + self.eventlog.record_event( + 'hub.jupyter.org/server-action', + 1, + {'action': 'start', 'username': user.name, 'servername': server_name}, + ) proxy_add_start_time = time.perf_counter() spawner._proxy_pending = True try: @@ -1035,11 +1035,15 @@ class BaseHandler(RequestHandler): SERVER_STOP_DURATION_SECONDS.labels( status=ServerStopStatus.success ).observe(toc - tic) - self.eventlog.record_event('hub.jupyter.org/server-action', 1, { + self.eventlog.record_event( + 'hub.jupyter.org/server-action', + 1, + { 'action': 'stop', 'username': user.name, - 'servername': server_name - }) + 'servername': server_name, + }, + ) except: SERVER_STOP_DURATION_SECONDS.labels( status=ServerStopStatus.failure diff --git a/requirements.txt b/requirements.txt index 3ae33109..7821b905 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,6 +3,7 @@ async_generator>=1.8 certipy>=0.1.2 entrypoints jinja2 +jupyter_telemetry oauthlib>=3.0 pamela prometheus_client>=0.0.21 @@ -11,4 +12,3 @@ requests SQLAlchemy>=1.1 tornado>=5.0 traitlets>=4.3.2 -jupyter_telemetry From f79495e6bfda54dbae554121458a520dda6033a6 Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 19 Sep 2019 16:12:29 +0200 Subject: [PATCH 116/541] fix relative links for spawn --- share/jupyterhub/static/js/home.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/share/jupyterhub/static/js/home.js b/share/jupyterhub/static/js/home.js index be4e39ea..e10ed7c3 100644 --- a/share/jupyterhub/static/js/home.js +++ b/share/jupyterhub/static/js/home.js @@ -105,9 +105,9 @@ require(["jquery", "moment", "jhapi", "utils"], function( var serverName = row.find(".new-server-name").val(); if (serverName === "") { // ../spawn/user/ causes a 404, ../spawn/user redirects correctly to the default server - window.location.href = "../spawn/" + user; + window.location.href = "./spawn/" + user; } else { - window.location.href = "../spawn/" + user + "/" + serverName; + window.location.href = "./spawn/" + user + "/" + serverName; } }); From 898fea9fdc4c28b0c2d92c8d64e889ff89ba0880 Mon Sep 17 00:00:00 2001 From: Zachary Sailer Date: Thu, 19 Sep 2019 11:23:41 -0700 Subject: [PATCH 117/541] Minor typos found by @minrk --- docs/source/events/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/events/index.rst b/docs/source/events/index.rst index d662b8bf..90e30acb 100644 --- a/docs/source/events/index.rst +++ b/docs/source/events/index.rst @@ -13,7 +13,7 @@ JupyterHub can be configured to record structured events from a running server u How to emit events ------------------ -Eventlogging is handled by its ``Eventlog`` object. This leverages Python's standing logging_ library to emit, filter, and collect event data. +Event logging is handled by its ``Eventlog`` object. This leverages Python's standing logging_ library to emit, filter, and collect event data. To begin recording events, you'll need to set two configurations: From 9cf22e4106ba5f1348e03fef4b5cd210ed0d3538 Mon Sep 17 00:00:00 2001 From: "Bruno P. Kinoshita" Date: Sun, 22 Sep 2019 23:07:53 +1200 Subject: [PATCH 118/541] Replace deprecated calls --- jupyterhub/objects.py | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/jupyterhub/objects.py b/jupyterhub/objects.py index d2e32639..de2ac7a6 100644 --- a/jupyterhub/objects.py +++ b/jupyterhub/objects.py @@ -213,8 +213,4 @@ class Hub(Server): return url_path_join(self.url, 'api') def __repr__(self): - return "<%s %s:%s>" % ( - self.__class__.__name__, - self.server.ip, - self.server.port, - ) + return "<%s %s:%s>" % (self.__class__.__name__, self.ip, self.port) From 5d3dc509bd913530752439002178676991548b56 Mon Sep 17 00:00:00 2001 From: "Bruno P. Kinoshita" Date: Mon, 23 Sep 2019 13:13:21 +1200 Subject: [PATCH 119/541] Remove tornado deprecated/unnecessary call (>5) --- jupyterhub/app.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 2f2c1d05..b71ee7cd 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -36,7 +36,6 @@ from tornado.ioloop import IOLoop, PeriodicCallback from tornado.log import app_log, access_log, gen_log import tornado.options from tornado import gen, web -from tornado.platform.asyncio import AsyncIOMainLoop from traitlets import ( Unicode, @@ -2538,7 +2537,6 @@ class JupyterHub(Application): @classmethod def launch_instance(cls, argv=None): self = cls.instance() - AsyncIOMainLoop().install() loop = IOLoop.current() task = asyncio.ensure_future(self.launch_instance_async(argv)) try: From a8c0609eb9a50962c5f6c26e05e55f43f629e57f Mon Sep 17 00:00:00 2001 From: Min RK Date: Tue, 24 Sep 2019 11:32:23 +0200 Subject: [PATCH 120/541] blacklist urllib3 versions with encoding bug I *think* this should only affect testing, not production --- dev-requirements.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dev-requirements.txt b/dev-requirements.txt index 54a64481..7b14b306 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -14,4 +14,7 @@ pytest-asyncio pytest-cov pytest>=3.3 requests-mock +# blacklist urllib3 releases affected by https://github.com/urllib3/urllib3/issues/1683 +# I *think* this should only affect testing, not production +urllib3!=1.25.4,!=1.25.5 virtualenv From d51d39728a0984aabb6f5e4bfa420e6431ac22f7 Mon Sep 17 00:00:00 2001 From: Min RK Date: Tue, 24 Sep 2019 14:40:34 +0200 Subject: [PATCH 121/541] Errant indentation --- jupyterhub/auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/auth.py b/jupyterhub/auth.py index 342abfac..faeb584a 100644 --- a/jupyterhub/auth.py +++ b/jupyterhub/auth.py @@ -1,4 +1,4 @@ - """Base Authenticator class and the default PAM Authenticator""" +"""Base Authenticator class and the default PAM Authenticator""" # Copyright (c) IPython Development Team. # Distributed under the terms of the Modified BSD License. import inspect From 1701149fd76033fa5fa24a286ca746142436c9aa Mon Sep 17 00:00:00 2001 From: Carol Willing Date: Tue, 24 Sep 2019 12:04:11 -0700 Subject: [PATCH 122/541] add missing package for json schema --- docs/environment.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/environment.yml b/docs/environment.yml index faa2f1ca..f1e2df83 100644 --- a/docs/environment.yml +++ b/docs/environment.yml @@ -25,3 +25,5 @@ dependencies: - sphinx-copybutton - alabaster_jupyterhub - autodoc-traits + - sphinx-jsonschema + From b41a383eae52dd5ceee565df7da358d2c504cf96 Mon Sep 17 00:00:00 2001 From: Carol Willing Date: Tue, 24 Sep 2019 12:20:42 -0700 Subject: [PATCH 123/541] fix trailing space in file --- docs/environment.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/environment.yml b/docs/environment.yml index f1e2df83..e8f9d380 100644 --- a/docs/environment.yml +++ b/docs/environment.yml @@ -26,4 +26,3 @@ dependencies: - alabaster_jupyterhub - autodoc-traits - sphinx-jsonschema - From 0f93571ca5060d6863cb564e916d69beb7370040 Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 26 Sep 2019 14:58:26 +0200 Subject: [PATCH 124/541] verify proxy is accessible before listening on the hub lighter weight than check_routes --- jupyterhub/app.py | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 9634773b..54422dd0 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -2452,6 +2452,20 @@ class JupyterHub(Application): loop.stop() return + # start the proxy + if self.proxy.should_start: + try: + await self.proxy.start() + except Exception as e: + self.log.critical("Failed to start proxy", exc_info=True) + self.exit(1) + else: + self.log.info("Not starting proxy") + + # verify that we can talk to the proxy before listening. + # avoids delayed failure if we can't talk to the proxy + await self.proxy.get_all_routes() + ssl_context = make_ssl_context( self.internal_ssl_key, self.internal_ssl_cert, @@ -2489,16 +2503,6 @@ class JupyterHub(Application): self.log.error("Failed to bind hub to %s", self.hub.bind_url) raise - # start the proxy - if self.proxy.should_start: - try: - await self.proxy.start() - except Exception as e: - self.log.critical("Failed to start proxy", exc_info=True) - self.exit(1) - else: - self.log.info("Not starting proxy") - # start the service(s) for service_name, service in self._service_map.items(): msg = ( From 231d14e95d9c6e1a93820f6c8ac207a40f8df93b Mon Sep 17 00:00:00 2001 From: Richard Darst Date: Thu, 26 Sep 2019 17:33:38 +0300 Subject: [PATCH 125/541] Reduce verbosity for "Failing suspected API request to not-running server" - API requests to non-running servers are not uncommon when you cull servers and people leave tabs open and active. It returns with 503 and logs all headers, which can take up half of our total log lines - This avoids logging headers for all 502 and 503 return statuses. #2747 presented an alternative (more complex) implementation, but this turned out to be appropriate. - Closes: #2747 --- jupyterhub/log.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/log.py b/jupyterhub/log.py index a9992acf..aca5383b 100644 --- a/jupyterhub/log.py +++ b/jupyterhub/log.py @@ -162,7 +162,7 @@ def log_request(handler): location='', ) msg = "{status} {method} {uri}{location} ({user}@{ip}) {request_time:.2f}ms" - if status >= 500 and status != 502: + if status >= 500 and status not in {502, 503}: log_method(json.dumps(headers, indent=2)) elif status in {301, 302}: # log redirect targets From 8a03b7308662688d4c5b6aa14506f68a08d8b78d Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 27 Sep 2019 09:32:51 +0200 Subject: [PATCH 126/541] Log JupyterHub version on startup --- jupyterhub/app.py | 1 + 1 file changed, 1 insertion(+) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 54422dd0..324656f4 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -2184,6 +2184,7 @@ class JupyterHub(Application): self._start_future = asyncio.Future() self.load_config_file(self.config_file) self.init_logging() + self.log.info("Running JupyterHub version %s", jupyterhub.__version__) if 'JupyterHubApp' in self.config: self.log.warning( "Use JupyterHub in config, not JupyterHubApp. Outdated config:\n%s", From f13bd59f6f6b32df3fa112fbff60ca295024af3e Mon Sep 17 00:00:00 2001 From: Dan Allan Date: Tue, 1 Oct 2019 16:13:29 -0400 Subject: [PATCH 127/541] Expose spawner.user_options in REST API. --- jupyterhub/apihandlers/base.py | 1 + 1 file changed, 1 insertion(+) diff --git a/jupyterhub/apihandlers/base.py b/jupyterhub/apihandlers/base.py index 600876cd..d59cfb12 100644 --- a/jupyterhub/apihandlers/base.py +++ b/jupyterhub/apihandlers/base.py @@ -141,6 +141,7 @@ class APIHandler(BaseHandler): 'ready': spawner.ready, 'state': spawner.get_state() if include_state else None, 'url': url_path_join(spawner.user.url, spawner.name, '/'), + 'user_options': spawner.user_options, 'progress_url': spawner._progress_url, } From cdba57e96ad8a3c61cd293bdd12025589a27736f Mon Sep 17 00:00:00 2001 From: Dan Allan Date: Tue, 1 Oct 2019 16:44:27 -0400 Subject: [PATCH 128/541] Update expected test result to include user_options. --- jupyterhub/tests/test_named_servers.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jupyterhub/tests/test_named_servers.py b/jupyterhub/tests/test_named_servers.py index 0f6809c1..49924db7 100644 --- a/jupyterhub/tests/test_named_servers.py +++ b/jupyterhub/tests/test_named_servers.py @@ -57,6 +57,7 @@ async def test_default_server(app, named_servers): username ), 'state': {'pid': 0}, + 'user_options': {}, } }, } @@ -116,6 +117,7 @@ async def test_create_named_server(app, named_servers): username, servername ), 'state': {'pid': 0}, + 'user_options': {}, } for name in [servername] }, From cd0b3e05e2a881c994e35206f3f060183f4a5b3b Mon Sep 17 00:00:00 2001 From: Rollin Thomas Date: Sat, 5 Oct 2019 10:43:51 -0700 Subject: [PATCH 129/541] Add service links --- jupyterhub/handlers/base.py | 11 +++++++++++ share/jupyterhub/templates/page.html | 10 ++++++++++ 2 files changed, 21 insertions(+) diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index 03d9cf3b..054e4a82 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -1107,11 +1107,22 @@ class BaseHandler(RequestHandler): logout_url=self.settings['logout_url'], static_url=self.static_url, version_hash=self.version_hash, + services=self.get_accessible_services(user), ) if self.settings['template_vars']: ns.update(self.settings['template_vars']) return ns + def get_accessible_services(self, user): + accessible_services = list() + for service in self.services.values(): + if not service.url: + continue + if service.admin and not user.admin: + continue + accessible_services.append(service) + return accessible_services + def write_error(self, status_code, **kwargs): """render custom error pages""" exc_info = kwargs.get('exc_info') diff --git a/share/jupyterhub/templates/page.html b/share/jupyterhub/templates/page.html index cd50ee11..2ffac9ec 100644 --- a/share/jupyterhub/templates/page.html +++ b/share/jupyterhub/templates/page.html @@ -118,6 +118,16 @@ {% if user.admin %}
  • Admin
    • {% endif %} + {% if services %} +
  • + + +
    • + {% endif %} {% endblock %} {% endif %} From 561f4d08895b2092fc541bc1530f3eab9f7e48d4 Mon Sep 17 00:00:00 2001 From: Min RK Date: Tue, 8 Oct 2019 15:28:47 +0200 Subject: [PATCH 130/541] add `service.oauth_no_confirm` configuration allows services to be explicitly blessed to skip the extra oauth confirmation page added in 1.0 This confirmation page is unhelpful for many admin-managed services, and is mainly intended for cross-user access. The default behavior is unchanged, but services can now opt-out of confirmation (as is done already for the user's own servers). Use with caution, as this eliminates users' ability to confirm that a service should be able to authenticate them. --- jupyterhub/apihandlers/auth.py | 30 +++++++++++++++++++++++++++--- jupyterhub/app.py | 10 ++++++++++ jupyterhub/services/service.py | 22 +++++++++++++++++++++- 3 files changed, 58 insertions(+), 4 deletions(-) diff --git a/jupyterhub/apihandlers/auth.py b/jupyterhub/apihandlers/auth.py index 07e4d18b..cf1eba14 100644 --- a/jupyterhub/apihandlers/auth.py +++ b/jupyterhub/apihandlers/auth.py @@ -198,6 +198,30 @@ class OAuthAuthorizeHandler(OAuthHandler, BaseHandler): raise self.send_oauth_response(headers, body, status) + def needs_oauth_confirm(self, user, oauth_client): + """Return whether the given oauth client needs to prompt for access for the given user + + Checks whitelist for oauth clients + + (i.e. the user's own server) + + .. versionadded: 1.1 + """ + # get the oauth client ids for the user's own server(s) + own_oauth_client_ids = set( + spawner.oauth_client_id for spawner in user.spawners.values() + ) + if ( + # it's the user's own server + oauth_client.identifier in own_oauth_client_ids + # or it's in the global whitelist + or oauth_client.identifier + in self.settings.get('oauth_no_confirm_whitelist', set()) + ): + return False + # default: require confirmation + return True + @web.authenticated def get(self): """GET /oauth/authorization @@ -205,7 +229,8 @@ class OAuthAuthorizeHandler(OAuthHandler, BaseHandler): Render oauth confirmation page: "Server at ... would like permission to ...". - Users accessing their own server will skip confirmation. + Users accessing their own server or a service whitelist + will skip confirmation. """ uri, http_method, body, headers = self.extract_oauth_params() @@ -215,13 +240,12 @@ class OAuthAuthorizeHandler(OAuthHandler, BaseHandler): ) credentials = self.add_credentials(credentials) client = self.oauth_provider.fetch_by_client_id(credentials['client_id']) - if client.redirect_uri.startswith(self.current_user.url): + if not self.needs_oauth_confirm(self.current_user, client): self.log.debug( "Skipping oauth confirmation for %s accessing %s", self.current_user, client.description, ) - # access to my own server doesn't require oauth confirmation # this is the pre-1.0 behavior for all oauth self._complete_login(uri, headers, scopes, credentials) return diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 2f2c1d05..720ab426 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -2030,6 +2030,15 @@ class JupyterHub(Application): else: version_hash = datetime.now().strftime("%Y%m%d%H%M%S") + oauth_no_confirm_whitelist = set() + for service in self._service_map.values(): + if service.oauth_no_confirm: + self.log.warning( + "Allowing service %s to complete OAuth without confirmation", + service.name, + ) + oauth_no_confirm_whitelist.add(service.oauth_client_id) + settings = dict( log_function=log_request, config=self.config, @@ -2062,6 +2071,7 @@ class JupyterHub(Application): allow_named_servers=self.allow_named_servers, named_server_limit_per_user=self.named_server_limit_per_user, oauth_provider=self.oauth_provider, + oauth_no_confirm_whitelist=oauth_no_confirm_whitelist, concurrent_spawn_limit=self.concurrent_spawn_limit, spawn_throttle_retry_range=self.spawn_throttle_retry_range, active_server_limit=self.active_server_limit, diff --git a/jupyterhub/services/service.py b/jupyterhub/services/service.py index 9da030b7..e5fa0d9d 100644 --- a/jupyterhub/services/service.py +++ b/jupyterhub/services/service.py @@ -147,11 +147,15 @@ class Service(LoggingConfigurable): - name: str the name of the service - - admin: bool(false) + - admin: bool(False) whether the service should have administrative privileges - url: str (None) The URL where the service is/should be. If specified, the service will be added to the proxy at /services/:name + - oauth_no_confirm: bool(False) + .. versionadded:: 1.1 + Whether this service should be allowed to complete oauth + with logged-in users without prompting for confirmation. If a service is to be managed by the Hub, it has a few extra options: @@ -184,6 +188,7 @@ class Service(LoggingConfigurable): If managed, will be passed as JUPYTERHUB_SERVICE_URL env. """ ).tag(input=True) + api_token = Unicode( help="""The API token to use for the service. @@ -197,6 +202,21 @@ class Service(LoggingConfigurable): """ ).tag(input=True) + oauth_no_confirm = Bool( + False, + help="""Skip OAuth confirmation when users access this service. + + By default, when users authenticate with a service using JupyterHub, + they are prompted to confirm that they want to grant that service + access to their credentials. + Setting oauth_no_confirm=True skips the confirmation for this service. + Useful for admin-managed services that are considered part of the Hub, + which shouldn't need extra prompts for login. + + .. versionadded: 1.1 + """, + ).tag(input=True) + # Managed service API: spawner = Any() From 2ad1159f69f57106b1c1272812f1f93a8f1d7062 Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 10 Oct 2019 10:49:55 +0200 Subject: [PATCH 131/541] Apply suggestions from code review Co-Authored-By: Carol Willing --- jupyterhub/app.py | 2 +- jupyterhub/services/service.py | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 720ab426..efb5ebd0 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -2034,7 +2034,7 @@ class JupyterHub(Application): for service in self._service_map.values(): if service.oauth_no_confirm: self.log.warning( - "Allowing service %s to complete OAuth without confirmation", + "Allowing service %s to complete OAuth without confirmation on an authorization web page", service.name, ) oauth_no_confirm_whitelist.add(service.oauth_client_id) diff --git a/jupyterhub/services/service.py b/jupyterhub/services/service.py index e5fa0d9d..3cd3c72a 100644 --- a/jupyterhub/services/service.py +++ b/jupyterhub/services/service.py @@ -209,9 +209,9 @@ class Service(LoggingConfigurable): By default, when users authenticate with a service using JupyterHub, they are prompted to confirm that they want to grant that service access to their credentials. - Setting oauth_no_confirm=True skips the confirmation for this service. - Useful for admin-managed services that are considered part of the Hub, - which shouldn't need extra prompts for login. + Setting oauth_no_confirm=True skips the confirmation web page for this service. + Skipping the confirmation page is useful for admin-managed services that are considered part of the Hub + and shouldn't need extra prompts for login. .. versionadded: 1.1 """, From 25ef67e8e097f7522021c49d54ee54871568c9ab Mon Sep 17 00:00:00 2001 From: Kenan Erdogan Date: Fri, 11 Oct 2019 16:02:36 +0200 Subject: [PATCH 132/541] fix: in SpawnHandler check if named servers are allowed before launching a named server, check also limit of named servers --- jupyterhub/handlers/pages.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index aa2f37cc..eee10dd5 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -118,6 +118,23 @@ class SpawnHandler(BaseHandler): if user is None: raise web.HTTPError(404, "No such user: %s" % for_user) + if server_name: + if not self.allow_named_servers: + raise web.HTTPError(400, "Named servers are not enabled.") + if ( + self.named_server_limit_per_user > 0 + and server_name not in user.orm_spawners + ): + named_spawners = list(user.all_spawners(include_default=False)) + if self.named_server_limit_per_user <= len(named_spawners): + raise web.HTTPError( + 400, + "User {} already has the maximum of {} named servers." + " One must be deleted before a new server can be created".format( + user.name, self.named_server_limit_per_user + ), + ) + if not self.allow_named_servers and user.running: url = self.get_next_url(user, default=user.server_url(server_name)) self.log.info("User is running: %s", user.name) From cc95d30dc1809f2076fcaa0007a572bbeeee7d8c Mon Sep 17 00:00:00 2001 From: Kenan Erdogan Date: Fri, 11 Oct 2019 16:10:09 +0200 Subject: [PATCH 133/541] fix test_named_server_spawn_form: add named_servers fixture --- jupyterhub/tests/test_named_servers.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/tests/test_named_servers.py b/jupyterhub/tests/test_named_servers.py index 0f6809c1..e88dd2d5 100644 --- a/jupyterhub/tests/test_named_servers.py +++ b/jupyterhub/tests/test_named_servers.py @@ -232,7 +232,7 @@ async def test_named_server_limit(app, named_servers): assert r.text == '' -async def test_named_server_spawn_form(app, username): +async def test_named_server_spawn_form(app, username, named_servers): server_name = "myserver" base_url = public_url(app) cookies = await app.login_user(username) From bc324500058a3d6f69710f81d261d7e487230573 Mon Sep 17 00:00:00 2001 From: "Bruno P. Kinoshita" Date: Sat, 12 Oct 2019 13:54:01 +1300 Subject: [PATCH 134/541] Fix header project name typo --- setup.py | 2 +- share/jupyterhub/static/js/utils.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/setup.py b/setup.py index 21b5ab4a..5a5f4176 100755 --- a/setup.py +++ b/setup.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # coding: utf-8 -# Copyright (c) Juptyer Development Team. +# Copyright (c) Jupyter Development Team. # Distributed under the terms of the Modified BSD License. # ----------------------------------------------------------------------------- # Minimal Python version sanity check (from IPython) diff --git a/share/jupyterhub/static/js/utils.js b/share/jupyterhub/static/js/utils.js index 63ed0bd0..c09f48cf 100644 --- a/share/jupyterhub/static/js/utils.js +++ b/share/jupyterhub/static/js/utils.js @@ -2,7 +2,7 @@ // Original Copyright (c) IPython Development Team. // Distributed under the terms of the Modified BSD License. -// Modifications Copyright (c) Juptyer Development Team. +// Modifications Copyright (c) Jupyter Development Team. // Distributed under the terms of the Modified BSD License. define(["jquery"], function($) { From 8c1620e6c5086e15e9edaec4a2b822c2b7115e9c Mon Sep 17 00:00:00 2001 From: Will Starms Date: Sat, 12 Oct 2019 18:40:58 -0500 Subject: [PATCH 135/541] server version display also tests --- jupyterhub/app.py | 5 +++++ jupyterhub/handlers/pages.py | 3 +++ jupyterhub/tests/test_pages.py | 15 +++++++++++++++ share/jupyterhub/static/less/admin.less | 6 ++++++ share/jupyterhub/templates/admin.html | 7 +++++++ 5 files changed, 36 insertions(+) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 324656f4..bc04b31f 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -1185,6 +1185,10 @@ class JupyterHub(Application): False, help="""Shuts down all user servers on logout""" ).tag(config=True) + server_tokens = Bool( + True, help="""Display JupyterHub version information on admin page""" + ).tag(config=True) + @default('statsd') def _statsd(self): if self.statsd_host: @@ -2133,6 +2137,7 @@ class JupyterHub(Application): internal_ssl_ca=self.internal_ssl_ca, trusted_alt_names=self.trusted_alt_names, shutdown_on_logout=self.shutdown_on_logout, + server_tokens=self.server_tokens, eventlog=self.eventlog, ) # allow configured settings to have priority diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index aa2f37cc..8b0afa3d 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -14,6 +14,7 @@ from tornado import gen from tornado import web from tornado.httputil import url_concat +from .. import __version__ from .. import orm from ..metrics import SERVER_POLL_DURATION_SECONDS from ..metrics import ServerPollStatus @@ -422,6 +423,8 @@ class AdminHandler(BaseHandler): sort={s: o for s, o in zip(sorts, orders)}, allow_named_servers=self.allow_named_servers, named_server_limit_per_user=self.named_server_limit_per_user, + server_tokens=self.settings.get('server_tokens', True), + server_version='{} {}'.format(__version__, self.version_hash), ) self.finish(html) diff --git a/jupyterhub/tests/test_pages.py b/jupyterhub/tests/test_pages.py index 77b5cf1e..3b8f242a 100644 --- a/jupyterhub/tests/test_pages.py +++ b/jupyterhub/tests/test_pages.py @@ -110,6 +110,21 @@ async def test_admin(app): assert r.url.endswith('/admin') +async def test_admin_version(app): + cookies = await app.login_user('admin') + r = await get_page('admin', app, cookies=cookies, allow_redirects=False) + r.raise_for_status() + assert "version_footer" in r.text + + +async def test_admin_version_disabled(app): + cookies = await app.login_user('admin') + with mock.patch.dict(app.tornado_settings, {'server_tokens': False}): + r = await get_page('admin', app, cookies=cookies, allow_redirects=False) + r.raise_for_status() + assert "version_footer" not in r.text + + @pytest.mark.parametrize('sort', ['running', 'last_activity', 'admin', 'name']) async def test_admin_sort(app, sort): cookies = await app.login_user('admin') diff --git a/share/jupyterhub/static/less/admin.less b/share/jupyterhub/static/less/admin.less index 70a262d9..6189e4e9 100644 --- a/share/jupyterhub/static/less/admin.less +++ b/share/jupyterhub/static/less/admin.less @@ -1,3 +1,9 @@ i.sort-icon { margin-left: 4px; } + +.version_footer { + position: fixed; + bottom: 0; + width: 100%; +} diff --git a/share/jupyterhub/templates/admin.html b/share/jupyterhub/templates/admin.html index 12edbdcd..f5ddec4a 100644 --- a/share/jupyterhub/templates/admin.html +++ b/share/jupyterhub/templates/admin.html @@ -103,6 +103,13 @@
    +{%- if server_tokens -%} +
    +
    + JupyterHub {{ server_version }} +
    +
    +{%- endif -%} {% call modal('Delete User', btn_class='btn-danger delete-button') %} Are you sure you want to delete user USER? From d942f52eebc74d5f07a27753d4dbee28a704a05d Mon Sep 17 00:00:00 2001 From: "Bruno P. Kinoshita" Date: Wed, 16 Oct 2019 12:00:43 +1300 Subject: [PATCH 136/541] Add docs for fixtures in CONTRIBUTING.md --- CONTRIBUTING.md | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index cfced3c8..fda9d36f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -97,6 +97,35 @@ and other collections of tests for different components. When writing a new test, there should usually be a test of similar functionality already written and related tests should be added nearby. -When in doubt, feel free to ask. -TODO: describe some details about fixtures, etc. +The fixtures live in `jupyterhub/tests/conftest.py`. There are +fixtures that can be used for JupyterHub components, such as: + +- `app`: an instance of JupyterHub with mocked parts +- `auth_state_enabled`: enables persisting auth_state (like authentication tokens) +- `db`: a sqlite in-memory DB session +- `io_loop`: a Tornado event loop +- `event_loop`: a new asyncio event loop +- `user`: creates a new temporary user +- `admin_user`: creates a new temporary admin user +- single user servers + - `cleanup_after`: allows cleanup of single user servers between tests +- mocked service + - `MockServiceSpawner`: a spawner that mocks services for testing with a short poll interval + - `mockservice`: mocked service with no external service url + - `mockservice_url`: mocked service with a url to test external services + +And fixtures to add functionality or spawning behavior: + +- `admin_access`: grants admin access +- `no_patience`: sets slow-spawning timeouts to zero +- `slow_spawn`: enables the SlowSpawner (a spawner that takes a few seconds to start) +- `never_spawn`: enables the NeverSpawner (a spawner that will never start) +- `bad_spawn`: enables the BadSpawner (a spawner that fails immediately) +- `slow_bad_spawn`: enables the SlowBadSpawner (a spawner that fails after a short delay) + +To read more about fixtures check out the +[pytest docs](https://docs.pytest.org/en/latest/fixture.html) +for how to use the existing fixtures, and how to create new ones. + +When in doubt, feel free to ask. From 3a0a58178281e66402abbb45027841601e2548f4 Mon Sep 17 00:00:00 2001 From: GeorgianaElena Date: Wed, 16 Oct 2019 15:32:03 +0300 Subject: [PATCH 137/541] Log proxy class --- jupyterhub/app.py | 1 + 1 file changed, 1 insertion(+) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 324656f4..6e639a88 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -2220,6 +2220,7 @@ class JupyterHub(Application): _log_cls("Authenticator", self.authenticator_class) _log_cls("Spawner", self.spawner_class) + _log_cls("Proxy", self.proxy_class) self.init_eventlog() self.init_pycurl() From 60a1c9380148aa7d2d23809f2e579aaa42a24cb1 Mon Sep 17 00:00:00 2001 From: Rick Wagner Date: Wed, 16 Oct 2019 16:45:25 -0700 Subject: [PATCH 138/541] chown jupyterhub dir in user home --- jupyterhub/spawner.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/jupyterhub/spawner.py b/jupyterhub/spawner.py index 74bd7f22..356319de 100644 --- a/jupyterhub/spawner.py +++ b/jupyterhub/spawner.py @@ -1352,7 +1352,8 @@ class LocalProcessSpawner(Spawner): home = user.pw_dir # Create dir for user's certs wherever we're starting - out_dir = "{home}/.jupyterhub/jupyterhub-certs".format(home=home) + hub_dir = "{home}/.jupyterhub".format(home=home) + out_dir = "{hub_dir}/jupyterhub-certs".format(hub_dir=hub_dir) shutil.rmtree(out_dir, ignore_errors=True) os.makedirs(out_dir, 0o700, exist_ok=True) @@ -1366,7 +1367,7 @@ class LocalProcessSpawner(Spawner): ca = os.path.join(out_dir, os.path.basename(paths['cafile'])) # Set cert ownership to user - for f in [out_dir, key, cert, ca]: + for f in [hub_dir, out_dir, key, cert, ca]: shutil.chown(f, user=uid, group=gid) return {"keyfile": key, "certfile": cert, "cafile": ca} From 3cafc7e49f530f33cf00b42fd4b9af062c506152 Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 17 Oct 2019 10:01:10 +0200 Subject: [PATCH 139/541] remove versionadded from Service docstring sphinx doesn't seem to like this here --- jupyterhub/services/service.py | 1 - 1 file changed, 1 deletion(-) diff --git a/jupyterhub/services/service.py b/jupyterhub/services/service.py index 3cd3c72a..fbf1f331 100644 --- a/jupyterhub/services/service.py +++ b/jupyterhub/services/service.py @@ -153,7 +153,6 @@ class Service(LoggingConfigurable): The URL where the service is/should be. If specified, the service will be added to the proxy at /services/:name - oauth_no_confirm: bool(False) - .. versionadded:: 1.1 Whether this service should be allowed to complete oauth with logged-in users without prompting for confirmation. From a615f783a3024e059a4111c7873fcf1fd2a0d45c Mon Sep 17 00:00:00 2001 From: "Bruno P. Kinoshita" Date: Thu, 17 Oct 2019 22:07:43 +1300 Subject: [PATCH 140/541] Remove unused setupegg.py --- setupegg.py | 7 ------- 1 file changed, 7 deletions(-) delete mode 100755 setupegg.py diff --git a/setupegg.py b/setupegg.py deleted file mode 100755 index fa537b36..00000000 --- a/setupegg.py +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env python -"""Wrapper to run setup.py using setuptools.""" -# Import setuptools and call the actual setup -import setuptools - -with open('setup.py', 'rb') as f: - exec(compile(f.read(), 'setup.py', 'exec')) From 2cac46fdb27ced4c85413ff36486d717c8574186 Mon Sep 17 00:00:00 2001 From: Will Starms Date: Thu, 17 Oct 2019 13:43:28 -0500 Subject: [PATCH 141/541] Remove server_tokens setting Revert this if we decide this is a security issue, but we report the version through the API as well --- jupyterhub/app.py | 5 ----- jupyterhub/handlers/pages.py | 1 - jupyterhub/tests/test_pages.py | 8 -------- share/jupyterhub/templates/admin.html | 10 ++++------ 4 files changed, 4 insertions(+), 20 deletions(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index bc04b31f..324656f4 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -1185,10 +1185,6 @@ class JupyterHub(Application): False, help="""Shuts down all user servers on logout""" ).tag(config=True) - server_tokens = Bool( - True, help="""Display JupyterHub version information on admin page""" - ).tag(config=True) - @default('statsd') def _statsd(self): if self.statsd_host: @@ -2137,7 +2133,6 @@ class JupyterHub(Application): internal_ssl_ca=self.internal_ssl_ca, trusted_alt_names=self.trusted_alt_names, shutdown_on_logout=self.shutdown_on_logout, - server_tokens=self.server_tokens, eventlog=self.eventlog, ) # allow configured settings to have priority diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index 8b0afa3d..509efd08 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -423,7 +423,6 @@ class AdminHandler(BaseHandler): sort={s: o for s, o in zip(sorts, orders)}, allow_named_servers=self.allow_named_servers, named_server_limit_per_user=self.named_server_limit_per_user, - server_tokens=self.settings.get('server_tokens', True), server_version='{} {}'.format(__version__, self.version_hash), ) self.finish(html) diff --git a/jupyterhub/tests/test_pages.py b/jupyterhub/tests/test_pages.py index 3b8f242a..d5d31978 100644 --- a/jupyterhub/tests/test_pages.py +++ b/jupyterhub/tests/test_pages.py @@ -117,14 +117,6 @@ async def test_admin_version(app): assert "version_footer" in r.text -async def test_admin_version_disabled(app): - cookies = await app.login_user('admin') - with mock.patch.dict(app.tornado_settings, {'server_tokens': False}): - r = await get_page('admin', app, cookies=cookies, allow_redirects=False) - r.raise_for_status() - assert "version_footer" not in r.text - - @pytest.mark.parametrize('sort', ['running', 'last_activity', 'admin', 'name']) async def test_admin_sort(app, sort): cookies = await app.login_user('admin') diff --git a/share/jupyterhub/templates/admin.html b/share/jupyterhub/templates/admin.html index f5ddec4a..a0c6fb87 100644 --- a/share/jupyterhub/templates/admin.html +++ b/share/jupyterhub/templates/admin.html @@ -103,13 +103,11 @@
    -{%- if server_tokens -%} -
    -
    - JupyterHub {{ server_version }} -
    +
    +
    + JupyterHub {{ server_version }}
    -{%- endif -%} +
    {% call modal('Delete User', btn_class='btn-danger delete-button') %} Are you sure you want to delete user USER? From e0c4f9fc23f0def9f30e1d0dbfbe41ad1ba59e16 Mon Sep 17 00:00:00 2001 From: "R. C. Thomas" Date: Thu, 17 Oct 2019 18:23:34 -0700 Subject: [PATCH 142/541] No services accessible if user is None Co-Authored-By: Min RK --- jupyterhub/handlers/base.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index 054e4a82..bfbef9d4 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -1114,7 +1114,9 @@ class BaseHandler(RequestHandler): return ns def get_accessible_services(self, user): - accessible_services = list() + accessible_services = [] + if user is None: + return accessible_services for service in self.services.values(): if not service.url: continue From bc425a78bb8b86160472080f01c922aa6a48e17c Mon Sep 17 00:00:00 2001 From: "R. C. Thomas" Date: Thu, 17 Oct 2019 18:27:47 -0700 Subject: [PATCH 143/541] Keep admin-enabled services in the list --- jupyterhub/handlers/base.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index bfbef9d4..3d61e5e6 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -1120,8 +1120,6 @@ class BaseHandler(RequestHandler): for service in self.services.values(): if not service.url: continue - if service.admin and not user.admin: - continue accessible_services.append(service) return accessible_services From 175c8d0585dcc41bf1efae037cabfb1febe8e6b4 Mon Sep 17 00:00:00 2001 From: rajat404 <404rajat@gmail.com> Date: Fri, 18 Oct 2019 20:13:38 +0530 Subject: [PATCH 144/541] Add prometheus metric to measure proxy route deletion times --- jupyterhub/handlers/base.py | 21 ++++++++++++++++++++- jupyterhub/metrics.py | 23 +++++++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index 03d9cf3b..45a5d190 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -33,7 +33,9 @@ from tornado.web import RequestHandler from .. import __version__ from .. import orm from ..metrics import PROXY_ADD_DURATION_SECONDS +from ..metrics import PROXY_DELETE_DURATION_SECONDS from ..metrics import ProxyAddStatus +from ..metrics import ProxyDeleteStatus from ..metrics import RUNNING_SERVERS from ..metrics import SERVER_POLL_DURATION_SECONDS from ..metrics import SERVER_SPAWN_DURATION_SECONDS @@ -1005,7 +1007,17 @@ class BaseHandler(RequestHandler): self.log.warning( "User %s server stopped, with exit code: %s", user.name, status ) - await self.proxy.delete_user(user, server_name) + proxy_deletion_start_time = time.perf_counter() + try: + await self.proxy.delete_user(user, server_name) + PROXY_DELETE_DURATION_SECONDS.labels( + status=ProxyDeleteStatus.success + ).observe(time.perf_counter() - proxy_deletion_start_time) + except: + PROXY_DELETE_DURATION_SECONDS.labels( + status=ProxyDeleteStatus.failure + ).observe(time.perf_counter() - proxy_deletion_start_time) + await user.stop(server_name) async def stop_single_user(self, user, server_name=''): @@ -1028,6 +1040,10 @@ class BaseHandler(RequestHandler): tic = time.perf_counter() try: await self.proxy.delete_user(user, server_name) + PROXY_DELETE_DURATION_SECONDS.labels( + status=ProxyDeleteStatus.success + ).observe(time.perf_counter() - tic) + await user.stop(server_name) toc = time.perf_counter() self.log.info( @@ -1047,6 +1063,9 @@ class BaseHandler(RequestHandler): }, ) except: + PROXY_DELETE_DURATION_SECONDS.labels( + status=ProxyDeleteStatus.failure + ).observe(time.perf_counter() - tic) SERVER_STOP_DURATION_SECONDS.labels( status=ServerStopStatus.failure ).observe(time.perf_counter() - tic) diff --git a/jupyterhub/metrics.py b/jupyterhub/metrics.py index ef7370ce..e649fc70 100644 --- a/jupyterhub/metrics.py +++ b/jupyterhub/metrics.py @@ -135,6 +135,29 @@ for s in ServerStopStatus: SERVER_STOP_DURATION_SECONDS.labels(status=s) +PROXY_DELETE_DURATION_SECONDS = Histogram( + 'proxy_delete_duration_seconds', + 'duration for deleting user routes from proxy', + ['status'], +) + + +class ProxyDeleteStatus(Enum): + """ + Possible values for 'status' label of PROXY_DELETE_DURATION_SECONDS + """ + + success = 'success' + failure = 'failure' + + def __str__(self): + return self.value + + +for s in ProxyDeleteStatus: + PROXY_DELETE_DURATION_SECONDS.labels(status=s) + + def prometheus_log_method(handler): """ Tornado log handler for recording RED metrics. From f3b1b5c7a60843a704971ea0884a4fbcb739122d Mon Sep 17 00:00:00 2001 From: Karthikeyan Singaravelan Date: Sat, 19 Oct 2019 20:25:07 +0530 Subject: [PATCH 145/541] Fix DeprecationWarning in escape sequences. --- jupyterhub/services/auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/services/auth.py b/jupyterhub/services/auth.py index 9c9028a6..518fd7e8 100644 --- a/jupyterhub/services/auth.py +++ b/jupyterhub/services/auth.py @@ -428,7 +428,7 @@ class HubAuth(SingletonConfigurable): ) auth_header_name = 'Authorization' - auth_header_pat = re.compile('token\s+(.+)', re.IGNORECASE) + auth_header_pat = re.compile(r'token\s+(.+)', re.IGNORECASE) def get_token(self, handler): """Get the user token from a request From 0070e68702e348f6b4d154e31706dc4feaecae5a Mon Sep 17 00:00:00 2001 From: Karthikeyan Singaravelan Date: Sat, 19 Oct 2019 20:25:36 +0530 Subject: [PATCH 146/541] Use logger.warning since logger.warn is deprecated. --- jupyterhub/app.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index d4ddaee7..14d5c347 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -1718,7 +1718,7 @@ class JupyterHub(Application): raise ValueError("Token name %r is not valid" % name) if kind == 'service': if not any(service["name"] == name for service in self.services): - self.log.warn( + self.log.warning( "Warning: service '%s' not in services, creating implicitly. It is recommended to register services using services list." % name ) @@ -2449,7 +2449,7 @@ class JupyterHub(Application): if self.generate_certs: self.load_config_file(self.config_file) if not self.internal_ssl: - self.log.warn( + self.log.warning( "You'll need to enable `internal_ssl` " "in the `jupyterhub_config` file to use " "these certs." From 44dccb292f2ec8df3d5efd4b767388390febeb14 Mon Sep 17 00:00:00 2001 From: Rajat Goyal Date: Sun, 20 Oct 2019 16:00:33 +0530 Subject: [PATCH 147/541] Apply suggestions from code review: Re-raise error after measuring time; Catch Exception class Co-Authored-By: Min RK --- jupyterhub/handlers/base.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index 45a5d190..59b0e876 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -1013,10 +1013,11 @@ class BaseHandler(RequestHandler): PROXY_DELETE_DURATION_SECONDS.labels( status=ProxyDeleteStatus.success ).observe(time.perf_counter() - proxy_deletion_start_time) - except: + except Exception: PROXY_DELETE_DURATION_SECONDS.labels( status=ProxyDeleteStatus.failure ).observe(time.perf_counter() - proxy_deletion_start_time) + raise await user.stop(server_name) From 400c64b4ef2ddff813ff75d2e95f2c4046325838 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Sun, 20 Oct 2019 11:29:02 -0700 Subject: [PATCH 148/541] Allow admins to customize /user-redirect/ behavior /user-redirect/ is used to help link to a particular url in the logged in user's authenticated notebook. For example, if I'm logged in as user 'yuvipanda' and hit the URL /hub/user-redirect/git-pull, it'll redirect me to /user/yuvipanda/git-pull. This is extremely useful in connecting hub links to notebook server extensions, such as nbgitpuller. Admins might want to customize how this redirection is done - for example, redirect users to different running servers based on the nbgitpuller repository they are linking from. Adding a hook here helps accomplish that. --- jupyterhub/app.py | 18 +++++++++++++++++- jupyterhub/handlers/base.py | 33 ++++++++++++++++++++++++--------- 2 files changed, 41 insertions(+), 10 deletions(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index d4ddaee7..d4141ede 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -76,7 +76,7 @@ from .oauth.provider import make_provider from ._data import DATA_FILES_PATH from .log import CoroutineLogFormatter, log_request from .proxy import Proxy, ConfigurableHTTPProxy -from .traitlets import URLPrefix, Command, EntryPointType +from .traitlets import URLPrefix, Command, EntryPointType, Callable from .utils import ( maybe_future, url_path_join, @@ -1258,6 +1258,21 @@ class JupyterHub(Application): """ ).tag(config=True) + user_redirect_hook = Callable( + None, + allow_none=True, + help=""" + Callable to affect behavior of /user-redirect/ + + A callable that receives two parameters - a handler and the path passed to + `/user-redirect/`, and returns a URL to redirect the user to. This + can be used to customize how the `user-redirect` URL works. + + To get the default behavior of /user-redirect/ leave this property unset + or return None from your callable. + """ + ).tag(config=True) + def init_handlers(self): h = [] # load handlers from the authenticator @@ -2144,6 +2159,7 @@ class JupyterHub(Application): trusted_alt_names=self.trusted_alt_names, shutdown_on_logout=self.shutdown_on_logout, eventlog=self.eventlog, + app=self ) # allow configured settings to have priority settings.update(self.tornado_settings) diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index 03d9cf3b..932a34da 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -140,6 +140,10 @@ class BaseHandler(RequestHandler): def hub(self): return self.settings['hub'] + @property + def app(self): + return self.settings['app'] + @property def proxy(self): return self.settings['proxy'] @@ -1470,20 +1474,31 @@ class UserRedirectHandler(BaseHandler): If the user is not logged in, send to login URL, redirecting back here. + If c.JupyterHub.user_redirect_hook is set, the return value of that + callable is used to generate the redirect URL. + .. versionadded:: 0.7 """ @web.authenticated - def get(self, path): - user = self.current_user - user_url = url_path_join(user.url, path) - if self.request.query: - user_url = url_concat(user_url, parse_qsl(self.request.query)) + async def get(self, path): + # If hook is present to generate URL to redirect to, use that instead + # of the default. The configurer is responsible for making sure this + # URL is right. If None is returned by the hook, we do our normal + # processing + url = None + if self.app.user_redirect_hook: + url = await self.app.user_redirect_hook(self, path) + if url is None: + user = self.current_user + user_url = url_path_join(user.url, path) + if self.request.query: + user_url = url_concat(user_url, parse_qsl(self.request.query)) - url = url_concat( - url_path_join(self.hub.base_url, "spawn", user.escaped_name), - {"next": user_url}, - ) + url = url_concat( + url_path_join(self.hub.base_url, "spawn", user.escaped_name), + {"next": user_url}, + ) self.redirect(url) From 3df4afe7af54106eb4c9993b15080ae2fc00d05c Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Sun, 20 Oct 2019 11:38:38 -0700 Subject: [PATCH 149/541] Add test for user_redirect_hook --- jupyterhub/tests/test_pages.py | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/jupyterhub/tests/test_pages.py b/jupyterhub/tests/test_pages.py index 77b5cf1e..8a413fc5 100644 --- a/jupyterhub/tests/test_pages.py +++ b/jupyterhub/tests/test_pages.py @@ -398,6 +398,36 @@ async def test_user_redirect(app, username): path = urlparse(r.url).path assert path == ujoin(app.base_url, '/user/%s/notebooks/test.ipynb' % name) +async def test_user_redirect_hook(app, username): + """ + Test proper behavior of user_redirect_hook + """ + name = username + cookies = await app.login_user(name) + + async def dummy_redirect(handler, path): + assert path == 'redirect-to-terminal' + url = ujoin(handler.current_user.url, '/terminals/1') + return url + + app.user_redirect_hook = dummy_redirect + + r = await get_page('/user-redirect/redirect-to-terminal', app) + r.raise_for_status() + print(urlparse(r.url)) + path = urlparse(r.url).path + assert path == ujoin(app.base_url, '/hub/login') + query = urlparse(r.url).query + assert query == urlencode( + {'next': ujoin(app.hub.base_url, '/user-redirect/redirect-to-terminal')} + ) + + # We don't actually want to start the server by going through spawn - just want to make sure + # the redirect is to the right place + r = await get_page('/user-redirect/redirect-to-terminal', app, cookies=cookies, allow_redirects=False) + r.raise_for_status() + redirected_url = urlparse(r.headers['Location']) + assert redirected_url.path == ujoin(app.base_url, f'/user/{username}/terminals/1') async def test_user_redirect_deprecated(app, username): """redirecting from /user/someonelse/ URLs (deprecated)""" From b4a760234e85e9f3800f934c281cfc4b7e4fe7b6 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Mon, 21 Oct 2019 14:29:59 -0700 Subject: [PATCH 150/541] Tweak user_redirect_hook API - Pass in user object & request object only explicitly. Much better interface that is harder to break by internal refactoring. We can always add more parameters if needed? --- jupyterhub/app.py | 11 +++++++---- jupyterhub/handlers/base.py | 2 +- jupyterhub/tests/test_pages.py | 6 +++--- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index d4141ede..eef4ad3d 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -1264,9 +1264,12 @@ class JupyterHub(Application): help=""" Callable to affect behavior of /user-redirect/ - A callable that receives two parameters - a handler and the path passed to - `/user-redirect/`, and returns a URL to redirect the user to. This - can be used to customize how the `user-redirect` URL works. + A callable that receives two parameters - the authenticated user and + the tornado request object for the current request passed to + `/user-redirect/`, and returns a URL to redirect the user to. + This can be used to customize how the `user-redirect` URL works. + + Could be async or not. To get the default behavior of /user-redirect/ leave this property unset or return None from your callable. @@ -2159,7 +2162,7 @@ class JupyterHub(Application): trusted_alt_names=self.trusted_alt_names, shutdown_on_logout=self.shutdown_on_logout, eventlog=self.eventlog, - app=self + app=self, ) # allow configured settings to have priority settings.update(self.tornado_settings) diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index 932a34da..160ec51b 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -1488,7 +1488,7 @@ class UserRedirectHandler(BaseHandler): # processing url = None if self.app.user_redirect_hook: - url = await self.app.user_redirect_hook(self, path) + url = await maybe_future(self.app.user_redirect_hook(self.request, self.current_user)) if url is None: user = self.current_user user_url = url_path_join(user.url, path) diff --git a/jupyterhub/tests/test_pages.py b/jupyterhub/tests/test_pages.py index 8a413fc5..66bab9be 100644 --- a/jupyterhub/tests/test_pages.py +++ b/jupyterhub/tests/test_pages.py @@ -405,9 +405,9 @@ async def test_user_redirect_hook(app, username): name = username cookies = await app.login_user(name) - async def dummy_redirect(handler, path): - assert path == 'redirect-to-terminal' - url = ujoin(handler.current_user.url, '/terminals/1') + async def dummy_redirect(request, user): + assert request.uri == ujoin(app.hub.base_url, 'user-redirect', 'redirect-to-terminal') + url = ujoin(user.url, '/terminals/1') return url app.user_redirect_hook = dummy_redirect From 7fbf1826eaf727af7473d4b82b76ab78db588b68 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Mon, 21 Oct 2019 15:17:29 -0700 Subject: [PATCH 151/541] Don't use fstrings yet We support older versions of python still --- jupyterhub/tests/test_pages.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/tests/test_pages.py b/jupyterhub/tests/test_pages.py index 66bab9be..2a96c40e 100644 --- a/jupyterhub/tests/test_pages.py +++ b/jupyterhub/tests/test_pages.py @@ -427,7 +427,7 @@ async def test_user_redirect_hook(app, username): r = await get_page('/user-redirect/redirect-to-terminal', app, cookies=cookies, allow_redirects=False) r.raise_for_status() redirected_url = urlparse(r.headers['Location']) - assert redirected_url.path == ujoin(app.base_url, f'/user/{username}/terminals/1') + assert redirected_url.path == ujoin(app.base_url, 'user', username, 'terminals/1') async def test_user_redirect_deprecated(app, username): """redirecting from /user/someonelse/ URLs (deprecated)""" From 244ad7d38cb274c06f18a232e43d3a22b6787e58 Mon Sep 17 00:00:00 2001 From: Min RK Date: Tue, 22 Oct 2019 09:23:04 +0200 Subject: [PATCH 152/541] run black --- jupyterhub/app.py | 2 +- jupyterhub/handlers/base.py | 4 +++- jupyterhub/tests/test_pages.py | 13 +++++++++++-- 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index eef4ad3d..e0ace941 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -1273,7 +1273,7 @@ class JupyterHub(Application): To get the default behavior of /user-redirect/ leave this property unset or return None from your callable. - """ + """, ).tag(config=True) def init_handlers(self): diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index 160ec51b..40c7e007 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -1488,7 +1488,9 @@ class UserRedirectHandler(BaseHandler): # processing url = None if self.app.user_redirect_hook: - url = await maybe_future(self.app.user_redirect_hook(self.request, self.current_user)) + url = await maybe_future( + self.app.user_redirect_hook(self.request, self.current_user) + ) if url is None: user = self.current_user user_url = url_path_join(user.url, path) diff --git a/jupyterhub/tests/test_pages.py b/jupyterhub/tests/test_pages.py index 2a96c40e..6b99a260 100644 --- a/jupyterhub/tests/test_pages.py +++ b/jupyterhub/tests/test_pages.py @@ -398,6 +398,7 @@ async def test_user_redirect(app, username): path = urlparse(r.url).path assert path == ujoin(app.base_url, '/user/%s/notebooks/test.ipynb' % name) + async def test_user_redirect_hook(app, username): """ Test proper behavior of user_redirect_hook @@ -406,7 +407,9 @@ async def test_user_redirect_hook(app, username): cookies = await app.login_user(name) async def dummy_redirect(request, user): - assert request.uri == ujoin(app.hub.base_url, 'user-redirect', 'redirect-to-terminal') + assert request.uri == ujoin( + app.hub.base_url, 'user-redirect', 'redirect-to-terminal' + ) url = ujoin(user.url, '/terminals/1') return url @@ -424,11 +427,17 @@ async def test_user_redirect_hook(app, username): # We don't actually want to start the server by going through spawn - just want to make sure # the redirect is to the right place - r = await get_page('/user-redirect/redirect-to-terminal', app, cookies=cookies, allow_redirects=False) + r = await get_page( + '/user-redirect/redirect-to-terminal', + app, + cookies=cookies, + allow_redirects=False, + ) r.raise_for_status() redirected_url = urlparse(r.headers['Location']) assert redirected_url.path == ujoin(app.base_url, 'user', username, 'terminals/1') + async def test_user_redirect_deprecated(app, username): """redirecting from /user/someonelse/ URLs (deprecated)""" name = username From d66f0635a3518ebe831c26ddbbcbea60490efd17 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Tue, 22 Oct 2019 11:06:51 -0700 Subject: [PATCH 153/541] Add path and app as parameters --- jupyterhub/app.py | 16 ++++++++-------- jupyterhub/handlers/base.py | 4 +++- jupyterhub/tests/test_pages.py | 4 +++- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index e0ace941..66e1b623 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -1264,15 +1264,15 @@ class JupyterHub(Application): help=""" Callable to affect behavior of /user-redirect/ - A callable that receives two parameters - the authenticated user and - the tornado request object for the current request passed to - `/user-redirect/`, and returns a URL to redirect the user to. - This can be used to customize how the `user-redirect` URL works. + Receives 3 parameters: + 1. path - URL path that was provided after /user-redirect/ + 2. request - A Tornado HTTPServerRequest object representing the + current request. + 3. user - The currently authenticated user. + 4. app - The JupyterHub object - Could be async or not. - - To get the default behavior of /user-redirect/ leave this property unset - or return None from your callable. + It should return the new URL to redirect to, or None to preserve + current behavior. """, ).tag(config=True) diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index 40c7e007..7c51c360 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -1489,7 +1489,9 @@ class UserRedirectHandler(BaseHandler): url = None if self.app.user_redirect_hook: url = await maybe_future( - self.app.user_redirect_hook(self.request, self.current_user) + self.app.user_redirect_hook( + path, self.request, self.current_user, self.app + ) ) if url is None: user = self.current_user diff --git a/jupyterhub/tests/test_pages.py b/jupyterhub/tests/test_pages.py index 6b99a260..14ebd901 100644 --- a/jupyterhub/tests/test_pages.py +++ b/jupyterhub/tests/test_pages.py @@ -406,7 +406,9 @@ async def test_user_redirect_hook(app, username): name = username cookies = await app.login_user(name) - async def dummy_redirect(request, user): + async def dummy_redirect(path, request, user, passed_app): + assert passed_app == app + assert path == 'redirect-to-terminal' assert request.uri == ujoin( app.hub.base_url, 'user-redirect', 'redirect-to-terminal' ) From 9d5784efb9d97b2d4e9011f08ccd3289c85a786d Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Thu, 24 Oct 2019 09:01:23 -0700 Subject: [PATCH 154/541] Pass in base_url rather than app object - Limits what we consider public API - Still allows for redirects outside JupyterHub --- jupyterhub/app.py | 3 ++- jupyterhub/handlers/base.py | 2 +- jupyterhub/tests/test_pages.py | 6 +++--- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 66e1b623..17deac41 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -1269,7 +1269,8 @@ class JupyterHub(Application): 2. request - A Tornado HTTPServerRequest object representing the current request. 3. user - The currently authenticated user. - 4. app - The JupyterHub object + 4. base_url - The base_url of the current hub, to allow for relative + redirects It should return the new URL to redirect to, or None to preserve current behavior. diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index 7c51c360..aa7eb281 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -1490,7 +1490,7 @@ class UserRedirectHandler(BaseHandler): if self.app.user_redirect_hook: url = await maybe_future( self.app.user_redirect_hook( - path, self.request, self.current_user, self.app + path, self.request, self.current_user, self.base_url ) ) if url is None: diff --git a/jupyterhub/tests/test_pages.py b/jupyterhub/tests/test_pages.py index 14ebd901..dc40b0bc 100644 --- a/jupyterhub/tests/test_pages.py +++ b/jupyterhub/tests/test_pages.py @@ -406,11 +406,11 @@ async def test_user_redirect_hook(app, username): name = username cookies = await app.login_user(name) - async def dummy_redirect(path, request, user, passed_app): - assert passed_app == app + async def dummy_redirect(path, request, user, base_url): + assert base_url == app.base_url assert path == 'redirect-to-terminal' assert request.uri == ujoin( - app.hub.base_url, 'user-redirect', 'redirect-to-terminal' + base_url, 'hub', 'user-redirect', 'redirect-to-terminal' ) url = ujoin(user.url, '/terminals/1') return url From 52c099193d22e1548cf80975120d06dfd85fb151 Mon Sep 17 00:00:00 2001 From: Richard Darst Date: Fri, 25 Oct 2019 14:36:16 +0300 Subject: [PATCH 155/541] cull_idle_servers.py: rebind max_age and inactive_limit locally - In the cull script, the max_age and inactive_limit are used from the outer scope. In the case that you add extra logic, one may want to modify these values. - In that case, you either have to rename them locally, or access the outer scope with "nonlocal", the first of which is too much work, the second of which has a high chance of introducing bugs (as it did for me). - This change introduces a fix for everyone. It doesn't change basic functionality, but makes local modifications simpler. --- examples/cull-idle/cull_idle_servers.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/cull-idle/cull_idle_servers.py b/examples/cull-idle/cull_idle_servers.py index 8b2b3c2a..fe37bb3b 100755 --- a/examples/cull-idle/cull_idle_servers.py +++ b/examples/cull-idle/cull_idle_servers.py @@ -117,7 +117,7 @@ def cull_idle( futures = [] @coroutine - def handle_server(user, server_name, server): + def handle_server(user, server_name, server, max_age, inactive_limit): """Handle (maybe) culling a single server "server" is the entire server model from the API. @@ -252,7 +252,7 @@ def cull_idle( 'url': user['server'], } server_futures = [ - handle_server(user, server_name, server) + handle_server(user, server_name, server, max_age, inactive_limit) for server_name, server in servers.items() ] results = yield multi(server_futures) From 46e6d95364ef1ff46e381a99bfefb4423ac2152a Mon Sep 17 00:00:00 2001 From: Yuvi Panda Date: Fri, 25 Oct 2019 10:20:29 -0700 Subject: [PATCH 156/541] Fix typo Co-Authored-By: Min RK --- jupyterhub/app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 17deac41..bfdec1de 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -1264,7 +1264,7 @@ class JupyterHub(Application): help=""" Callable to affect behavior of /user-redirect/ - Receives 3 parameters: + Receives 4 parameters: 1. path - URL path that was provided after /user-redirect/ 2. request - A Tornado HTTPServerRequest object representing the current request. From 51e1a15d63c399563319cc72f1418ad786c5d881 Mon Sep 17 00:00:00 2001 From: YuviPanda Date: Fri, 25 Oct 2019 11:11:18 -0700 Subject: [PATCH 157/541] Reword docstring to appease linter --- jupyterhub/app.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index bfdec1de..3763743d 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -1266,11 +1266,9 @@ class JupyterHub(Application): Receives 4 parameters: 1. path - URL path that was provided after /user-redirect/ - 2. request - A Tornado HTTPServerRequest object representing the - current request. + 2. request - A Tornado HTTPServerRequest representing the current request. 3. user - The currently authenticated user. - 4. base_url - The base_url of the current hub, to allow for relative - redirects + 4. base_url - The base_url of the current hub, for relative redirects It should return the new URL to redirect to, or None to preserve current behavior. From 1e298fb05323c7ed14d3461b2c9a937eb2089b7f Mon Sep 17 00:00:00 2001 From: Raymond Liu Date: Sat, 26 Oct 2019 14:32:57 +0800 Subject: [PATCH 158/541] The proxy's REST API listens on port `8001` By default, the proxy's REST API listens on port `8001` instead of `8081`. The hub service listens on port `8081`. --- docs/source/getting-started/networking-basics.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/getting-started/networking-basics.md b/docs/source/getting-started/networking-basics.md index 86c80dcc..5fc44238 100644 --- a/docs/source/getting-started/networking-basics.md +++ b/docs/source/getting-started/networking-basics.md @@ -41,7 +41,7 @@ port. ## Set the Proxy's REST API communication URL (optional) -By default, this REST API listens on port 8081 of `localhost` only. +By default, this REST API listens on port 8001 of `localhost` only. The Hub service talks to the proxy via a REST API on a secondary port. The API URL can be configured separately and override the default settings. From a611298f43afc23cbccf5f8c75e138771cd783dd Mon Sep 17 00:00:00 2001 From: rajat404 <404rajat@gmail.com> Date: Tue, 29 Oct 2019 19:39:49 +0530 Subject: [PATCH 159/541] Add prometheus metric to measure proxy route poll times --- jupyterhub/metrics.py | 4 ++++ jupyterhub/proxy.py | 3 +++ 2 files changed, 7 insertions(+) diff --git a/jupyterhub/metrics.py b/jupyterhub/metrics.py index ef7370ce..ecb5f5ef 100644 --- a/jupyterhub/metrics.py +++ b/jupyterhub/metrics.py @@ -45,6 +45,10 @@ CHECK_ROUTES_DURATION_SECONDS = Histogram( 'check_routes_duration_seconds', 'Time taken to validate all routes in proxy' ) +PROXY_POLL_DURATION_SECONDS = Histogram( + 'proxy_poll_duration_seconds', 'duration for polling all routes from proxy' +) + class ServerSpawnStatus(Enum): """ diff --git a/jupyterhub/proxy.py b/jupyterhub/proxy.py index 1b1a9f43..cbe1cba3 100644 --- a/jupyterhub/proxy.py +++ b/jupyterhub/proxy.py @@ -42,6 +42,7 @@ from traitlets.config import LoggingConfigurable from . import utils from .metrics import CHECK_ROUTES_DURATION_SECONDS +from .metrics import PROXY_POLL_DURATION_SECONDS from .objects import Server from .utils import make_ssl_context from .utils import url_path_join @@ -801,6 +802,7 @@ class ConfigurableHTTPProxy(Proxy): async def get_all_routes(self, client=None): """Fetch the proxy's routes.""" + proxy_poll_start_time = time.perf_counter() resp = await self.api_request('', client=client) chp_routes = json.loads(resp.body.decode('utf8', 'replace')) all_routes = {} @@ -811,4 +813,5 @@ class ConfigurableHTTPProxy(Proxy): self.log.debug("Omitting non-jupyterhub route %r", routespec) continue all_routes[routespec] = self._reformat_routespec(routespec, chp_data) + PROXY_POLL_DURATION_SECONDS.observe(time.perf_counter() - proxy_poll_start_time) return all_routes From 9702c1756f42f3420ee382db0bf86c22a0f82fb5 Mon Sep 17 00:00:00 2001 From: Chris Holdgraf Date: Thu, 31 Oct 2019 16:11:15 -0700 Subject: [PATCH 160/541] adding docs preview to circleci --- .circleci/config.yml | 54 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 03efe746..8a873c63 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -19,3 +19,57 @@ jobs: name: smoke test jupyterhub command: | docker run --rm -it jupyterhub/jupyterhub jupyterhub --help + + docs: + # This is the base environment that Circle will use + docker: + - image: circleci/python:3.6-stretch + steps: + # Get our data and merge with upstream + - run: sudo apt-get update + - checkout + # Update our path + - run: echo "export PATH=~/.local/bin:$PATH" >> $BASH_ENV + # Restore cached files to speed things up + - restore_cache: + keys: + - cache-pip + # Install the packages needed to build our documentation + - run: + name: Install NodeJS + command: | + # From https://github.com/nodesource/distributions/blob/master/README.md#debinstall + curl -sL https://deb.nodesource.com/setup_13.x | sudo -E bash - + sudo apt-get install -y nodejs + + - run: + name: Install dependencies + command: | + python3 -m pip install --user -r dev-requirements.txt + python3 -m pip install --user -r docs/requirements.txt + sudo npm install -g configurable-http-proxy + sudo python3 -m pip install --editable . + + # Cache some files for a speedup in subsequent builds + - save_cache: + key: cache-pip + paths: + - ~/.cache/pip + # Build the docs + - run: + name: Build docs to store + command: | + cd docs + make html + # Tell Circle to store the documentation output in a folder that we can access later + - store_artifacts: + path: docs/build/html/ + destination: html + +# Tell CircleCI to use this workflow when it builds the site +workflows: + version: 2 + default: + jobs: + - build + - docs From b9c1831183adad66dde88b591f169590c4864bf8 Mon Sep 17 00:00:00 2001 From: Greg Date: Fri, 8 Nov 2019 11:26:49 -0500 Subject: [PATCH 161/541] bump package versions used in pre-commit --- .pre-commit-config.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index ae6a999d..5cc29d45 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,15 +1,15 @@ repos: - repo: https://github.com/asottile/reorder_python_imports - rev: v1.3.5 + rev: v1.8.0 hooks: - id: reorder-python-imports - language_version: python3.6 + language_version: python3 - repo: https://github.com/ambv/black - rev: 18.9b0 + rev: 19.10b0 hooks: - id: black - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v2.1.0 + rev: v2.4.0 hooks: - id: end-of-file-fixer - id: check-json From dd7fe857705f57013bd79ee6cc7ff4c3c5776d2d Mon Sep 17 00:00:00 2001 From: Greg Date: Fri, 8 Nov 2019 11:28:54 -0500 Subject: [PATCH 162/541] revert to 3.6 Signed-off-by: Greg --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 5cc29d45..1be39bc8 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -3,7 +3,7 @@ repos: rev: v1.8.0 hooks: - id: reorder-python-imports - language_version: python3 + language_version: python3.6 - repo: https://github.com/ambv/black rev: 19.10b0 hooks: From c944c0e54a1d5b5aa326b11e83a20b37305b8337 Mon Sep 17 00:00:00 2001 From: Greg Date: Fri, 8 Nov 2019 12:14:13 -0500 Subject: [PATCH 163/541] update python versions in matrix Signed-off-by: Greg --- .travis.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index d9dbbd7b..16fc8a45 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,10 +1,15 @@ language: python +dist: + - bionic + - xenial sudo: false cache: - pip python: - - 3.6 - 3.5 + - 3.6 + - 3.7 + - 3.8 - nightly env: global: @@ -95,6 +100,6 @@ matrix: # password in url is url-encoded (urllib.parse.quote($PGPASSWORD, safe='')) - JUPYTERHUB_TEST_DB_URL=postgresql://jupyterhub:hub%5Btest%2F%3A%3F@127.0.0.1/jupyterhub - python: 3.7 - dist: xenial + - python: 3.8 allow_failures: - python: nightly From 5db76e6dcd772ba3b8aa83cfccb1b15a14b54b26 Mon Sep 17 00:00:00 2001 From: Greg Date: Fri, 8 Nov 2019 12:42:40 -0500 Subject: [PATCH 164/541] remove async test setting Signed-off-by: Greg --- .travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index d9dbbd7b..2dc14641 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,7 +8,6 @@ python: - nightly env: global: - - ASYNC_TEST_TIMEOUT=15 - MYSQL_HOST=127.0.0.1 - MYSQL_TCP_PORT=13306 services: From 948f4c44fd1b1ec351e24eba6d8ca711b8412237 Mon Sep 17 00:00:00 2001 From: Greg Date: Fri, 8 Nov 2019 13:00:44 -0500 Subject: [PATCH 165/541] update docs Signed-off-by: Greg --- docs/source/contributing/tests.rst | 26 ++++++++------------------ 1 file changed, 8 insertions(+), 18 deletions(-) diff --git a/docs/source/contributing/tests.rst b/docs/source/contributing/tests.rst index a59487c0..46360eb7 100644 --- a/docs/source/contributing/tests.rst +++ b/docs/source/contributing/tests.rst @@ -23,27 +23,28 @@ Running the tests .. code-block:: bash - pytest --async-test-timeout 15 -v jupyterhub/tests + pytest -v jupyterhub/tests This should display progress as it runs all the tests, printing information about any test failures as they occur. + + If you wish to confirm test coverage the run tests with the `--cov` flag: - The ``--async-test-timeout`` parameter is used by `pytest-tornado - `_ to set the - asynchronous test timeout to 15 seconds rather than the default 5, - since some of our tests take longer than 5s to execute. + .. code-block:: bash + + pytest -v --cov=jupyterhub jupyterhub/tests #. You can also run tests in just a specific file: .. code-block:: bash - pytest --async-test-timeout 15 -v jupyterhub/tests/ + pytest -v jupyterhub/tests/ #. To run a specific test only, you can do: .. code-block:: bash - pytest --async-test-timeout 15 -v jupyterhub/tests/:: + pytest -v jupyterhub/tests/:: This runs the test with function name ```` defined in ````. This is very useful when you are iteratively @@ -65,14 +66,3 @@ All the tests are failing Make sure you have completed all the steps in :ref:`contributing/setup` sucessfully, and can launch ``jupyterhub`` from the terminal. - -Tests are timing out --------------------- - -The ``--async-test-timeout`` parameter to ``pytest`` is used by -`pytest-tornado `_ to set -the asynchronous test timeout to a higher value than the default of 5s, -since some of our tests take longer than 5s to execute. If the tests -are still timing out, try increasing that value even more. You can -also set an environment variable ``ASYNC_TEST_TIMEOUT`` instead of -passing ``--async-test-timeout`` to each invocation of pytest. From d05d92c03ad39b14f415e5b594207b480a21752c Mon Sep 17 00:00:00 2001 From: Rollin Thomas Date: Wed, 8 May 2019 09:45:54 -0700 Subject: [PATCH 166/541] Doesn't need this --- jupyterhub/spawner.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/jupyterhub/spawner.py b/jupyterhub/spawner.py index 356319de..5523e9e7 100644 --- a/jupyterhub/spawner.py +++ b/jupyterhub/spawner.py @@ -628,6 +628,10 @@ class Spawner(LoggingConfigurable): """ ).tag(config=True) + def handle_auth_state(self, auth_state): + """Pass optional auth_state to Spawner.""" + pass + def load_state(self, state): """Restore state of spawner from database. From f37864cfd39c6d21c3cd0697e894b266652e8ab0 Mon Sep 17 00:00:00 2001 From: Rollin Thomas Date: Wed, 8 May 2019 09:46:23 -0700 Subject: [PATCH 167/541] Call hook in handler --- jupyterhub/handlers/pages.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index 3bc97c34..c9159362 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -67,6 +67,9 @@ class HomeHandler(BaseHandler): else: url = url_path_join(self.hub.base_url, 'spawn', user.escaped_name) + auth_state = await user.get_auth_state() + user.spawner.handle_auth_state(auth_state) + html = self.render_template( 'home.html', user=user, From e815210cc7b10d034d3c119f99e50f50d154c175 Mon Sep 17 00:00:00 2001 From: Rollin Thomas Date: Tue, 14 May 2019 08:56:52 -0700 Subject: [PATCH 168/541] Make usable via config without subclassing --- jupyterhub/handlers/pages.py | 2 +- jupyterhub/spawner.py | 28 +++++++++++++++++++++++++--- 2 files changed, 26 insertions(+), 4 deletions(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index c9159362..734c257d 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -68,7 +68,7 @@ class HomeHandler(BaseHandler): url = url_path_join(self.hub.base_url, 'spawn', user.escaped_name) auth_state = await user.get_auth_state() - user.spawner.handle_auth_state(auth_state) + user.spawner.run_auth_state_hook(auth_state) html = self.render_template( 'home.html', diff --git a/jupyterhub/spawner.py b/jupyterhub/spawner.py index 5523e9e7..4639cb69 100644 --- a/jupyterhub/spawner.py +++ b/jupyterhub/spawner.py @@ -628,9 +628,23 @@ class Spawner(LoggingConfigurable): """ ).tag(config=True) - def handle_auth_state(self, auth_state): - """Pass optional auth_state to Spawner.""" - pass + auth_state_hook = Any( + help=""" + An optional hook function that you can implement to pass `auth_state` + to the spawner after it has been initialized but before it starts. + The `auth_state` dictionary may be set by the `.authenticate()` + method of the authenticator. This hook enables you to pass some + or all of that information to your spawner. + + Example:: + + def userdata_hook(spawner, auth_state): + spawner.userdata = auth_state["userdata"] + + c.Spawner.auth_state_hook = userdata_hook + + """ + ).tag(config=True) def load_state(self, state): """Restore state of spawner from database. @@ -958,6 +972,14 @@ class Spawner(LoggingConfigurable): except Exception: self.log.exception("post_stop_hook failed with exception: %s", self) + def run_auth_state_hook(self, auth_state): + """Run the auth_state_hook if defined""" + if self.auth_state_hook is not None: + try: + return self.auth_state_hook(self, auth_state) + except Exception: + self.log.exception("auth_stop_hook failed with exception: %s", self) + @property def _progress_url(self): return self.user.progress_url(self.name) From ca117c251c6681e35958447609ed01bfb7574775 Mon Sep 17 00:00:00 2001 From: Greg Date: Sat, 9 Nov 2019 20:15:43 -0500 Subject: [PATCH 169/541] pre-commit updates --- jupyterhub/app.py | 4 ++-- jupyterhub/singleuser.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index ca27cda5..ce33617b 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -152,8 +152,8 @@ flags = { } COOKIE_SECRET_BYTES = ( - 32 -) # the number of bytes to use when generating new cookie secrets + 32 # the number of bytes to use when generating new cookie secrets +) HEX_RE = re.compile('^([a-f0-9]{2})+$', re.IGNORECASE) diff --git a/jupyterhub/singleuser.py b/jupyterhub/singleuser.py index 6fa4f350..def5ee74 100755 --- a/jupyterhub/singleuser.py +++ b/jupyterhub/singleuser.py @@ -334,8 +334,8 @@ class SingleUserNotebookApp(NotebookApp): login_handler_class = JupyterHubLoginHandler logout_handler_class = JupyterHubLogoutHandler port_retries = ( - 0 - ) # disable port-retries, since the Spawner will tell us what port to use + 0 # disable port-retries, since the Spawner will tell us what port to use + ) disable_user_config = Bool( False, From b1e45cde1e430ea0f33de7053a70288955b30171 Mon Sep 17 00:00:00 2001 From: Greg Date: Sun, 10 Nov 2019 10:03:48 -0500 Subject: [PATCH 170/541] dockerfile cleanup Signed-off-by: Greg --- Dockerfile | 81 ++++++++++++++++++++++++++++++++++------------ onbuild/Dockerfile | 5 +-- 2 files changed, 63 insertions(+), 23 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9277cdc6..e90d4d10 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,31 +21,70 @@ # your jupyterhub_config.py will be added automatically # from your docker directory. -FROM ubuntu:18.04 -LABEL maintainer="Jupyter Project " +# https://github.com/tianon/docker-brew-ubuntu-core/commit/3c462555392cb188830b7c91e29311b5fad90cfe +ARG BASE_CONTAINER=ubuntu:bionic-20190612@sha256:9b1702dcfe32c873a770a32cfd306dd7fc1c4fd134adfb783db68defc8894b3c +FROM $BASE_CONTAINER -# install nodejs, utf8 locale, set CDN because default httpredir is unreliable +USER root + +# Install all OS dependencies for notebook server that starts but lacks all +# features (e.g., download as all possible file formats) ENV DEBIAN_FRONTEND noninteractive -RUN apt-get -y update && \ - apt-get -y upgrade && \ - apt-get -y install wget git bzip2 && \ - apt-get purge && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* -ENV LANG C.UTF-8 +RUN apt-get update \ + && apt-get install -yq --no-install-recommends \ + wget \ + bzip2 \ + ca-certificates \ + sudo \ + locales \ + fonts-liberation \ + run-one \ + && apt-get clean && rm -rf /var/lib/apt/lists/* -# install Python + NodeJS with conda -RUN wget -q https://repo.continuum.io/miniconda/Miniconda3-4.5.11-Linux-x86_64.sh -O /tmp/miniconda.sh && \ - echo 'e1045ee415162f944b6aebfe560b8fee */tmp/miniconda.sh' | md5sum -c - && \ - bash /tmp/miniconda.sh -f -b -p /opt/conda && \ - /opt/conda/bin/conda install --yes -c conda-forge \ - python=3.6 sqlalchemy tornado jinja2 traitlets requests pip pycurl \ - nodejs configurable-http-proxy && \ - /opt/conda/bin/pip install --upgrade pip && \ - rm /tmp/miniconda.sh -ENV PATH=/opt/conda/bin:$PATH +RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \ + locale-gen -ADD . /src/jupyterhub +# Configure environment +ENV CONDA_DIR=/opt/conda \ + SHELL=/bin/bash \ + LC_ALL=en_US.UTF-8 \ + LANG=en_US.UTF-8 \ + LANGUAGE=en_US.UTF-8 \ + MINICONDA_VERSION=4.7.10 \ + MINICONDA_MD5=1c945f2b3335c7b2b15130b1b2dc5cf4 \ + CONDA_VERSION=4.7.12 +ENV PATH=$CONDA_DIR/bin:$PATH + +# Install Conda and Miniconda +RUN cd /tmp && \ + wget --quiet https://repo.continuum.io/miniconda/Miniconda3-${MINICONDA_VERSION}-Linux-x86_64.sh && \ + echo "${MINICONDA_MD5} *Miniconda3-${MINICONDA_VERSION}-Linux-x86_64.sh" | md5sum -c - && \ + /bin/bash Miniconda3-${MINICONDA_VERSION}-Linux-x86_64.sh -f -b -p $CONDA_DIR && \ + rm Miniconda3-${MINICONDA_VERSION}-Linux-x86_64.sh && \ + echo "conda ${CONDA_VERSION}" >> $CONDA_DIR/conda-meta/pinned && \ + $CONDA_DIR/bin/conda config --system --prepend channels conda-forge && \ + $CONDA_DIR/bin/conda config --system --set auto_update_conda false && \ + $CONDA_DIR/bin/conda config --system --set show_channel_urls true && \ + $CONDA_DIR/bin/conda install --quiet --yes conda && \ + $CONDA_DIR/bin/conda update --all --quiet --yes && \ + conda list python | grep '^python ' | tr -s ' ' | cut -d '.' -f 1,2 | sed 's/$/.*/' >> $CONDA_DIR/conda-meta/pinned && \ + conda clean --all -f -y + +# Install python and nodejs packages +RUN conda install --yes -c conda-forge \ + configurable-http-proxy \ + jinja2 \ + nodejs \ + pip \ + pycurl \ + python=3.6 \ + requests \ + sqlalchemy \ + tornado \ + traitlets && \ + conda clean --all -f -y + +COPY . /src/jupyterhub WORKDIR /src/jupyterhub RUN pip install . && \ diff --git a/onbuild/Dockerfile b/onbuild/Dockerfile index 1e1bf8f4..8a215f81 100644 --- a/onbuild/Dockerfile +++ b/onbuild/Dockerfile @@ -5,8 +5,9 @@ # Derivative images must have jupyterhub_config.py next to the Dockerfile. ARG BASE_IMAGE=jupyterhub/jupyterhub -FROM ${BASE_IMAGE} +ARG BASE_IMAGE_TAG=latest +FROM "${BASE_IMAGE}:${BASE_IMAGE_TAG}" -ONBUILD ADD jupyterhub_config.py /srv/jupyterhub/jupyterhub_config.py +ONBUILD COPY jupyterhub_config.py /srv/jupyterhub/jupyterhub_config.py CMD ["jupyterhub", "-f", "/srv/jupyterhub/jupyterhub_config.py"] From b5602028e5391af36638f2d8fa7f68761f80d8e2 Mon Sep 17 00:00:00 2001 From: Greg Date: Sun, 10 Nov 2019 10:46:54 -0500 Subject: [PATCH 171/541] more updates Signed-off-by: Greg --- Dockerfile | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index e90d4d10..ee2bb498 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,16 +30,17 @@ USER root # Install all OS dependencies for notebook server that starts but lacks all # features (e.g., download as all possible file formats) ENV DEBIAN_FRONTEND noninteractive -RUN apt-get update \ - && apt-get install -yq --no-install-recommends \ +RUN apt-get update && \ + apt-get install -yq --no-install-recommends \ wget \ bzip2 \ ca-certificates \ sudo \ locales \ fonts-liberation \ - run-one \ - && apt-get clean && rm -rf /var/lib/apt/lists/* + run-one && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \ locale-gen From 06f89cb5edb2f4e67d432bc58feb2fe5fe530b33 Mon Sep 17 00:00:00 2001 From: Greg Date: Sun, 10 Nov 2019 10:47:45 -0500 Subject: [PATCH 172/541] remove lang layer Signed-off-by: Greg --- Dockerfile | 3 --- 1 file changed, 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index ee2bb498..cb9cb284 100644 --- a/Dockerfile +++ b/Dockerfile @@ -42,9 +42,6 @@ RUN apt-get update && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* -RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \ - locale-gen - # Configure environment ENV CONDA_DIR=/opt/conda \ SHELL=/bin/bash \ From b8c97178622ca1205bb590d515d35785f5d736db Mon Sep 17 00:00:00 2001 From: Greg Date: Sun, 10 Nov 2019 11:22:19 -0500 Subject: [PATCH 173/541] add missing maintainer label Signed-off-by: Greg --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index cb9cb284..34d5724b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -25,6 +25,8 @@ ARG BASE_CONTAINER=ubuntu:bionic-20190612@sha256:9b1702dcfe32c873a770a32cfd306dd7fc1c4fd134adfb783db68defc8894b3c FROM $BASE_CONTAINER +LABEL maintainer="Jupyter Project " + USER root # Install all OS dependencies for notebook server that starts but lacks all From 1dd09094a532f3bce0f6b2523e03cb43fea29f75 Mon Sep 17 00:00:00 2001 From: Greg Date: Sun, 10 Nov 2019 11:52:53 -0500 Subject: [PATCH 174/541] commit files updated by black to avoid exiting out from build Signed-off-by: Greg --- .travis.yml | 8 ++------ jupyterhub/app.py | 4 ++-- jupyterhub/singleuser.py | 4 ++-- 3 files changed, 6 insertions(+), 10 deletions(-) diff --git a/.travis.yml b/.travis.yml index 16fc8a45..579345e4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,15 +1,10 @@ language: python -dist: - - bionic - - xenial sudo: false cache: - pip python: - - 3.5 - 3.6 - - 3.7 - - 3.8 + - 3.5 - nightly env: global: @@ -101,5 +96,6 @@ matrix: - JUPYTERHUB_TEST_DB_URL=postgresql://jupyterhub:hub%5Btest%2F%3A%3F@127.0.0.1/jupyterhub - python: 3.7 - python: 3.8 + if: tag IS present allow_failures: - python: nightly diff --git a/jupyterhub/app.py b/jupyterhub/app.py index ca27cda5..ce33617b 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -152,8 +152,8 @@ flags = { } COOKIE_SECRET_BYTES = ( - 32 -) # the number of bytes to use when generating new cookie secrets + 32 # the number of bytes to use when generating new cookie secrets +) HEX_RE = re.compile('^([a-f0-9]{2})+$', re.IGNORECASE) diff --git a/jupyterhub/singleuser.py b/jupyterhub/singleuser.py index 6fa4f350..def5ee74 100755 --- a/jupyterhub/singleuser.py +++ b/jupyterhub/singleuser.py @@ -334,8 +334,8 @@ class SingleUserNotebookApp(NotebookApp): login_handler_class = JupyterHubLoginHandler logout_handler_class = JupyterHubLogoutHandler port_retries = ( - 0 - ) # disable port-retries, since the Spawner will tell us what port to use + 0 # disable port-retries, since the Spawner will tell us what port to use + ) disable_user_config = Bool( False, From 42d9c31db7b3dd72fa17112eeac9d49a9a90eaf1 Mon Sep 17 00:00:00 2001 From: Chris Holdgraf Date: Thu, 31 Oct 2019 07:44:53 -0700 Subject: [PATCH 175/541] adding institutional faq --- .../getting-started/institutional-faq.md | 156 ++++++++++++++++++ docs/source/index.rst | 1 + 2 files changed, 157 insertions(+) create mode 100644 docs/source/getting-started/institutional-faq.md diff --git a/docs/source/getting-started/institutional-faq.md b/docs/source/getting-started/institutional-faq.md new file mode 100644 index 00000000..c1d28f18 --- /dev/null +++ b/docs/source/getting-started/institutional-faq.md @@ -0,0 +1,156 @@ +# Institutional FAQ + +This page contains common questions from users of JupyterHub, +broken down by their roles within organizations. + +# For all + +## Is appropriate for adoption within a larger institutional context? + +Yes! JupyterHub has been used at-scale for large pools of users, as well +as complex and high-performance computing. For example, UC Berkeley uses +JupyterHub for its Data Science Education Program courses (serving over +3,000 students). The Pangeo project uses JupyterHub to provide access +to scalable cloud computing with Dask. JupyterHub is stable customizable +to the use-cases of large organizations. + +## I keep hearing about Jupyter Notebook, JupyterLab, and now JupyterHub. What’s the difference? + +Here is a quick breakdown of these three tools: + +* **The Jupyter Notebook** is a document specification (the `.ipynb`) file that interweaves + narrative text with code cells and their outputs. It is also a graphical interface + that allows users to edit these documents +* **JupyterLab** is a flexible and extendible user interface for interactive computing. It + has several extensions that are tailored for using Jupyter Notebooks, as well as extensions + for other parts of the data science stack. +* **JupyterHub** is an application that can manage **multiple users** with interactive computing + sessions, as well as connect with infrastructure those users wish to access. It can provide + remote access to Jupyter Notebooks and Jupyter Lab for many people, and can connect them with + other compute infrastructure. + +# For management + +## Briefly, what problem does JupyterHub solve for us? + +JupyterHub provides a shared platform for data science and collaboration. +It allows users to utilize familiar data science workflows (such as the scientific python stack, +the R tidyverse, and Jupyter Notebooks) on institutional infrastructure. It also allows administrators +some control over access to resources, security, authentication, and user identity. + +## Is JupyterHub mature? Why should we trust it? + +Yes - the core JupyterHub application recently +reached 1.0 status, and is considered stable and performant for most institutions. +JupyterHub has also been deployed (along with other tools) to work on +scalable infrastructure, large datasets, and high-performance computing. + +## Who else uses JupyterHub? + +JupyterHub has been used at a variety of institutions in academia, +industry, and governmental research labs. These include: + +* + +## How does JupyterHub compare with hosted products, like Google Colaboratory, RStudio.cloud, or Anaconda Enterprise? + +Like the tools listed above, JupyterHub provides access to interactive computing +environments in the cloud. However, JupyterHub is more flexible, more customizable, +free, and gives administrators more control over their setup and hardware. + +Because JupyterHub is an open-source, community-driven tool, it can be extended and +modified to fit an institution's needs. It plays nicely with the open source data science +stack, and can serve a variety of computing enviroments, user interfaces, and +computational hardware. + +Finally, JupyterHub can be deployed anywhere - on enterprise cloud infrastructure, on +High-Performance-Computing machines, on local hardware, or even on a single laptop. + +# For IT + +## How would I set up JupyterHub on institutional hardware? + +That depends on what kind of hardware you've got. JupyterHub is flexible enough to be deployed +on a variety of hardware, including in-room hardware, on-prem clusters, cloud infrastructure, +etc. + +The most common way to set up a JupyterHub us to use a JupyterHub distribution, these are pre-configured +and opinionated ways to set up a JupyterHub on particular kinds of infrastructure. The two distributions +that we currently suggest are: + +* [Zero to JupyterHub for Kubernetes](https://z2jh.jupyter.org) is a scalable JupyterHub deployment and + guide that runs on Kubernetes. Better for larger or dynamic user groups (50-10,000) or more complex + compute/data needs. +* [The Littlest JupyterHub](https://tljh.jupyter.org) is a lightweight JupyterHub that runs on a single + VM in the cloud. Better for smaller usergroups (4-80) or more lightweight computational resources. + + +## Does JupyterHub run well in the cloud? + +Yes - most deployments of JupyterHub are run via cloud infrastructure and on a variety of cloud providers. +Depending on the distribution of JupyterHub that you'd like to use, you can also connect your JupyterHub +deployment with a number of other cloud-native services so that users have access to other resources from +their interactive computing sessions. + +For example, if you use the [Zero to JupyterHub for Kubernetes](https://z2jh.jupyter.org) distribution, +you'll be able to utilize container-based workflows of other technologies such as the [dask-kubernetes](https://kubernetes.dask.org/en/latest/) +project for distributed computing. + +The Z2JH Helm Chart also has some functionality built in for auto-scaling your cluster up and down +as more resources are needed - allowing you to utilize the benefits of a flexible cloud-based deployment. + +## Is JupyterHub secure? + +The short answer: yes. JupyterHub as a standalone application has been battle-tested at an institutional +level for several years, and makes a number of "default" security decisions that are reasonable for most +users. + +The longer answer: it depends on your deployment. Because JupyterHub is very flexible, it can be used +in a variety of deployment setups. This often entails connecting your JupyterHub to **other** infrastructure +(such as a [Dask Gateway service](https://gateway.dask.org/)). There are many security decisions to be made +in these cases, and the security of your JupyterHub deployment will often depend on these decisions. + +If you are worried about security, don't hesitate to reach out to the JupyterHub community in the +[Jupyter Community Forum](https://discourse.jupyter.org/c/jupyterhub). This community of practice has many +individuals with experience running secure JupyterHub deployments. + + +## Does JupyterHub provide computing or data infrastructure? + +No - JupyterHub manages user sessions and can *control* computing infrastructure, but it does not provide these +things itself. You are expected to run JupyterHub on your own infrastructure (local or in the cloud). Moreover, +JupyterHub has no internal concept of "data", but is designed to be able to communicate with data repositories +(again, either locally or remotely) for use within interactive computing sessions. + + +## How do I manage users? + + + +## How do I manage software environments? + +## How does JupyterHub manage computational resources? + +## Can JupyterHub be used with my high-performance computing resources? + +## How much resources do user sessions take? + +## Can I customize the look and feel of a JupyterHub? +* Branding notebook server / jupyter lab. Custom error pages / support and help pages + + +# For Technical Leads + +## Will JupyterHub “just work” with our team's interactive computing setup? + +## How well does JupyterHub scale? What are JupyterHub's limitations? + +## Will our team have to re-write their code when they want to scale to high-performance compute? + +## Is JupyterHub resilient? What happens when a machine goes down? + +## What interfaces does JupyterHub support? + +## Does JupyterHub make it easier for our team to collaborate? + +## Can I use JupyterHub with R/RStudio or other languages and environments? \ No newline at end of file diff --git a/docs/source/index.rst b/docs/source/index.rst index 274905f5..20b37530 100644 --- a/docs/source/index.rst +++ b/docs/source/index.rst @@ -86,6 +86,7 @@ Getting Started :maxdepth: 1 getting-started/index + getting-started/institutional-faq getting-started/config-basics getting-started/networking-basics getting-started/security-basics From 35ba762c9c1adcda6eb5fcb2b76fe78cf76532fd Mon Sep 17 00:00:00 2001 From: Chris Holdgraf Date: Tue, 12 Nov 2019 17:02:51 -0800 Subject: [PATCH 176/541] fleshing out institutional faq --- .../getting-started/institutional-faq.md | 104 ++++++++++++++++-- 1 file changed, 97 insertions(+), 7 deletions(-) diff --git a/docs/source/getting-started/institutional-faq.md b/docs/source/getting-started/institutional-faq.md index c1d28f18..a6412e28 100644 --- a/docs/source/getting-started/institutional-faq.md +++ b/docs/source/getting-started/institutional-faq.md @@ -47,10 +47,13 @@ scalable infrastructure, large datasets, and high-performance computing. ## Who else uses JupyterHub? -JupyterHub has been used at a variety of institutions in academia, -industry, and governmental research labs. These include: +JupyterHub is used at a variety of institutions in academia, +industry, and governmental research labs. It is most-commonly used by two kinds of groups: -* +* Small teams (e.g., data science teams, research labs, or collaborative projects) to provide a + shared resource for interactive computing, collaboration, and analytics. +* Large teams (e.g., a department, a large class, or a large group of remote users) to provide + access to organizational hardware, data, and analytics environments at scale. ## How does JupyterHub compare with hosted products, like Google Colaboratory, RStudio.cloud, or Anaconda Enterprise? @@ -125,32 +128,119 @@ JupyterHub has no internal concept of "data", but is designed to be able to comm ## How do I manage users? +JupyterHub offers a few options for managing your users. Upon setting up a JupyterHub, you can choose what +kind of **authentication** you'd like to use. For example, you can have users sign up with an institutional +email address, or choose a username / password when they first log-in, or offload authentication onto +another service such as an organization's OAuth. +The users of a JupyterHub are stored locally, and can be modified manually by an administrator of the JupyterHub. +Moreover, the *active* users on a JupyterHub can be found on the administrator's page. This page +gives you the abiltiy to stop or restart kernels, inspect user filesystems, and even take over user +sessions to assist them with debugging. ## How do I manage software environments? +A key benefit of JupyterHub is the ability for an administrator to define the environment(s) that users +have access to. There are many ways to do this, depending on what kind of infrastructure you're using for +your JupyterHub. + +For example, **The Littlest JupyterHub** runs on a single VM. In this case, the administrator defines +an environment by installing packages to a shared folder that exists on the path of all users. The +**JupyterHub for Kubernetes** deployment uses Docker images to define environments. You can create your +own list of Docker images that users can select from, and can also control things like the amount of +RAM available to users, or the types of machines that their sessions will use in the cloud. + ## How does JupyterHub manage computational resources? +For interactive computing sessions, JupyterHub controls computational resources via a **spawner**. +Spawners define how a new user session is created, and are customized for particular kinds of +infrastructure. For example, the KubeSpawner knows how to control a Kubernetes deployment +to create new pods when users log in. + +For more sophisticated computational resources (like distributed computing), JupyterHub can +connect with other infrastructure tools (like Dask or Spark). This allows users to control +scalable or high-performance resources from within their JupyterHub sessions. The logic of +how those resources are controlled is taken care of by the non-JupyterHub application. + + ## Can JupyterHub be used with my high-performance computing resources? +Yes - JupyterHub can provide access to many kinds of computing infrastructure. +Especially when combined with other open-source schedulers such as Dask, you can manage fairly +complex computing infrastructure from the interactive sessions of a JupyterHub. For example +[see the Dask HPC page](https://docs.dask.org/en/latest/setup/hpc.html). + ## How much resources do user sessions take? -## Can I customize the look and feel of a JupyterHub? -* Branding notebook server / jupyter lab. Custom error pages / support and help pages +This is highly configurable by the administrator. If you wish for your users to have simple +data analytics environments for prototyping and light data exploring, you can restrict their +memory and CPU based on the resources that you have available. If you'd like your JupyterHub +to serve as a gateway to high-performance compute or data resources, you may increase the +resources available on user machines, or connect them with computing infrastructure elsewhere. +## Can I customize the look and feel of a JupyterHub? + +JupyterHub provides some customization of the graphics displayed to users. The most common +modification is to add custom branding to the JupyterHub login page, loading pages, and +various elements that persist across all pages (such as headers). # For Technical Leads ## Will JupyterHub “just work” with our team's interactive computing setup? +Depending on the complexity of your setup, you'll have different experiences with "out of the box" +distributions of JupyterHub. If all of the resources you need will fit on a single VM, then +[The Littlest JupyterHub](https://tljh.jupyter.org) should get you up-and-running within +a half day or so. For more complex setups, such as scalable Kubernetes clusters or access +to high-performance computing and data, it will require more time and expertise with +the technologies your JupyterHub will use (e.g., dev-ops knowledge with cloud computing). + +In general, the base JupyterHub deployment is not the bottleneck for setup, it is connecting +your JupyterHub with the various services and tools that you wish to provide to your users. + + ## How well does JupyterHub scale? What are JupyterHub's limitations? -## Will our team have to re-write their code when they want to scale to high-performance compute? +JupyterHub works well at both a small scale (e.g., a single VM or machine) as well as a +high scale (e.g., a scalable Kubernetes cluster). It can be used for teams as small a 2, and +for user bases as large as 10,000. The scalability of JupyterHub largely depends on the +infrastructure on which it is deployed. JupyterHub has been designed to be lightweight and +flexible, so you can tailor your JupyterHub deployment to your needs. + ## Is JupyterHub resilient? What happens when a machine goes down? +For JupyterHubs that are deployed in a containerized environment (e.g., Kubernetes), it is +possible to configure the JupyterHub to be fairly resistant to failures in the system. +For example, if JupyterHub fails, then user sessions will not be affected (though new +users will not be able to log in). When a JupyterHub process is restarted, it should +seamlessly connect with the user database and the system will return to normal. +Again, the details of your JupyterHub deployment (e.g., whether it's deployed on a scalable cluster) +will affect the resiliency of the deployment. + ## What interfaces does JupyterHub support? +Out of the box, JupyterHub supports a variety of popular data science interfaces for user sessions, +such as JupyterLab, Jupyter Notebooks, and RStudio. Any interface that can be served +via a web address can be served with a JupyterHub (with the right setup). + ## Does JupyterHub make it easier for our team to collaborate? -## Can I use JupyterHub with R/RStudio or other languages and environments? \ No newline at end of file +JupyterHub provides a standardized environment and access to shared resources for your teams. +This greatly reduces the cost associated with sharing analyses and content with other team +members, and makes it easier to collaborate and build off of one another's ideas. Combined with +access to high-performance computing and data, JupyterHub provides a common resource to +amplify your team's ability to prototype their analyses, scale them to larger data, and then +share their results with one another. + +JupyterHub also provides a computational framework to share computational narratives between +different levels of an organization. For example, data scientists can share Jupyter Notebooks +rendered as [voila dashboards](https://voila.readthedocs.io/en/stable/) with those who are not +familiar with programming, or create publicly-available interactive analyses to allow others to +interact with your work. + +## Can I use JupyterHub with R/RStudio or other languages and environments? + +Yes, Jupyter is a polyglot project, and there are over 40 community-provided kernels for a variety +of languages (the most common being Python, Julia, and R). You can also use a JupyterHub to provide +access to other interfaces, such as RStudio, that provide their own access to a language kernel. From da790617e33afd67892bc6c4a8cab3debd3a90a3 Mon Sep 17 00:00:00 2001 From: Chris Holdgraf Date: Wed, 13 Nov 2019 11:53:20 -0800 Subject: [PATCH 177/541] Update docs/source/getting-started/institutional-faq.md Co-Authored-By: Tim Head --- docs/source/getting-started/institutional-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/getting-started/institutional-faq.md b/docs/source/getting-started/institutional-faq.md index a6412e28..adf157fc 100644 --- a/docs/source/getting-started/institutional-faq.md +++ b/docs/source/getting-started/institutional-faq.md @@ -5,7 +5,7 @@ broken down by their roles within organizations. # For all -## Is appropriate for adoption within a larger institutional context? +## Is it appropriate for adoption within a larger institutional context? Yes! JupyterHub has been used at-scale for large pools of users, as well as complex and high-performance computing. For example, UC Berkeley uses From 3641abc70faa2de0ac68caa39308f527172ccbca Mon Sep 17 00:00:00 2001 From: Chris Holdgraf Date: Wed, 13 Nov 2019 16:20:25 -0800 Subject: [PATCH 178/541] more content for institutional faq --- .../getting-started/institutional-faq.md | 32 +++++++++++-------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/docs/source/getting-started/institutional-faq.md b/docs/source/getting-started/institutional-faq.md index adf157fc..d6174797 100644 --- a/docs/source/getting-started/institutional-faq.md +++ b/docs/source/getting-started/institutional-faq.md @@ -20,14 +20,14 @@ Here is a quick breakdown of these three tools: * **The Jupyter Notebook** is a document specification (the `.ipynb`) file that interweaves narrative text with code cells and their outputs. It is also a graphical interface - that allows users to edit these documents + that allows users to edit these documents. There are also several other graphical interfaces + that allow users to edit the `.ipynb` format (nteract, Jupyer Lab, Google Colab, Kaggle, etc). * **JupyterLab** is a flexible and extendible user interface for interactive computing. It has several extensions that are tailored for using Jupyter Notebooks, as well as extensions for other parts of the data science stack. -* **JupyterHub** is an application that can manage **multiple users** with interactive computing - sessions, as well as connect with infrastructure those users wish to access. It can provide - remote access to Jupyter Notebooks and Jupyter Lab for many people, and can connect them with - other compute infrastructure. +* **JupyterHub** is an application that manages interactive computing sessions for **multiple users**. + It also connects them with infrastructure those users wish to access. It can provide + remote access to Jupyter Notebooks and Jupyter Lab for many people. # For management @@ -36,7 +36,7 @@ Here is a quick breakdown of these three tools: JupyterHub provides a shared platform for data science and collaboration. It allows users to utilize familiar data science workflows (such as the scientific python stack, the R tidyverse, and Jupyter Notebooks) on institutional infrastructure. It also allows administrators -some control over access to resources, security, authentication, and user identity. +some control over access to resources, security, environments, and authentication. ## Is JupyterHub mature? Why should we trust it? @@ -57,17 +57,18 @@ industry, and governmental research labs. It is most-commonly used by two kinds ## How does JupyterHub compare with hosted products, like Google Colaboratory, RStudio.cloud, or Anaconda Enterprise? -Like the tools listed above, JupyterHub provides access to interactive computing -environments in the cloud. However, JupyterHub is more flexible, more customizable, -free, and gives administrators more control over their setup and hardware. +JupyterHub puts you in control of your data, infrastructure, and coding environment. +In addition, it is vendor neutral, which reduces lock-in to a particular vendor or service. +JupyterHub provides access to interactive computing environments in the cloud (similar to each of these services). +Compared with the tools above, it is more flexible, more customizable, free, and +gives administrators more control over their setup and hardware. Because JupyterHub is an open-source, community-driven tool, it can be extended and modified to fit an institution's needs. It plays nicely with the open source data science stack, and can serve a variety of computing enviroments, user interfaces, and -computational hardware. - -Finally, JupyterHub can be deployed anywhere - on enterprise cloud infrastructure, on -High-Performance-Computing machines, on local hardware, or even on a single laptop. +computational hardware. It can also be deployed anywhere - on enterprise cloud infrastructure, on +High-Performance-Computing machines, on local hardware, or even on a single laptop, which +is not possible with most other tools for shared interactive computing. # For IT @@ -108,6 +109,11 @@ The short answer: yes. JupyterHub as a standalone application has been battle-te level for several years, and makes a number of "default" security decisions that are reasonable for most users. +* For security considerations in the base JupyterHub application, + [see the JupyterHub security page](https://jupyterhub.readthedocs.io/en/stable/reference/websecurity.html) +* For security considerations when deploying JupyterHub on Kubernetes, see the + [JupyterHub on Kubernetes security page](https://zero-to-jupyterhub.readthedocs.io/en/latest/security.html). + The longer answer: it depends on your deployment. Because JupyterHub is very flexible, it can be used in a variety of deployment setups. This often entails connecting your JupyterHub to **other** infrastructure (such as a [Dask Gateway service](https://gateway.dask.org/)). There are many security decisions to be made From 7c434adcb2f088b7c4b64a75c7ac81a7b5afd5d7 Mon Sep 17 00:00:00 2001 From: Chris Holdgraf Date: Thu, 14 Nov 2019 18:04:51 -0800 Subject: [PATCH 179/541] adding more organizations to institutional faq --- docs/source/getting-started/institutional-faq.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/docs/source/getting-started/institutional-faq.md b/docs/source/getting-started/institutional-faq.md index d6174797..e1d5ae56 100644 --- a/docs/source/getting-started/institutional-faq.md +++ b/docs/source/getting-started/institutional-faq.md @@ -55,6 +55,19 @@ industry, and governmental research labs. It is most-commonly used by two kinds * Large teams (e.g., a department, a large class, or a large group of remote users) to provide access to organizational hardware, data, and analytics environments at scale. +Here are a sample of organizations that use JupyterHub: + +* **Universities and colleges**: UC Berkeley, UC San Diego, Cal Poly SLO, Harvard University, University of Chicago, + University of Oslo, University of Sheffield, Université Paris Sud, University of Versailles +* **Research laboratories**: NASA, NCAR, NOAA, the Large Synoptic Survey Telescope, Brookhaven National Lab, + Minnesota Supercomputing Institute, ALCF, CERN, Lawrence Livermore National Laboratory +* **Online communities**: Pangeo, Quantopian, mybinder.org, MathHub, Open Humans +* **Computing infrastructure providers**: NERSC, San Diego Supercomputing Center, Compute Canada +* **Companies**: Capital One, SANDVIK code, Globus + +See the [Gallery of JupyterHub deployments](../gallery-jhub-deployments.md) for +a more complete list of JupyterHub deployments at institutions. + ## How does JupyterHub compare with hosted products, like Google Colaboratory, RStudio.cloud, or Anaconda Enterprise? JupyterHub puts you in control of your data, infrastructure, and coding environment. From 629e829f8a9bdfffa678fa0d5e187bdd27272bcf Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 17 Nov 2019 14:32:17 +0100 Subject: [PATCH 180/541] Test raise error on missing specified config --- jupyterhub/tests/test_app.py | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/jupyterhub/tests/test_app.py b/jupyterhub/tests/test_app.py index 0fb3abb6..643927ed 100644 --- a/jupyterhub/tests/test_app.py +++ b/jupyterhub/tests/test_app.py @@ -6,8 +6,10 @@ import sys from subprocess import check_output from subprocess import PIPE from subprocess import Popen +from subprocess import run from tempfile import NamedTemporaryFile from tempfile import TemporaryDirectory +import time from unittest.mock import patch import pytest @@ -39,6 +41,24 @@ def test_token_app(): assert re.match(r'^[a-z0-9]+$', out) +def test_raise_error_on_missing_specified_config(): + """ + Using the -f or --config flag when starting JupyterHub should require the + file to be found and exit if it isn't. + """ + process = Popen( + [sys.executable, '-m', 'jupyterhub', '--config', 'not-available.py'] + ) + # wait inpatiently for the process to exit + for i in range(100): + time.sleep(0.1) + returncode = process.poll() + if returncode is not None: + break + process.kill() + assert returncode == 1 + + def test_generate_config(): with NamedTemporaryFile(prefix='jupyterhub_config', suffix='.py') as tf: cfg_file = tf.name From f0b5446ec3307149c4ad03fe44bdc50f0f86fb1b Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 17 Nov 2019 14:32:40 +0100 Subject: [PATCH 181/541] Raise error on missing specified config Closes #2819 by exiting JupyterHub directly with an error if a config file has been specified for the config_file traitlet, for example through the -f or --config flag, but isn't available on the file system. --- jupyterhub/app.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index ce33617b..5ec5423b 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -57,6 +57,7 @@ from traitlets import ( Float, observe, default, + validate, ) from traitlets.config import Application, Configurable, catch_config_error @@ -310,6 +311,19 @@ class JupyterHub(Application): config_file = Unicode('jupyterhub_config.py', help="The config file to load").tag( config=True ) + + @validate("config_file") + def _validate_config_file(self, proposal): + if not os.path.isfile(proposal.value): + print( + "ERROR: Failed to find specified config file: {}".format( + proposal.value + ), + file=sys.stderr, + ) + sys.exit(1) + return proposal.value + generate_config = Bool(False, help="Generate default config file").tag(config=True) generate_certs = Bool(False, help="Generate certs used for internal ssl").tag( config=True From bef561511f483471837547d47444f08755c5c873 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 17 Nov 2019 14:38:40 +0100 Subject: [PATCH 182/541] Please reorder-python-imports --- jupyterhub/tests/test_app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/tests/test_app.py b/jupyterhub/tests/test_app.py index 643927ed..863d0e06 100644 --- a/jupyterhub/tests/test_app.py +++ b/jupyterhub/tests/test_app.py @@ -3,13 +3,13 @@ import binascii import os import re import sys +import time from subprocess import check_output from subprocess import PIPE from subprocess import Popen from subprocess import run from tempfile import NamedTemporaryFile from tempfile import TemporaryDirectory -import time from unittest.mock import patch import pytest From 731faf29c8a505c5052c12714906612f2841c8df Mon Sep 17 00:00:00 2001 From: Greg Date: Sun, 17 Nov 2019 21:16:09 -0500 Subject: [PATCH 183/541] revert to specify xenial with 3.7 Signed-off-by: Greg --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 579345e4..8b29cbb6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -75,7 +75,6 @@ after_failure: echo "or after-the-fact on already committed files with" echo " pre-commit run --all-files" fi - matrix: fast_finish: true include: @@ -95,6 +94,7 @@ matrix: # password in url is url-encoded (urllib.parse.quote($PGPASSWORD, safe='')) - JUPYTERHUB_TEST_DB_URL=postgresql://jupyterhub:hub%5Btest%2F%3A%3F@127.0.0.1/jupyterhub - python: 3.7 + dist: xenial - python: 3.8 if: tag IS present allow_failures: From 9ec4e6d1d131194f299795e51a624e966056a557 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Mon, 18 Nov 2019 18:56:08 +0100 Subject: [PATCH 184/541] Add inline comment to test --- jupyterhub/tests/test_app.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/jupyterhub/tests/test_app.py b/jupyterhub/tests/test_app.py index 863d0e06..bc59176b 100644 --- a/jupyterhub/tests/test_app.py +++ b/jupyterhub/tests/test_app.py @@ -46,16 +46,20 @@ def test_raise_error_on_missing_specified_config(): Using the -f or --config flag when starting JupyterHub should require the file to be found and exit if it isn't. """ + # subprocess.run doesn't have a timeout flag, so if this test would fail by + # not letting jupyterhub error out, we would wait forever. subprocess.Popen + # allow us to manually timeout. process = Popen( [sys.executable, '-m', 'jupyterhub', '--config', 'not-available.py'] ) - # wait inpatiently for the process to exit + # wait inpatiently for the process to exit like we want it to for i in range(100): time.sleep(0.1) returncode = process.poll() if returncode is not None: break - process.kill() + else: + process.kill() assert returncode == 1 From e16ca97e1cbd7b997382d30d3099a7c1600e37be Mon Sep 17 00:00:00 2001 From: Chris Holdgraf Date: Tue, 19 Nov 2019 09:45:06 -0800 Subject: [PATCH 185/541] Update docs/source/getting-started/institutional-faq.md Co-Authored-By: Tim Head --- docs/source/getting-started/institutional-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/getting-started/institutional-faq.md b/docs/source/getting-started/institutional-faq.md index e1d5ae56..fa9db68b 100644 --- a/docs/source/getting-started/institutional-faq.md +++ b/docs/source/getting-started/institutional-faq.md @@ -48,7 +48,7 @@ scalable infrastructure, large datasets, and high-performance computing. ## Who else uses JupyterHub? JupyterHub is used at a variety of institutions in academia, -industry, and governmental research labs. It is most-commonly used by two kinds of groups: +industry, and government research labs. It is most-commonly used by two kinds of groups: * Small teams (e.g., data science teams, research labs, or collaborative projects) to provide a shared resource for interactive computing, collaboration, and analytics. From 1910bfacbd0c823f4528309ab8037136f36b3e76 Mon Sep 17 00:00:00 2001 From: Chris Holdgraf Date: Tue, 19 Nov 2019 09:48:00 -0800 Subject: [PATCH 186/541] Update docs/source/getting-started/institutional-faq.md Co-Authored-By: Tim Head --- docs/source/getting-started/institutional-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/getting-started/institutional-faq.md b/docs/source/getting-started/institutional-faq.md index fa9db68b..af993b68 100644 --- a/docs/source/getting-started/institutional-faq.md +++ b/docs/source/getting-started/institutional-faq.md @@ -91,7 +91,7 @@ That depends on what kind of hardware you've got. JupyterHub is flexible enough on a variety of hardware, including in-room hardware, on-prem clusters, cloud infrastructure, etc. -The most common way to set up a JupyterHub us to use a JupyterHub distribution, these are pre-configured +The most common way to set up a JupyterHub is to use a JupyterHub distribution, these are pre-configured and opinionated ways to set up a JupyterHub on particular kinds of infrastructure. The two distributions that we currently suggest are: From c194cb079e14cebf8b65271454c5d2a38f8e5f35 Mon Sep 17 00:00:00 2001 From: Chris Holdgraf Date: Tue, 19 Nov 2019 09:49:14 -0800 Subject: [PATCH 187/541] single machine not vm in docs --- docs/source/getting-started/institutional-faq.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/source/getting-started/institutional-faq.md b/docs/source/getting-started/institutional-faq.md index af993b68..501d311b 100644 --- a/docs/source/getting-started/institutional-faq.md +++ b/docs/source/getting-started/institutional-faq.md @@ -99,7 +99,8 @@ that we currently suggest are: guide that runs on Kubernetes. Better for larger or dynamic user groups (50-10,000) or more complex compute/data needs. * [The Littlest JupyterHub](https://tljh.jupyter.org) is a lightweight JupyterHub that runs on a single - VM in the cloud. Better for smaller usergroups (4-80) or more lightweight computational resources. + single machine (in the cloud or under your desk). Better for smaller usergroups (4-80) or more + lightweight computational resources. ## Does JupyterHub run well in the cloud? From c8e4d689780713e5430ae17643ea68d03ca05d63 Mon Sep 17 00:00:00 2001 From: Chris Holdgraf Date: Thu, 14 Nov 2019 18:45:48 -0800 Subject: [PATCH 188/541] updating to pandas docs theme --- docs/environment.yml | 1 + docs/requirements.txt | 1 + docs/source/conf.py | 30 +-------- docs/source/contributing/index.rst | 21 +++++++ docs/source/getting-started/index.rst | 1 + docs/source/index-about.rst | 11 ++++ docs/source/index-installation.rst | 11 ++++ docs/source/index.rst | 88 +++++---------------------- 8 files changed, 63 insertions(+), 101 deletions(-) create mode 100644 docs/source/contributing/index.rst create mode 100644 docs/source/index-about.rst create mode 100644 docs/source/index-installation.rst diff --git a/docs/environment.yml b/docs/environment.yml index e8f9d380..2a4044ff 100644 --- a/docs/environment.yml +++ b/docs/environment.yml @@ -26,3 +26,4 @@ dependencies: - alabaster_jupyterhub - autodoc-traits - sphinx-jsonschema + - -r requirements.txt \ No newline at end of file diff --git a/docs/requirements.txt b/docs/requirements.txt index 93b1e665..cf69b427 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -7,3 +7,4 @@ recommonmark==0.5.0 sphinx-copybutton sphinx-jsonschema sphinx>=1.7 +git+https://github.com/pandas-dev/pandas-sphinx-theme.git@master diff --git a/docs/source/conf.py b/docs/source/conf.py index b7d9f7c4..3a057fc8 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -74,10 +74,7 @@ source_suffix = ['.rst', '.md'] # -- Options for HTML output ---------------------------------------------- # The theme to use for HTML and HTML Help pages. -import alabaster_jupyterhub - -html_theme = 'alabaster_jupyterhub' -html_theme_path = [alabaster_jupyterhub.get_html_theme_path()] +html_theme = 'pandas_sphinx_theme' html_logo = '_static/images/logo/logo.png' html_favicon = '_static/images/logo/favicon.ico' @@ -85,31 +82,6 @@ html_favicon = '_static/images/logo/favicon.ico' # Paths that contain custom static files (such as style sheets) html_static_path = ['_static'] -html_theme_options = { - 'show_related': True, - 'description': 'Documentation for JupyterHub', - 'github_user': 'jupyterhub', - 'github_repo': 'jupyterhub', - 'github_banner': False, - 'github_button': True, - 'github_type': 'star', - 'show_powered_by': False, - 'extra_nav_links': { - 'GitHub Repo': 'http://github.com/jupyterhub/jupyterhub', - 'Issue Tracker': 'http://github.com/jupyterhub/jupyterhub/issues', - }, -} - -html_sidebars = { - '**': [ - 'about.html', - 'searchbox.html', - 'navigation.html', - 'relations.html', - 'sourcelink.html', - ] -} - htmlhelp_basename = 'JupyterHubdoc' # -- Options for LaTeX output --------------------------------------------- diff --git a/docs/source/contributing/index.rst b/docs/source/contributing/index.rst new file mode 100644 index 00000000..a2f47abc --- /dev/null +++ b/docs/source/contributing/index.rst @@ -0,0 +1,21 @@ +============ +Contributing +============ + +We want you to contribute to JupyterHub in ways that are most exciting +& useful to you. We value documentation, testing, bug reporting & code equally, +and are glad to have your contributions in whatever form you wish :) + +Our `Code of Conduct `_ +(`reporting guidelines `_) +helps keep our community welcoming to as many people as possible. + +.. toctree:: + :maxdepth: 2 + + contributing/community + contributing/setup + contributing/docs + contributing/tests + contributing/roadmap + contributing/security \ No newline at end of file diff --git a/docs/source/getting-started/index.rst b/docs/source/getting-started/index.rst index b1e509d9..40234a69 100644 --- a/docs/source/getting-started/index.rst +++ b/docs/source/getting-started/index.rst @@ -10,3 +10,4 @@ Getting Started authenticators-users-basics spawners-basics services-basics + institutional-faq \ No newline at end of file diff --git a/docs/source/index-about.rst b/docs/source/index-about.rst new file mode 100644 index 00000000..e6c07980 --- /dev/null +++ b/docs/source/index-about.rst @@ -0,0 +1,11 @@ +================ +About JupyterHub +================ + +.. toctree:: + :maxdepth: 1 + + index-about + contributor-list + changelog + gallery-jhub-deployments \ No newline at end of file diff --git a/docs/source/index-installation.rst b/docs/source/index-installation.rst new file mode 100644 index 00000000..b7388c81 --- /dev/null +++ b/docs/source/index-installation.rst @@ -0,0 +1,11 @@ +================== +Installation guide +================== + +.. troctree:: + :maxdepth: 2 + + installation-guide + quickstart + quickstart-docker + installation-basics \ No newline at end of file diff --git a/docs/source/index.rst b/docs/source/index.rst index 20b37530..640536bd 100644 --- a/docs/source/index.rst +++ b/docs/source/index.rst @@ -2,18 +2,18 @@ JupyterHub ========== -`JupyterHub`_ is the best way to serve `Jupyter notebook`_ for multiple users. -It can be used in a classes of students, a corporate data science group or scientific +`JupyterHub`_ is the best way to serve `Jupyter notebook`_ for multiple users. +It can be used in a classes of students, a corporate data science group or scientific research group. It is a multi-user **Hub** that spawns, manages, and proxies multiple instances of the single-user `Jupyter notebook`_ server. -To make life easier, JupyterHub have distributions. Be sure to -take a look at them before continuing with the configuration of the broad -original system of `JupyterHub`_. Today, you can find two main cases: +To make life easier, JupyterHub have distributions. Be sure to +take a look at them before continuing with the configuration of the broad +original system of `JupyterHub`_. Today, you can find two main cases: -1. If you need a simple case for a small amount of users (0-100) and single server - take a look at - `The Littlest JupyterHub `__ distribution. +1. If you need a simple case for a small amount of users (0-100) and single server + take a look at + `The Littlest JupyterHub `__ distribution. 2. If you need to allow for even more users, a dynamic amount of servers can be used on a cloud, take a look at the `Zero to JupyterHub with Kubernetes `__ . @@ -74,10 +74,7 @@ Installation Guide .. toctree:: :maxdepth: 1 - installation-guide - quickstart - quickstart-docker - installation-basics + index-installation Getting Started --------------- @@ -86,13 +83,6 @@ Getting Started :maxdepth: 1 getting-started/index - getting-started/institutional-faq - getting-started/config-basics - getting-started/networking-basics - getting-started/security-basics - getting-started/authenticators-users-basics - getting-started/spawners-basics - getting-started/services-basics Technical Reference ------------------- @@ -101,18 +91,6 @@ Technical Reference :maxdepth: 1 reference/index - reference/technical-overview - reference/websecurity - reference/authenticators - reference/spawners - reference/services - reference/rest - reference/templates - reference/config-user-env - reference/config-examples - reference/config-ghoauth - reference/config-proxy - reference/config-sudo Contributing ------------ @@ -126,31 +104,25 @@ Our `Code of Conduct `_ - `Jupyter website `_ -.. _contents: - -Full Table of Contents -====================== - -.. toctree:: - :maxdepth: 2 - - installation-guide - getting-started/index - reference/index - api/index - troubleshooting - contributor-list - gallery-jhub-deployments - changelog - - .. _JupyterHub: https://github.com/jupyterhub/jupyterhub .. _Jupyter notebook: https://jupyter-notebook.readthedocs.io/en/latest/ .. _REST API: http://petstore.swagger.io/?url=https://raw.githubusercontent.com/jupyterhub/jupyterhub/master/docs/rest-api.yml#!/default From e802df966855e5964ab6c1ffae8eeb4a8e630b93 Mon Sep 17 00:00:00 2001 From: Chris Holdgraf Date: Thu, 14 Nov 2019 18:57:49 -0800 Subject: [PATCH 189/541] updating hub logo --- docs/source/_static/images/logo/logo.png | Bin 38404 -> 6529 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/docs/source/_static/images/logo/logo.png b/docs/source/_static/images/logo/logo.png index 7cdfc55bc9480f1e2614871301d0e10445d6fbed..f5f0188ed5a029d68259013baf5ed9be9832315d 100644 GIT binary patch literal 6529 zcmZ`;c_38p_m+Jd#*k%98e?BWvNdQ1W5|{$`(DNt!pE*K_H_`ll|7Upds$*MWF4}F zFvyZD38CaSzW@LJxc9!xx#vCax#xZFbDlTB#7Gyw3}&XHq5|llwN0t0sKJ!74^`Fw+D~Kw; ze0=cmX_;L)+G;T6nXG^Lwsc^Pz5!2L!aPx@v58LmJEyj!CB*uaj{DM)8tLEgZ-1z;*I>Vuq#|}BrbCsLl@ozTM!_=Xe}o!+MnPnubOcsDSR)3UP@%dcN0 zR6dcJeD#GydGqhzrGxZrDU{bY;Zib+P=&^6r{TTk=cewNPSKQBU)M=L#Z+2c@!qe} zywtc0xyw>pW4DZmnrv53@>KaLisSifevHjL4m*EUvT|Wy2uqF8kG92UG$Ppak|6^5 zX8A-*@YSo@pF`VQ4@o&q7Kac3Wnx$}w1+zQmrszCnS6XjWl^B->#UH?)*sA>Re6Pj_SK` z?Q6v($b|x-Acmr4CVT#$xA@7FYI({JIONeNp;&3-YL+R3h<0p(*vt__$F&aQO`1K^ z4Zp5|;G}=&936a=S)=7aX+*n`yJz5b$OxcjjcgK%CI;yl)`vCh1yQ^}+o#E={dwzk z_$_VEA3L$uduz!{-&7VC({ghV6ce(R7DiX<4Ogmn#TXdwp;{axaeW3L2t~2Q!mQ}& zTW))cqqv#Is&~0@1R34~h6uJ%evemjV}b=gp?TwX5$I@IM7nU)wd%oTm4{kzWXJ$d z|FAe+JFjm47UsGY)tNkdTs`-dgGWG9b_7s3VJV>%9eQ)Ll@)uCb8f)KCd*+Zhs!UG z1WgXI#V0GCT3pKs4FDn~h4g6It+-4@uoJh&`TSjg{CFs8=OqECU!{5T^kZ?_iE#l9 zjt8*$$WjCte-5q3+5-9Ssb6=%r zA(Eb9!2}oroP2S-f4}OIYiHkk{_cMoyPQ2je5(()ejW!4u#GZ|WfgN>tT@^d62;4g z{(rJ^5jGo2i*NXl*&qSufv|Zu)RpnV|Mbpi5p@YohEpo)c?kS=fP0Gdmpdwq zQ7&>WkN+n9QAl+Td8k)9|Gus5)7Nu2WXBPO=5_`0HpQaCqDccqj{avg2*u$aBIERX zbZ+}9o7ceWVVp_Z0w;f|S)v@Q#qqL@T~J0*`ug1W!%)VZl^|lO9+Btt-Lp0&pwjqy zhuwMk+0}AT?VH~+uN@b5bE1?dru-~6B1WixAM?V-MRIPZ$*CNLpT%tD1P+%AX1mt< zxrDLq=fx2y@y}jg*r#6=@OMMqPE5b5i(%}b_uI@pfU!sMw4i0$ffU)he46n;QGQD9CJx@zIy{@>_ zmRYSMYas3EuN9Tl!Y9U!_i3F7!ah6J@f@yo_7a;nji2g!XwzL;L-Ha$r`)quuy6N|MJ@=>c zJAwODXa2mj-4bdG*wrEW9v&Uu&H%9=H5LEF#UfoGruO7905&FF=^xE5yMBc}d{VH#KRF;J9YhlaAErRmz7hhu6 zvwQ3xWk_dL^C3X9Nu@C>NMNR2RM>jZi@K+!B{D*5jT6XvHvB zAfKN3r_jHlSByWVUBP}L!y!e-M!;=}F8oN4n5v*$%hH?+hpSK*Zv!4eybg;^lEX#4$vHn>|&4I4-K>H`Pd<=zKJisbJw!W z3)0eb$DA8zB>J;Nhgk8ZAN|3~n}yuK&}=8g(Cmj@g59ydnt43!dZiuE^7Q?@Xxci*{F2h#Ybgn{S=6+CyJ5J=!#$TQ4kPQRR|mEn zS(i0JIs57xEcTO?9-cp=B`R2D%_OGKkG@I5)bnsNsX79hDwp4UoD;&5Ubl)U@`BRI zH@@GPdUOEaJK^E>4v^Q*Xax+I-L$|O)+Q$6Me8tXN_T5b|xnru_ z#iIZxuW~Pq#_cuzVnlysq`6&JEBOkp9V{D*1|egtGOV$NBkv||(vX?&R@Lu9q%wIt z-$YfXS+ZakLr0BA$D4D3?hm^XQ=C#nIMBt2coFk(-=tsqp31b&*O+o(@_#yG3=P&f z?=LZ>_jq;2#0K86p?U$+vRtJhmEzL8$6AtwonAl2h%5G2U$2q#un!AC+0$DKm)dJ% zay5jGMlgaETbpM#((US<42w;I64SqVee-*@GExj<(0pavnvGQ&#UyBr(F6PWp#7|N z;FNJYw_dT4%qN*1QQNITU;B-cS#7>o)Ae*-xdk`lE0j98ZJK}ILBq>*g|6Z~>RG2y zpzP&SmnNu~%d=Or#|123C6WvR&c5vV;9yQAupR3!x@73S_YddzUuJdjc ziAt;lcR#Tp!%u>nz_kM?-59-@OvSG(M_2G=lxleQnLnD>o?qHu)uNCTvmOw z@^i*$0+GJkfjQs5J}_1W51w(I2Dvl+Wc#1JF>=fwzXoL1Lm6dRixPBh?-u~$B|OKg z7Wia?AQh~&7l3;)yu8J@G1B6@35@Gu%e@*sh*Xt7eWu&Y<#?{xzb-!dr z*U5FMs&eB2B_!xGNA>0TjEW+qntA*L*KKgCD0Q(@UL@|wAvd-1SI6}wvV4Hy_I?59 za;hTh(3aUuEOw9}sjR^s$4-|J&ZaL) zG4%3+AKP!U0N`Hv6*y5d)pc^hwcX@XWgesgW&wGbk*{68{Q>ru_25bHm5%EMlkyqR z1|lr0jMGIz=^l+l;F3I&rW`R-R#lMpDluh*K(1Xn4EC01cyQ@Lb&RndXMA9u%#CKJSKJbQ|B`M&;S(w@x%YgA-tz?tF5SJzcYFNXF3O$Ep{%-bxoCyUYxR?oKVBm)i)pTp2j4{tte{7xgW zi&|`Xa?Dm5bdboQIg_k%-my`%M&2XA(u&!p1eNrIm7od>mcq?Db7uL%(xHmYYvgo8 zug4#neio_BJoaS8DUsI4IZOV5h&+FSQ^g2eefTXFI0t`dGfHb+lNRw3uz5SF<=nKG zp%~3rR!e%8<=hav_l&2Wqwi;ZdP~Mjf_Tn@nmY#_S7{?V|6TnO*{Dw0);*H;KDAiM zwFc4pV;lw87MrvwX-e#jI2T(Kx}JmYU0J~5gSkPi$%AX_CvZqA{aE9`>idyPINx{f zU+J3o!OOP>RD+(1_13Iv=m)q%$nWSXY>VIaejL1W*#ihzfikB0YE*7w^>{Nm9$zi8 z5a`o^^gUxT4-Z2C+kIPOeN#HFd-j^cEHeMBL#X|(pIlFM&MEsUuOSt)e$erUf|)sA zH$~X4-MCAb^>&ymO+H+FtrGmawcZ;icLIrWzPc=&X|~hDu38*ZSG_vK8Zop-l!hx( z@@{H;v_(Xoni&6Bna*75R^$Q*9E}N4rQk;va+cGIy(w(P#=f)}azACGvO`lQ@b`ze ziNeE|kH)Yq8-QNqJsl!A`KZT-AyQ8)!De#e`Th(7Gck3OfS~>QZcX4wwP&~1P&OTZ zDB!DNTN4D(k_?t^?4B%2VHC{CEPoL$wd#Z+bf%5oAA#m|Qj+x+Ri-zKNR%MVtW@8OxW>gEkvkE}V*NgUCNyWI?i7)CG= z9GK^_zLnJaY4_jKr?3muZ{9Cg`fFf4*l24{`eD=kVx9pDu=LwY`&^xDG>~$;Q97Kj zLVSfIooivsXqj$*YIlrt#mz#c>PC2RsZK8 z{?6S+xImDRr-(>or2l}F&l0U8YXU4G4^@1LA?Z^+2nefJrV zG%wrm(_xe-oNw7Tj96A#I68iCMQE)^=|f6Pxv3LjIup+=bIsofL9+msxau^O<)N9n z(g6lUgmg`}KIv*XIL>k;ZW6a?1mb##3Jh0dPe$HSmu9dPNz^+|vdweIU^=CQ6wHc9 z=-?ZmBB);D@5?+YeZR_S@eK&Y2SbPU^>@|=t)A@UtE4s{nM8~41cPe1`F$bY%T@1R z1v=AfRqL2pYk39uQxA&-u$%MM4rs?EEvrni8;(jcR`$;9pg!BFWeh{}cA)bPwt3IB zoSruHh?w(+30Zk!x}#kt-mX{FrT731yCgF*>xUjs>Vds{&h^f$jG(|Gdhkg73DbeID|WPIBJQ+J(hrha48pah+~L z^s;cpA;Rol{`NWHJ$Po}(oU37f+6(}gEEz<|jft`tYXWygue zd~NohbZEGu<`RMN3I5BD8R&;M{d%yn54QDn%_ORJ4USbeFY!JU1Nd7v zIX=avXFJF!KHW}-C5Ty;P{GRdWTle>^V4m}QgfgD&2KfOaVZ27I@z%475!VRc}yT7 zUG;F&DVXy_B2>V)Y1SxbWnDqgJaMPu)=^pR3V9xA9b0RbZ=IElR&?WYy zQ0OBEq?90bzUPMS3U@T-oicmedOXKm^NttGY0a4LGI`M(t286z&r#So^Io11mOb^mzfS!AkaJQS-U#}!55^XJB zP>Q2NRe3im2CndgdtTw-(<#z!iaaS2%v>PDz!D0Kf^P^lB$M-dwlWq%DJEz-K5%(G}O-5@ZXNf__!pj zK1;VRpi~nvzLD*C5XL9FcMv#_bHsqwV`u)-)o#jj{yR;vTclu*$2)W~iekQyhOFnn zajTuL^Yinn%>;XPFEzI6UfcJ-KBqP~zKA3I*~=29A?@6ZPh(k?FNwWPP3v3yzwx;&IKQle>5nV)V_6BQ zF5eiVZk-!Nkl0dtJ#-@xjGN4s#hL1T`x7?~Nc~(4Ixk;BSM8U&-}T+5FzT=tIC$@2 zn0SzY{po=_h5i&Q`y-vxlKoTP->qHkf?aiYu*7&~&3p@&<-Mqm2YJuvP)K87MxC@` z?kA&*qPH|lio&FT=MzIpE!}z^1je)n+*<qDGtH@=X6J4CU5 zwD)?P)S>5kngIV zILy+$7?vj=iq+7ZKY5a}vCqCc* z;rFaHEEcow%-v_tnSJ&v4iSp-66h!|Q9vLNx|F1-G6)1u3Ic(LkioziQQ@g<;1`^; zvV<_GYLest_yg)7spSj;5m5jAfs<0EItPISK~kbZsvdC1UyyuA20Onx##6Tr*R6Ob zw(qWa!)*sT_7!ZB!|5z5OBa$NnD;u5)qDYA68gSJI9>PR#O;9>P$yc z#vZgxLVdm4oxR#4h@uTL^-a)H{$Q z{UQH81c~9K>22w(!vAx^A3|5@ff)ya{`>If0Ipb4oWc6f2@q6K`-1epVUoky0#`KT z7Et_OSUC+_@BbULAb1H`QQJyHO632-60{oh{%;8WkOu6WhMCZW(Ekg|e~5EXnMRuh92^{&T2*FBih8*^d@Gv{2_Rd(T%T>Tg;gMYElP40k6X_t2MiPW{c$Dt`QE)?7RKsGC0up83|boK1qQh;!} zkPYw8W?!&PW($xRHzy_}evN&#+$xibb#m^46OIJ5>K6{lKO}I-13akC=QRwBI;2g$ zg`vIjIy&Eci9Uk|9iW1fE>G*IIL3p<33lM7v3dXAs_vSR&$alLwM{EKWtV~|MV^Ap zT&2dKC-*z#FDj_QO%t%!=W@YksMe}Czi+TAkOfoakOLjLfB!!{{l401qGn5hD`G zCIFxC{|X(yfBZFkWw>XNt=Hwl&FWf9fOAd&;1hd2rY2zY{*VvQ3fSb*oR14mtms(dC6tm9&3R3D#n}g+c?@@meFj zwpzVDjsq<)3U__NrpUje0FyiHPvwH7Z5X|nm2Geun?4Uol1Bq5st-A}2$)Hd8fQuJEC6;5{+hQ~2R>jN4DzYWn@=p)sLmRhj8#9WNQLN10s({& zhRFTJf&n1pq@*M~LP8{mz|%ZWPtP{F8B(Z68ZeYFCejS~ze6E+xY!!pccR;j<(%#W zRjir;0qD93Et35086xo<^ZSN(ZZr4M4!)HxMf8J`)uMeR2!baEwZ|UkN;VW z=c-g_wXqTs6U!B~#iIC+T&aN^Y3LJh{3}NkQ#D5Yf{{lII^9C>U-m4cARP+82p<;W z-UIQ4dxIxFbABQSDw4|(FSq_K13sk!X4~XZpZed|PY?w8%xSOR>a+`zpVDY>J^Fqh zJ&gk$00Z+tvnBEv{_hxEj_2N7Vja$xFOYjV$H$*B*-*jJ0!heJG=A|n2M)Xer|-Q) zyCRfI*)La3W2msOfXn?IYMK9D-I64@+UCmZdP*`fM6o53-R1jQ>-7;OoB|fzS%i9B zJQWrj1mhK7i_Jn+e;8)=d*{8r5Y&Y#JsByfQvH1KAVhTSrVl?_q!QB(-tgjhf<;0x zRy(Xz1`c0&{hGiokHU}l4?|Asv6P3?&hYAKi=$&5WPURS%9fma2XlHl&aMtO5yg%))9bGAN`f($m>0}APMO~JF;PZj@ z^j(4p?^JI>K5sSt7m+Qe$#{Bhq@aB#;ip)$#A^F-T&cKZ6@_=ky~!UK&>Z&4gfqwxkvlfvArl1Pp{?tdxm`$mm_71Hrf66 z<}Eory`}alRhd`q4Hgsgd5;MuI)NgDS6UGVPh(UXa+Xss%jk3cZ1yX25Agg_Z?=gDTE zU28vXHNlr|pASC^J8f79T&aIb?t~;Ix)~?Y=L#)fUM~w;sY%{M6R(UU(z585`5s$u zeQ|foXUa)@2sPUR-aa)F10T2d;}G>K&5Iw!*`b=y$EvQIr?W820kvWiMHCU0LMQ8X z-o~VtgrSY2oR%4BYp*Ff+sE`;P*6~c9)Ak7yPc}u3~x?LC&T1Aj;c6pm$(?d8B<|3 z1M_z4_e}lvCbh%$;ryTH)wA;tsGXnNPrKS>7OHZWBk~ZU<&%%~G%{Pyx3biFxh2JF zFCxoWa@2Cgn1(9`qA4Pcr{6a?^acX;IcyP8R@THy%(~Hs3E*(Rd$RRZdyM_Vd|qe!J*hy>gCB{6cJy#_qLPffvxuv} zuT}1LA~+dtu0>adY9qk7#>13?Sds}psHmaExSuxu~~{Fk`TG;V;5+exWrZL6cwquy4eD`j$z*`hn^c<0n!^50th*s+#+6-s+U^s@;W153xF75(M% zb}$HWn8~0E&Flk=!Knrl5*sP9u={IaP_*xgV36UL8OsV)c%QviJe^9H&z-gIz9LHa z%&1HDIV04PTv1iGqBpX4pfCZaznzY@cIB)u;Rg8LQKK^ds)6~u6;vDkzHTQgxw7cn zS{cMz@F5u0h6%$D#@-UMmu$$VT8sp*BXYfgzW7;?w%&$^@VG>X z5R3=^Yip+V&*P&{e7F5NKh>0c2lGmZ%f#n*N_zR?F?h-1M_7ew4a4?q1O9kzBE)2DKVL=AQg$aA zPA@5-5_aQaPV=ui^oMgO8iqJAo=@RpexMpq(Hf>%r)9UU9e2@h@1HIFj=h_kD9arY z5iv<0Gm>C2nHj(;vOqo={4xj`S3^-(E(iB28k&@vKGeX1TSC#qoE<(g;B|c{mOxsl zMrBoB#YM?%a(^{nu5NYU5EP0|`?N2iEz8Z`7Y_@|=~G1m)0;gqaf|IoY4ET~L8(W> zk;?2n#pJPyd$bRH=FknK`C2d3P1^>Dm8T69$asA3uLh$CS!6?qK~+~R_e05__CKqt zMnYT|A9qz$RERk~gx}g4AqZRHt9P)Ib^|Re_vKP~we`WD;0WCIoBiCuB!ky@YJS*a z6(FA)80JTYs?3$$Uo-A4eZlX!jHqJ5XG55A()+w$-YHYPkVxB!kZp^WG_jkxHb_SVSH62s3bZAT@kA;R#!xQa; zPEJmB_4Urq&ZwxUEThzBJYJ?9KL$={Sy>oSZz_N_0|thmX4b*x1Eo4j0`u=5j&YpQq$Nwc_-jZr}8=?{koddkgdB zf~j^4-b9#Ewh)BR?xrP5h97Vjgao5ZvVMz{0zcfGeN7|S!`;;VM6A3baC?;De>tS6 z{%dc7#fk_8MY>#Z|3Vk%Tm(dR(7fi+uR!t8kDZ3nk=A;?a`ngjT;U;VBjxoXBdytE z^-5E);&`{_AuX@NmZ!PjwC2prRD5Fd2%xp5Si|Zg)HJ`qOzcfYAb%PRi!?0qEo4d8l*x(%|@R zdfCv_@Ua?72t(o3lO4Z_diW{cM-!6?3u4DfChW^v=%vaRZb>nG={MjGp;a&ng!GAS z>`&+4!bP_ttn8#TbMB$kw$*swoWi{W`Y>``23c?~7MJ7W?bX37CK=DpxhVws6|bKU z5CcgHW}fC|!VT))V=|k+P)^kSn=~@n&NGFG7o1`F)E+(IFK{XRWm$(c^S9z^(_~S5 zsSvZz37I^@p*Z0@aM9)`i?#4F*qga#9d~9gr%}AG4@2IC%72!&+6~4Ti}ObW%MdW> zx0yyP{_LG3@$0%dTK}`BV+UPN!ASjdGXAh(C0<_F4$&Wx@DDA!=_IOh6m79lbi8M31SV8j}MrK554z{W3ux=u2}2ze!$lRl%-Tj@;nHK z?MjQu!|$Llj4$-)bPR{$8-}-K&DN`JDnBRNQc5&`qws>VvVSG)QkZ+ifVtD)?_7$|^4M1HjD_2ULiq%w-c;sfE2@^zJ%+^LXperoIA=Qd44l%!5W?jr+c5d*Q5Px_vZZH;TO%+tFKMG89okw}mbuyWnW z;G-xY&x*@=J;$k=MhRyD+4$M@;Roxi`s~xgjr~kP#5925;t^;62DMR}#de1jt%a{b zsP-fM@|s80Yd_g(zUoYr9x*#Oa!W7?hZr+K&=7bWOAtRw~m>()85^ z22I(JaR@Wi!*3{x@Vk#Gf6tAh2#6Q6DB7FHu5BzfLC^)+=XzcPdDf7m9p^A|2F9}x z)R-WchAgPD+wmLJuO0%e4jZRDS37+D@sq=f8|H5qD(qTrs-%tqjj zr8kugHHFwX4hV2u8ee=*^s68)gM$u2uSW~tNqO(YTwd$6=P-T%LkAe(a;t(Hgd2Xg zpLJ#Epbs1mnt$Dj0Z}rT{;`6%s&(kOi+!vOgi|Kwb@&G>#R-N(u=rJvv*BD3&geZ_ zoabPo1$nsv~1T|o^*@%M?xlFo1ZIH8SKF)*m0U0gnmBBVd&_;2hikqgoUJW3caWH~=U3=KvnWh*t5i z;hCHeKJ-EMe*j986=`~vl(9EjyxNmW;9@1I0}c`!aq)t`GDs;qr5 zAgx1%1qY_|zz+%(2f0?L3%TN#Yot6yz73E`eH(!YK=d2o8aEu|Xi!if;!sqfEwZBC z4}T+$za67~5c=o8m>e1I5N0S}vXCq56dB>(dT$%e+m`f3Wk_|yda{SkvsxyYc z2)F5Ibau0_UZI@VdiYzvwr^Ppz}Nu(37-Ra?)8O2ILN4QbU|tB1LDI)06rWmnnxNK zxFQ9c{b=wSPSPB_G`}E#Nh80x&`5!@!~KALX=ggs3Yrah8D)DX=8C`X+jmK2C;?Iu zk&%`jP!cz3&L8l>alj5B(!oqq>=tRYMjxFAfG#(6u1i>Z@YN}XqYbt)#!y9MiDJ+MmB{NMUs);5WKWO>?Xt z{%WZ{GX0ABD|1C-|E{#mhg4Blv$h;FCukAzXs-~^5_lO*SX)Es2+ z-XJk#BxzH0D%@R>MjWh;E!f+Vq$D+ z3CTdeZ<)zKn*Xw;1W+!o1ODQ-E*~wQ?!w|?ldr_m^smW^q13G$q43w z3RCs*&$Hz00?hbP3mXa%1bthruU>u812v-8?$Sr%vrN?f9Y_RWhvj>fp7+jhd?3)J`K)0cH+n-w z9i_;N9urvY28rbzC;2lKq+W z4q#CQar~=zK0bF4RZB}sw)}a1*rkxBj|hYU)iwYqHj!)=Vs&qXmDDT+@Jv*d#YTds zlr1s$ZcWXpG6;XV3RxR;@M{nu#0)y1Ir^Q|KA?cvEGEZCMugxb>3uk3$plE(j_UXd zlSO+WP|@t3JML=2abIrZ6Ul)Jg9nO;ldz=9+leY4V+Udw3R9b`*s=C)CGtyDdSXgG zjWn+_g9Pu`U&|Z>(?!mOd$a@!ex*RkMZjiI+B(yGtLIfUF} zuQv`K>4#3loMSaxRK%~Wo$e1nU(qno5LMkr-g9duyW6s_0|v$qMkDZ~bSlLN)&X&O zDJWzo$eKfKeR=O@nJS*RDqNFgY?QZ4za7kwst>cD;)8`XavQe@OAD*|lz_!jSFwq0 z2)fhp+weBeHMR0P-QC_-9JbJua@9s3Px1PwQg3LGCSjEVo;m)Jb({~WKp1mtAzCZG)Ay58x88F?pL+8eHYUjC0I)PJ(?Nn z!lT!EWL*C)p4#F5>L3J_F!EL{&wRg(M(*=sW8lnaEZQ$Aa$!gx_A9)Hdo_~VFOl!R zQoz)L+j^~6gh27ND1_bRzA15zqN|RcKO*U{7F(Tv-d`ULqLDuv`(g@L(YxS(mbAhT zIU0aT0n;aHK3!ndkNRiMIFyA#RIN}5bDEn*G$D&$uceK!@{3a=oq~o0(SbCf)Y1i3 z06@%;ayvmHQJC0?pG!@KqFIKtYK~D0lc@>J69j{icjWK%E+RkLlve0!Z^QaOju&2P z8xDnHBi|go)|7cJlrdBzeHKl|{`3`*Q8i?eIh1i9Uo(0TtG^kgod#-%;{d>ph3-Nb zgJEEbd7iCxn!&jS&PY#$Nk|F8!!f`DaspAQJ{V=`KX$6?Ivh+qRPU}Xvc7MzrYj5F zCJ3`Qz|qVki0;pzU2A*XO*QDV*TYb!mp zeON&}UHU^aefc_i&(6qf zq5(Cvu;_0^=?X7fQj$KmWD1_@ zaG_ejVWWrKOT-Ev!k#4z=0x838k2V1AEqctXFx&i?10e}FElW@v$M03dPc|HM2#Ga z@4ceuIk4?hh7b^2oQ6z(DAAj_5EvDd{IBJWCJ0zENU0re&o_bGjMk`aJ&r)EH6f#sazDL8rH>4NFE*Pr;NDY)uYB`DiLvIzeUsy5Afxkm)UeJ;h zlNayoiJbLw!*YyzKFUzr(rL6EN1+z%&A>_pa`$_w` zc*ck@f6pXi%6rMmni0ef;TNLadeA7M_@G6S! z16!iwED^HXJf}bLisXDfaG0zUCsSwgp~@*6%4@K)h62v z2MxkD6uB~`{2@RjyKah^k!DiR{sn@gC_dM~c9C`y;gUBh!emN+p_^wp5e@XtdpEjh z>V<1J7H#DZ2!miFYX9YTABRxoL#xXaKKCuZt5^se5}|e28&5|k<{;;fB`FmKmq*p0 zVa>o?9%xYi0ae5q5G*?wz+O2?L%s;p%JnM^kqo~XzuHtOHk;7{g%msdwnw_Z)-SeD z`>^(L?HE6_+KET(Wq89tTM=&sP9B z!2|@zs`e%6f|Iy{)A>DeL}Xs%Q&}Ddt^1>DBBrsPa@$o^!~?V;#m3EdF~-uH=aA+q zf+hC6)Sl1pY~(Y!;4-Gvl(mi0U@d|q27Rg0#GWTbBjOckQJ!?{8nRIuYz>fEU2x*u8t zSBE35+;Muo1v!)P<)7RB>`CTj(j{rK{`33wYqJPRj+JQDWk_<}H;&h@G zl^rUiN`XR0in7nTgQuT&23TEX6cj#Dg`H0ZiPq6p(32ty{=MaZwBScywWMGWHv&b- zbZN=(n;&RYz}jSU&>5TTZ}q7|tIN;E#0Y2zCm?0f9v#9#-_uC0^te5!f07g6&uouQ zq%wsr(}*T7GQ+Rp<)L7PhoTc3*T61c{VY-2Nv|L3LGE!pTxoSqI}@pZu~H9= z@KCz4&ec5d~k5#`P{paa6dCzJY@ ziNIu$mXSG{DU{h4a{f?uod|HoNLZK>A)p;Rnuh^?Hkzm4-$c&AnSm)zpE6l->N5pP z7q{(>^-LIs*r6U#AV0PpIltqrHM1h~+3itCuzkM-IW4Wl(f3LZP2KFf2d`61XgDld zRZK=T;#pZcRU6#EH9y!fqNTQFP9y%bRbcbp1xlK*t6^?VtEx`e5W4u;mn z58NM7JxhI(px6__?|vUD{8_4^+0!s^;RaOv6_T;kO7c{-^xT07-?uk9jjxtBcGZY7 zTUe}B3}OBemUGS~xY>SS?3YBit8|?p_Ra#}vwttag1^?|RjBXgsFT zAljz3N$U<+DpqOAAoSAZ`)h2q2D~K2@?UrmFk#oAj@$wmk8Ql~o1dnz4q=44=o}Qn5N2h1Vf|#eD)nD? z)X|JM6sIg2a*mFUf4MO39Z<5W#$rAofpgdqsBKw0%)$0fNB3Pza&kbwe8UetcSrH3 zQP$rG_y{u#hTxOj2KPk3ykgMpClH+VB@pJ+HVb8s-oB1Yb7Uhy`PSt|t8Q0`&9%3@pqg>#fvj;@>$v9v^ z8BDBa3ZwvKr2{!^W;9BJ(b{$hgm0|4*-w6*C`+^)eAfl|0KDly$+Z``#ZliUC12c- zEWn4#ClK_B8Um{QIYtxv8qmXF72=Nz>*-B$6MUOIt~Z~k8;BYQ$j|Mg=~K(coo%H+ zWHrrAD*WVQUJk!OW_)vQ)7YOlfa#&#G~SNc{QjIV`cnW&PTdDMKO=HJuP;2V8|ijh zjO?0oo&cni+Vj=z>IBqT$IUdl3)juenD>w60qQh*VF?cOQBgrk z%4)fZu^@Q?&^JAwP(sU}(wKV48S}hgu%1vhpeP99H^ZxTIWWTu>+ME`a63wZE(mKD za2KFMn}yBCtnAbzWi?K^Fqjrv)oX`-+ts$l@e3~iDjaDjIzM1jy)sc9T372*@gqtN zOzESgm_#aJ&oAc23FijSsj;|A1sz}+Uy#S~@Ja2ADC-${;?m>*VhJ7Qpm^X6jHAk= zq?5~O2YHKzyrURTnUz9zn~|@CyqH-W-`b2X`=6}_!=<5ebiX?-!3@+ zz@F!)2NpQv);*{KE**@kj9&gzx=4~bi}RZ&7YM0pu|hV-q}u}wc1-F|en6CeX%ZDC zMa~YsWz=!Ha|#I#o*F;@0K}nz)l*k25{6;4Aiyn4jcZB9Cxw*-tMV&R(Qe)9LQ{FY z5#x8cBNeSgK@pN98!ml8;7w@~Oi<1IF323<(t996LPnd<@L}Jp);&rKb|T20rd&92 z0D~6b0NEG`WX2^bVnuoL!*ASgBg|{xXr@32lbWuQ&!sk#1OL}b_(_ES0Wyj4&3+(m z@}e7!e5l2jI+IprEG}Q3hy4p&EnYXfv87s{-NU?@5aCMgB0_w8jfymqP!y{Kz-rV1 zbg<`17cp|w)`R^BZx0>c$(r@aS($;iHk%by!v_#)VR!Jthp_aX&e-WUpX^?3Y}(*f z%Y7S}cv@axU#quYpVae~MawCdew#|}(EKLb9xy2B%7Ds;Ycok^KYEM~BgK4R1WN!f z5wSP*NM?&1Fk_!*L}WG>;0f+Wi1kq3OmlXG;Ho{{UvEn6-mTTaXHnLe{5(ys|LIjW z@__+J0|Fe&1#PneM{*C7+goo|)?9!EI9GldiDIIPA{O$liYR&TWb%ywlitFjb@{Gv z?&2Y(H{gDe1@+Eu*4Sj;;&$S9?*J;F1lp5}?-@v%-hifR5<7CVMZ@1J8s&yZxbW+; z6Pktr8%ONlxydI6s%k@?4T=zG(4Gt%hOlDuzQp}_aV%HZm6fD!&2PsIeCrFl(vpJA z1SlPBVjTFd*CGKDoEO+2T&OHR0wHC0n6FeTSEtI@IcTG+ zT=BTeDH$M2Ui2D~S9)i+k`_4{v+&9GpUpo^Sb`>K>mzLkaEE(uv481vdGvb;5Y}6rt`xl(P22=WV%HW#~_}?BVs%mQ6 zjhpfy12!)q!C7Y%JbVtlIu+Ft5jxmF!)`@3=~jdAU+bBp6lm*opZQv-n>T0tS;1)cV&(rJhJo9__|L zJ2DgPZc;6I9;xw}>0>mfIqNGPz$Y~If~T>@;u|R)Op@L)P)fsyDkXCC&8TH+f9l*| zRH}S7cVhO(=Yf&Lg(`i3BmVHcK`Q3uJTAQ|v)&I&PL9vl}+A>!7zoSB~35kkuFaY-lRBRrAc;_)nn?aCQ8#>q5nXH`DNlc$CBCeGl zR#rMX0t1iU#&uO6&d<8MPmhd>`nH?>wMwn4Q8$}WuAE@tQ)R+fYPD|HGyA(ve>hB- zO3}p$z-}s7SX3|9Sjm`wPpM3wQrjI(fnR={De+n~Cqk^!Z`W>DuO!vuZML2D8qRr^ ziin^nLt5l)>P^F#uA5G>U#ijXYQvQTgclpN(39<7v+j+`Pp(ignVovMj zBDJW!iNKbxbCrQqeeX?tjw3GBSp4IZ2Tyf<0!&X98_ick)oi|h;rS9{e7mR*Yn>}l z>i_usgnts#U=uq0RdYB3m-hSykfJWPBR~mhsyH9#i+@=HdXf?an9`2XNB#nv;G>z| zaIbHm|IA9Z2rJY;_?iJ~PI{Ki;xw1Fw z-nY3rp%}_Zj!yfd^W~O1<4k*bYwy)LLD6^w`aRvVg?$M2Hs4G1tL;|x-?yQ^niJ^s zWTS25dJ`mvPuu}0J0d_h7`Ree?%_p;({kF{w9=MWxK4ZnE4$-4heMsfmd;p7*tR zl%?hjsEcM>LS|C%+XVZmXV-n?y$@vaTJ?TGO6-d-IQIVZm$vV3>>xcb~=I85JJt?$K5`L!wvnZE#aPKaYL8~@e~Nh;$iPKEiES# zn~g+Hc;*Vs;@e*4L}M2cgU(h)1pUL{3IdtW<47$oEx64>kmyg7solf3xr5iCtB?Ec zWL3&q{l_{=ju%?x?Ms*H0xq}1GSwYj#@E{GeqyXhm=6HEalF>KELBL?0a$0Rj}}A> zHw(pX#xuERs}7g#+R=IXPb~%SEStWB&T2;KC7uuae|Yb4PL7wQ_hJXNmbwao=6dP| z5&dQO+1oofJgAQ$3ks@INzIUm5#`^_lMMVg;kh6U*!owt!yX?40E6o^SmsuCmAr)M z47mjk-B{+XtoC1ldMSiI?CbGl{BP3vp*SklsFo)|OP| zBonwBzXLDF3&`*;u~C$rqs%ez^K+r17%tWr`LsP0BB@WQZ6UR;_tk;?`nM67)&L52 zSn=Q%afqEKT}E0-3i9U*e)3*hjdDddz=0vrwE8Y1#)MSM(7{@isoU3BzBfOyq^mT$ zot*Hx-MLi))DKZlkjW>mV6D0JKX*(H6_<=JL@~^B^gS-Vwci}S;`LJPY;z^i_McS{ zZ|5*z)U(s@+svc>(AT>#o5(3La5SjUOT1pBfdJC9Xl;qzTDhK zU~D)25jm#8kir02)lOr4B{6>2f0o7Ow+7Ej*Uf@wVRU>xVv!Y9RTY>Q2t#op8EjUm zsqwfl-cixJ>+3Da^56ERnF%;%d= zygctnA&7?Z6{J>bR?2998T%I2-Z0(8f=+wnW~)u?teY_u*&6nAu_O=?fLoonzPw%*-ndwg{4-xFmjd0y{{na+%l954Ka_yZp~?LTx(oV zE6Z&3(RAqN8#R@UMw8KIAJpaumgbn-ugia$_#$Qb_Rcy?q6wz!H^v5=gaA*5)lMbn zawFW`VGDjF?iZ3i6gk>K(HD}Y`#6nNWm@@&ZL@_cfNoo+^j=PW+IWq?+dq>p`Mt$+ zU$XSKi&8fJYOT)upqtf`4x>7%Q_A$;avL<6tWWiTwda8}QWGOs7V>Gz?P)r*s*mpW$Bn50vj z2kzf8Xx?u6VK9&>d@+JCto3C)gji$`@ko#5v*PkQyl-=jx1W#L+KOU&zDpL9N%?^< zqMLp8@#n?b!_t5L7XU?xTJZ0S>sSdqdPmAOc+VJeJU2?>mskA?MVO?E>++?`??87n z?yg#wTZJ;n%Z_^=FzhhXt)va#p?!`?4Y%_;Ih;qlK9WWfQrXN|H+IY}Ji_EBzisRH zNhC@Bxqpoak&;7|vH@txbo-%$;}IK(cqyv^D}b@{HgV%8&&;itkRd`&KdOqK z<{LB56c$`+7B?|`8&jM+_QGUFXRcxsic>%UjQ*yi^-^Bd;gzI}^CA0d1=GGph?A2u z3$m#-sp$Mhz!Obud#9Sr5g@$(-e0MOe_my~h%L?bd+sKa3mB^(iM?QSnaO^>w9XGj z$4Z?^vrixTw%>lL1{ z;gVGO=lNN$>*JKnB&wL;G{FK22@+1#z5 zKBc~9PAhyTR#Yh8cYX4`k~mXB&P3iguo~EQ5ofHq5!%9rGR760`_jkON!tPNWMK)? zs4J@4E;ogg;1CjiyZ}2?1SU96h57hX(eK6RlMV#U@^-6WyJ`(+KG%>1iA$d*5xfQo>}@;qPyHb3)#z zbPe*b4vz9`$$rtaz(3H*oT;!%%vx zOlIwBBuPK^L)?mL50^$S1f3gjfK!vw3x+At%eHDC!lV!fds^Mk)>yx?Zn`^+T{4(k z16xE~af9*Hs|}rA1}xMZlw#BSz3-ugcR#OeUR%l)k<15+*UPqNgMMpxUNm=Oum`st z6PhRKdz@M|qT;QrvFuSOC{fjnZQH)KQ^UJ8p7c3BETPNcZ#e7eO)g(pOb+oQS?HxkIqX2?VHHWA{voD@0v&WK^m=Mt5c!D^JB4G#;tp>a*m~9 z^&0TLZW!*cC6W=iEzRgW>X-Jj(=3cQq*)| z8xGl0((Yw@<#bs8jsMrHBCs5CX_xQARv2Lu1~T?rg&Vp6rGB7TnJVtboTW|s&0u!X zuNwQH3*#`>Ysc;D;M9`d->Ag=`KDJhe8UjNO}|i4Pao0fG_PE~^vYF=Uw5KLcBYPn zQHT9(tx=`5F4u3`^=#&a_Sd?|RqvbLiLpyXy7U%j9``G@Vv(=wn$^!NC#r?H< zN<9nP!b*$uVH>YQcH3@~V^jMbDALfB6tZ{@+P&Hc+EDDyszAldc_=R;g*ZksKB%ArS8?V%k zj(&XNT8CBQ(Dze26sgqn! zQ7}CB*t-tDId&zOy2YBaa0m*d;li>|)F_hO*6AMOhzUvmE=K;g0N>8{L+#bw&uo)H z$c(rfky6i-uk%4vzp6N^V+N`F16{?)%)GBC#b;)_2IDd754}eYe^#r$@WMh_Uie-F|zVoL~fa{kp-2Q>|$MnyI%EM(CfX3eQSDcKy7(>eLB zfvDuItW3E_mfxcHdZ>KPZcd)3Fh%`v-d6rtq8Y8j32?!0e!?{Sbhj@^4FA5s@r1N0 zRk$!Wo`qYMi0&71>L*7lKz(HDe#ALa#eBtMdJo!Y$I0cl?|%C2_jGSG4C`Cb`oaq} z9Jby!oXAJu#3W5ppZLCwV#l+1I0=mzO@@`;G$;*p)zyE}ist@Zb*0DS)?>1Es++oF zzw|i*`8Xv8?yb)_BPK#TG&em>v-fhKk(k4JrJ@Ev-$U1$YC#+?~Ihm>jHcgmFfnw$onP7`8o=J>;wjcWJE^4`! zZT_y2Z6WTqM-};K<+Ola)p%cJG&(?F@?^?TryU)#! zh&1$!Cf&w}hEtt0Uv~vj5N&(qjUnu8rFE_>_WRXl*zIG8!JRsVQz*tu#i7$Qn@djH zHEo~T#X4?a6R3Jii&oYaC)>2SFcvK-z-OHu$fG3DYc$zclbfvb)}A#-i@%2??^TAi zt%fH-U!KzYWKxvL-eIg$(v|clz~RH&im9Ta;aV>^!@Xl#L-`um5SR(b!3rN8FADPd zbXEoy^8%_=FWhvH77PY*tZnO+3>^@6wai9S4t`Wd>185t*_vi^XB;vN!4(y1H(18L zQYvsXF@BiT(_yVAv3vA+9FT%wFlW7;b+ukNT&-{SIa-3`1yT@on*BPQ!{FDAD-`l@ z>BYzN@cpzEf6UCEe%4x)sr}BHiq>XXW7>4(z5VLz*7JjYcCx@cihxuwb^{)s+P>F& zSsV%5lo@G9vwp|nPZKeT;;*YG$uvO z$)#G6O;Ix*$MF(uw;2>_?1&tNZ>REp%CCXWx*n2&YokkJW!*j0yeKd|xs-WlaM}cQ zGjosR`Qs!t607&!&x&jM?OxeZ(b+Ul8!d}(xgiF!pv-13+&7o7*J_K>Gu6&sF1=-i z__}BL%N-u&tK~D+fR+KcPB|Fw`v?1R5u87UE8^P|COn~k@i%^Dus?L-CXJo)4RH&y zn(NEEpQTb<SrvkT+fdy=L;B%WWh3$6TV;w*y{s9{PgvdSn^OvGO6rB0wA0uZqC1jE>~xC}o~TCpJ`ZQ-Hts zj3w23r2@Y$N`&9Dw`ufwD0Y0%kdZ}Ju#?e6aQ%AXGso$A^Ud6gY@Mw(mr{rl(P~0AgXV@5=i~i**bXE%^=iFV z5Lr_+tFwvjlE0*;_QvDh@WZqh@t;(w%smVbG!;?8_wlf`Gn^vvooTlgAHH5Aj=RGSN$sf>#XOB=eaT?k z;SF1wvz$t+R?uaUf_gUk+#%(l^J|zC4$>Z)bG?U%Lk=_IEdpZQ0&q-}!Bou$>)4gL zb&iv%FyI_`Dx$gx`Qor_dWf2&iZ4CvB^0LmOU(NwIt#~dbD?0r#Nd?@e%vQ|@a1c` ze-8dN<9mhy#`gSW%MPsIwv?st+~rv7-|UE53e3^vJa*IXRcU4I7|S0FwTMoLLMRv8 z`;uNc(8Es50+u3`&}}@{d&_?7ak1iB)Z0y#OSf)OHCa%cr3~ zbn(}sy!z-*I*km95inYPHJ#d<=d$+Ian5CN)HHa|ghNH)?VCaKKOWcmEHiSz^G#J~ z4SiygL(fULI$TiKkfT)ej_cMbsz+Z>b59veS#!DUq6jkmh1kZ!u2*9_KpBVS85QU$G(=@NBZNz%D$GKHI4fBRCRJVa);e%bY)iYvUN{qBO>Jk$59#13>U)D3jQ z{lhC(l3&KO(4-JIq&}_?z_E~&Ni-#ht)DhXs}hFjg+Rkof(6?p685ITO3C+;#h%Pt zxB9x%*o|}=CvxgKa=S7jAUaA=mtAr#*d zgsJuE0=d=9o}Uu@g`_x~SfIU9Evdq+VCF(XDc}HE;V)Z$BJd+}nXGIga7vP|)X)pR z^>McDV@6uZ4gpyvf$Sl+$Khg`(aJKAwr*niZan^3s6WYJvbAV;C!cnRh26+B0=>h} zlZ(*vRxe`G%h1r68A*S6^2X-PCc$5ytZ;>oiUjC-sWDMf;^N}M?vwZd@tyUd1$UhR ze4Yy*!=R>x^7mJ(+08UZPBec-s|?i-QP-Z>v>UhlEbJM%t z1G*-t_o%&G-jFWZAx&+0+MBC4BA$yhFpd|-O)W}5{!Gy804&9o?~QILeP}D@az-Fg zVrulh4K(b96GFL}Z110aCL6~>bdDB&tQM}1GbxJCslu~^Eu*gMu-yJ?;m<%Zh5@Zi zIYT)O5iwm=+q-1e?ViYpS(=9r%Z&lD{qdeu^QR)@q*PXx0d5r;=#m)PPIg!HZw9}wxuqVnIuJdYMzJoYsof@RVa-$G$}P1pdLipvyvft4gHNZJTZR78 z?U2`{V{k$Cj*W$-HVzeRt#Ee!wxejL<>3KBx?AY~w~;*7lyxG5Iq^<}+w)=o0RQR| zg@w(0dfUHA6~A7o+h*9wLl=ql>Q8Rxb*Fy@w_~_RXkX$0w_pVcV=_G5nGn&x$#@;) zM`gD0?g7r7ItGmmxaM|T%TNC>`Cbkd5?b}%Bvn#VTpjDKcR-H$rab5rPJF&S%J-!G zqrVv7Gh8pa;YdTr(m0stnNk~a0M6|2*SfqW^o5^?^L2dgLWnxr4Za4Dtt^5*uE0w{ zJMp*56z|5Ur9$zC@)gf5m2fkcsvfrMwg)B0p!CYw$xaraQ7(SnUroCBYvg=;^DPBE zG3Gzg;u@|Z`ZDpl2N(i{%_5h6q0I!9r?9hc5`@kx2yAWYCy(<0#lieCy{a+D9zLNg z6*{3fi~&Zl)8oz{F@cVOU^SfnDI)K@A6EMEQ`YcY4oc!NvAH4 z{dIa+($KE`RAtxCCqtIbX3M1)Q4t=5dQB!9H5>HqI{2Qe%i%EsLKy%|!p!MaTLJdD z6RGHM)n-UoRME;^>afFX`&<)EC;@{+(|xK}wi#a`GKTj>Dl7ipHO`x#20|Y7cB8RS zJ8H2Lo0;_VQDWEf=4O(8`V-uG)q0P=Et8on zB|RV2|BegBrv*L))P-WcMApR10B6C5TZh3PVK2p=ZZ!oszBvJd>?*JHCRU_g!U#7d( zH=|{Xd4_fIuch@K?DLmT;XeppiU`OD|NgcjDF;z4|M^@^*# zacCzGt!M_%O9AVcElVNP8vehHxW(%39Z+Fw_LO967cPp~E*1IM%a1QY+5Pz~=GWfJ zdU!;6LJ(#M3Z(kR8R5`rX~i|W2quX%%`w4w+0O(4{ghw&_IT}QbHB?N6g7j_gb3Jd z8eBH|b|*`=Nr>W1+KCsQmpo<+(qCd41z8KcLw?O;pG&e0K@IcR=Zl#5%s45!)M=*0 zKolzKrC>?aI6GPENa6SWVbqUeoyvTMg#Wu)K+e*5@LB&NFP`X9Y6+RJJINU+W1)Lx zya`f$WU%&kJ)@dd7MBL|=d3F~YjP_dGfiUS$~Cy-X|!IYLI3xM*SnW)h#v+Ry$4OD zvjwwDPO{|X<$G{!49KsAY>UQ-0vCd-#ItT#i)#>U!@tB6h3z!Ao+fMR^1rl|>ZjPLuuZIPk{h>DG7}h^{ya5gPmAx>Zbs znxDPzSD0t4PpqCF;sh$D%MTWVMy1+#k-x2c7k})-BGu0J*xccK(5vx%IGxF|M%{512HG=XKn&jmk{nM87lUQh|Lqc%FCUoS^wafXP=P`f&0SK*N$`Bs!!VciuaWAiVzCtN7Y(aH713 zsr5W5=!q1Oi4esf$6>Mk^8QO8k%0lNZbVEWvEhT;n3-1k*uzkT6GOf^EiK)$*G#xz zgNJgW*P!*xA4}zvbN0Wwk*D3yO$-gY*lbzmuDkOZx z!10;x{_Jq~z+V5iilslBTl)96xkPOcEHv6JfuE_YkK#(F$o!0oTGvl=fbrvp%mc?&KbHlglAr7Zj? zIK9>4b}ROD%f20SOV}Rsctvip{A@iq8g$wI>$%ucX@LPJ&>>RW`1yw`Nfqh)j(c5thm`p}d2} zK!a)YDknS8f!hD4EJeU((5-!Rli;|j69LIBu1=4S$BZrKFyPSoO73-E z>OsoOn3>N}a&l2^6wEw)!`al}Fo|wR(s{TNw7MFpq?g-$GIPD-rXq$GP+Zz`O^_gf z8gyqAefiKh{Uaydp|?Kd^Py~co~abWJQwtrAoEHIq}h4 zlheh(T7ciB^?adAZW_Yf0T3I^YNB$IUmb~^{H(&=`M&=wjHd6RSMjP&hqfQ2)}#5R4AW608UE#&7&c%wAw!3%@X{(r<}f z{p*c=xLk*GwD&|SVUG%B>ijI5ihsy@OCoT_}p^Lu;ZSJR&YSsZv~HWb8n5~|}sGE_Nx zWVyxdI`6Hl=fV8jAUVJ(uQW`cOQ4IrKY14@rU&f5jEg0TU)g*xT*5+_yT*s}GEeX# zIEU#7UPz%y5%&2VL^c?|8hnA*Khar@jgg2}%wvN7n=6YAnZg|ZTLSSsWs*JAU)n7GJjK_E`c{ysi0$iqtkcr@2&*p)qmK+F@-2 z^9gD?(3qU>r!v0J4c+Xd8)|`0PTXh!&o#;+Ec%Blb5z75QJuOIKdzY#SOhGWYB5%= zhT<{iL>LS5z0WU=jv_z~{iI1vRQj;{VxOc^g5U$TCL^SOkBZ;atoHaYsB7E**+)8) zUam~8AoBV0p&DFFMq0;h|G{bHDeUZ{VscBF#?rvGAfB`|JSph;)8e8q{EZL^+HAdr z9k{`yeec%jsa-uPo^r$^Q2zMMlC$c;3s6zk{c%g3&LrKL!wud?`KE+s!jM(+DrJse zpaYJC9H)^Ctpb@#;-LG3}Iak~c$taapC6J$K5>ih$UyJzG`_i%H?mYy)%5MccSnOJ9Fv~qFra@5?d!U^; zAa#Yjgg$`O2cssp%7bE>dVk_9#s$4zdiR>A^m!tV9rfC3GHiO_ zs+SS#X+S27Iw7kh=)A(ndZmgaQE5k`*@Lh(*oxji#{b@8I7EynGa+8UM5%<&&iB{= zA1_6j#uE!-?hh9+_903Y6~4c~UkTjlM9#1g9jXf*SZwi2vN_^MeT$d{LZj_bT3buV zVW1Wb)zw0)X2c}ih?wI4$bsgA z$aJvU+S(I0@xaM71+t%Yl98A(ih4Q<&d61UX!kh##{u_0ULLimE9}&oNWN4F+<*$? zhWhZeDf!ocIQc09M|;fYoN^vfWH#!B!%tA|VE4y9yVvYe!|Ya&mE}FBLn@^Eg$T!M z4Eko!wIW%PkBGk+vajG@^srfOG_Ej`fbdjllBpA=*|iMk!^n@Gp0{lJE?BcD4VbkzJ) z+ao#^5&6Xw#RIrvb$0{}nS-j?|JHS*2U)*|)2z?=`=G$SbxL?nbN=4uCJkJ5J1X$v z=kbqEJC8WeVd*F%qwiAfm+R5`cq6gjd^DZidV_<8nk907MXC_X{f4XaYpd&tec<11 zF^9==+I%;YKo0&ooa$AP5XAl$dB8oJ_I|Cnq~JG~-U281=5wfQHwV9|En1GBW1A4vBd zPkmyiG|b$JuPPGE%u%2IIQQR9BVB8p>gdImpg!cXvKo8jS#(wnPc+yRaDHmChnMf> z1ce0ak%&24lU1M!d0LCPERsYsMV0KZcpmBkx;CCK6fPtGe$@5!cy)ey7*f;i>7b{S z#X0#)P2RBX(RFVxt&LwM^LKWnwolcTQxSv=^-0#1c`g-KD;QU7cr$`{PI|P~moR3bb9d(Nk0$9(7zBzQ=#~>&5n+gCRI2*c*kr zdt)YGFdE*1PdJY-Q=WUye;p%ZuET;Cs~gc|MUv(2KA|EVAnr%sq4MDcw{+Y!l3m&$RH=+{oG#4?p#}h#sk~X7>O&TM8-dC|6}raNa9xsuz@# z8GJuArvY42m}BHThVEo{jPpdn%5Qdlz?09<>_7h^KDvtJB^A%d6a)znx_8tP(VXx% zO`?1L)YBvQaHCa%t=3 zwq3DJvm5jfLaAWpu0hO>$Vw@70X2(u&no$}Q*u4thSAcBlexZbGk}DoXmK{=0-ic1{n6w5V^}3aEpQJ0ExE$2aItc!lm2FZXP`S9xs55CWw>_^r!T zHiC}|P~BoF&r%yGb$1u4pQS~dO?~pO6vOugoKL_#p56FlLl@u#{4fr0%U~)?uE}zP z=cpFrQrko5PfF?{*vfat`{6kNLk`xa5_@iUM+*BRZm(CVj8fF7Sbp` za=OMmbKF$L!B(G~zKc=c+RU2tRj5>^tR`32SzVmnHaUI`@Y4L@31Ib)V|w0sGI{x9 z7}2~qm$ZwO`gSX$rTeWnjq?; z=dg3m+x}7OtKW6^?_Wn@-TG{2ZktWN9Q%n%1!p^2oH1U(2gFZmBL|^{g;(K~tQClw z_D0V)IPgIl>PHm$!2CXY^#)uVSZNtzAXT|h?>LA8cuKWlv)F4E0{$^I`1Qv$7&Z$W1EpdS4(&AGcYX7V);-+m|0-adkm{s8qnSUaPAVhQ26uA)YXp zdfW8uf(+1Ols_jMt!xRIr;c@*nipfAl=DD59O%*!d?TZ4G9Z6s8CKQ}96`XJz0fFA zr}mwcWD0HC*y`Uq(McH16B>8kquCG5pH5T+t$h1xF{9BN_6Xp7``@s8qL{K9jqLvl zKPd2xkJXhA{l{gZlme~1XSSzevtNsPT>_HqeZ4eUW3#G0`s8_?-4Sak{LtMo`$JMS zI7(mH7&wwTJ)8#-oEncmxfIBHSg%ZPk)zf4NJyZ~6%wiR#fE?EF>2@Ux1#yU4X8Ws zAUnQi<}{CRdZoST4c*Z$us~c`2zY`o0>Dj1-X`&dR?nl^V(5@H&*#g?_Xv(q0Q8x- zWDhWXe%j{7zFBHr1TcEh9xW&CWks17jN=$od8I}A-b!;cc+s37zQQTspcGLhas2|D zjKnM}{`ScJ*RUW^ZToD&%x6FEFSy`|_rbX|JN4>IKZV0$smZWeOb2#qa`J=Ke2LTJ zK6x9=-aM`5=P8%UQ=um8+q?b(G^#?Wjfhm&($Zey*AdCG)j}Ccplmv4NnJU1W)@8I zRSy;Yai9)d5^yK*RHfZ;HJHM@eRfXHdk;`j8tw4I+USH1I%VTbNL){A2{DLSN9H>x z*}PK@bf?N0yL_%}lFF^ha>(Qv=IlxtZa;th562O*iMIGr)2j2zi)bNIwv)V)^8;ub z1D&qxyelO8^6=$x7XQ-~WYqMQ0WY}crdq7C-TZbiGgF`bHw2PEA9z7x8ZO94cKJ?C zjEZU!TaPw^01sQmg!3QsG8!R-bV5E7O$j)fLSU8D?jQgnwH~wnU=yySeDsauD)0Wd zY+y-QqJ%;mqZxq2KwV2K0AR1^Q<$tH>Dt5qqKN@Q4h2g5U+#&h_r_T&hxp+Z2GMTXEYa_t^i_ z$O2AOJoU)?D8DD4fESCTYO5(M529HW04$WSvyDCF=l9TY7sbG84Fu$F#%K-nl*jPY=nk484ej0wo{+G{q zYwjuEba@H_7QXS=a@$Qb14#~&u~5w`DProC0U*N*@A^LNcRM>$3n;kJX^m?Sts*`G zO7NRmLiF|$x$ejFJ^&yCC@e&NY3qwM9xTic#RrhU&G?sB5!3k!|MZ>0FS32bFvbsY z?dSnvc1IRYN$#t!TvqGI{-o4TJi8ijfm5;-`Qy~*geJ9dT4SO z+C7zj?(>C0Az<^^H-|w*^n7uGu!4z>9*0~Qz_o?7dhP`?xaV<2c?rZv!o1Cf33J{=_=LMLO;`pW9J9%+_X<7Ft zY2tb(BDj7aQ{C_Ww`XT=dwPB8VQUQGyJ_rYr5wFFf`dK=6~%Zeea9Wmr{II8(q}7V}v|Y){O(zIp6q5g>}ChP0_Fhk(B> z@FmE(fuU)l+i6IV?mcA{s{dQq*db8aSyRxyplCzy1a!unZIYPD4p;!u63T4mwGUcg z741=GLqPN=EtDhl0v8Y6bf6j&4^O_7!KLcshY{ADd?_JLnbp=R-@_0un}Wt1@fN1@Jh)-EKwpu1xPFRJA0;2!kGb^sE^R zNYpAA$fQjGpa%PfbMnUzH_QYnc~gp?At%V;RZIenD0EC$&3ec05?3?eTym7_$b*l6 z`MNkYV|io&o&q3%(#!Ym?353nFsuv#I-y)d|7HxLl&dJQo}wNlpXeaT`OxvrPmu8^ z?+((7{9bK>C&Qen`>v~_mw^3u;(N;tPzi5D7JZ6)O>S7s6A9DFKnh zlb~#Ap`p4DYdSw#TlB-(&c4rdTXxGHCEp(LTR!g`%^AH9zrXa!InSQ?o4>wdpejvM z=*m_;thV8pjIX*CAuwonK z>6sqct__b1+O*`U_mC#?q^Ez7bbQgV9?L9zT(0?xH>3}AO7-KB&w(jPz-~i!JLn)u zR#w(bMXL11U|5Xsd2leu4vTj^`D|(Z!c^rTp0RYk$+U|CM2^oe4eP%v&+pTzU{k(7 zolW$Rl1BcF8czYs-+8a)wdA37n-U5SYA`FihZ7sI7}Mryy$`}@7sT>7+l&jk{q;pf z_`{X^oxuK!s^|4rb=#?&rC$^HJJO{S!-k|)Exz)ix@+aKX-S(A89Zy%O&iQFX_jR{ zh*9X`HKjAw9am3Iob6|x5Tk<|Y$oXtE8^0Wrc&^tV@jh%YrsspgiV|4UJrhZPrusF zdU0f)uATlgHon)|dY8QZeLeZcK&EuosIXM~UfZwL0hEI0?Q<+Sx^kzt+~I82w$RR#K36K)A{{zml#O%_GQ6rw8b&AW~Fvl zV251gVx)4{6fZSsH zYAD8;`=9+~AgCe}YrrkH4q7Tr%=&#$w(qAX4$r=cJV=j@&6!;enoL!X%B~b*F~l~! zly&0`@;?alL)Fm9y`sYKIOMi~zFfD+27QUsj8H|cq*oy-MkywMq1OTs-sAZO=1!85n+46M-B_=o!(;mM9A0m1!JkE$kSG7){ zP)+Ar*F_C-!9RhM=a9BFm)mDUHEAQTKxp~U7?M}}HT`ddoL3<(&qWXCL@$#U;4&F#N^@jJ>W(@I~KBtEZqJmMzCVcr7EDQqeNpC6bWK1fU>Uq#1VU# z%z5H|a_%!4tO-Kd7?{thA@|Z-KQal20klXAy@t;nZI3+|>;z5Q>vyR+tO@W950P?m zG`QYY_St}|N>~Davp3(Fx_vKTV$mO_(2fe)js@NKyV!(yj`}X7nTZXa#YV_ZG9YdF&|Q)`Twso4$||>Wf&vc&*ZJ-9#Zp~l>7LkR zmSfGR?cv7&0xk_czmwYSHY%c}U+bEs-X7nrQF&11FeRnMn`m>QdDv!Q13!fylaQR^ zJHa>AIWc(nXSs}^o;#`gGS|ySS9bYWIb@md`<|51dzHF>HU*Y{#oa&M&uVAeEANCX z6hO(vS^R+c24ooeDK@m9MXyxs$&8LzMp>_WWfY}*pQv5oELx{lJVgC0MxE`#%YB8& z>p!#MrYHQ&j-x5~3UFBKtWIz7e8q=kqobI#tt$=QShu))cbB}lgmh0PHeXd6mFGlR zEsFN7J{ObTSV_2jEh-z%t8XEORopMz8 zd>Fu{Y(%PZo~u5YREg9s&JD|)TJh8IQhUQsPhEd~rnRuy&U91W82yzddo?KIADpXQ zN`S@YZyNf2F)<4#)+7ceSYUx#%YUl%HBqU$+AMtl0Z z$DXTEvW3f(m}S@!h26ro{q5%BkSMfmk~hQ?qjx5@pTWVhw%q#H9N+RTk!Krw?3tfJ z?$Ed`i{`Km++0qo>b)*!2A)F0;6k*E^J$a7p^S@q84H)Cd~8xoil1qLr_ekYqi5Yw zqo(V~Yp$pDacgKEi5f43OA?N_)mDR>6BE~&=C>Yf>KFUN+FqegQ+4_>k`&%@DikRH zC0ahh_5r)1R)&-c9Mpup=nrRp8>R!7^f4RRS{CQwc7UXjpq{nuaR z`Kfih`uLL->Sg0C$agBauH&}U>lDv7{ippx#m(!%+7#pq@bh}p0)E;lnPlFw{J|G| zZqw!%PO@KrbMtGq5JLMe)D-Ut7q&hZdpD|kOh=|I?dByAA3wyUc|QFrd@XD>1Tf1| zqBxb&fB*P`XZ_bK*aO8^#+p1j4H-QoJ4O?WO?y#=#W4hK0AHWh_J3D{YRI`eb%yjY zzmM+AZ!uM6x=kJ(Z!Ro`q%!8ZcvhH(ur~U{ZqR#5=XlecW-JAKd&O$fb9Bi!>^{tc#jufuqjuj;*73RE?=eCu zAsn_x%NGdqw+TZCQKKxdhF;CR2w_4M4%#nCI)0L|V~vT5>w6T>p|DpP1uF2H_cxfU z%_}cvF+WZ1|7H-NQ$ZYO8r`p&St5>Z;}~7K=mc(<y&Menf-E9?pyz>zTXLiN9T=C zN8OQ0+@iy60vI%CP?Xhm(oWk3qY*Q?m6Z>WdS9SA54JAoHm7i#%4LMVm06;;ha_+7 zp-Dm!S_#v)87B7S(4sZJth;iAT!4Q2JGh-UplkouyL|j~T3TLk9bgmN^lY25h+aAM zUCEdl5irbG_h|0Q#!NXxWKAj3-LZP%qSE|TDl5mCcM_K_F^lMAX>etb2Phx<&$wDC zIWAQ&l>h8_EB@?`bkOWm+?=$!H=|5A>bwUGVY|0e_OqA6k;Sv;^0W#)yJiSr{*d~; zF1vDB5yr7INvVuo2jL}`k<=goyQP=@4jVIAQq55m@8CLMKd&z>Z1v>jU;2?b~w z-`l4wrU64WGStl4gND$IntJ~n88!5RA6!y!#9T&xfQnKUm#qugCSt8jpKbifI9|%% ze;!QJ;vL<356VyBgyc$q4)xr58ozMH@c2Di)Xf+O+AYzVtu&N;134Hd@i?Zj*1Y~V zBUs2%6)*UgsmD-4Zn_`b_?!;S;itXhbNfM;l~@!4Zq`cl`_P#}WYfgGn*y(<%f6M_ zD{WJr>E1UWCk9I04ysQ`sP4MPdq%;Nx^Whj(~I+7n!~DDv-e}COJ3wb?p7JoC4AQH zCE7gQr$iwyfQLdNbHd&E){U_s=4L;m)d~$Tuhgkvcd!1g_f(U}B+5B|D^NcF)HiVn z=X*$q8P>&LK>kJmhJ6cnB?(c+AZxyTd+04VUf7DeUt?L-I`HjUF0aAgc@g8y(*4-L z$%^M=t1K~*|G_yDX;Z@@F+JXZ4y1nYc5mOW2xZ-JEF_~^*kk8cZ2h}8i9BwXewMI# z<2k<`W;MkR9qnE-JJ~OVPIS8H^hBEviv{$m?9Pm%a4A2~Q|eBIc*_B^%9-GDlA6@{ z&b3*>!52Urwfg+sOW@LSILW*wVpHPT(3txKY?@qvb4p=%08?`40Jd3cnn*vU8qz3Q zBqFC0o6ciqefU+<>6&9A=KWjRoY`v}XhzoS1zkXj(#{koznWH zGyrRz#Hi4Fq#cvoEhiEcwc$70A^%iws=OZ`;uGM1%|X;hsKexVC7mi*b9^lHTp6x= zOVqekPBfM&VXO}fTAv6AIF)mkRybzAV$047x{YU;Wlg_A3ge2LzStSoEG!*RbMayi z{ZkgEa&7vtylwHcG=i3Ic`eY9JT47c7at7Mb#o&MVMBGlHqkoVcmC8gLXu8#uBWQ7 zsOW!q-L{}*#zoupIs;q8P4LZp%ke4y)0W83(>5HnKeL^F;Zxf9eyEDlkos@2*=}g= zy17P^P^A85RUQXp4s3=xE&Kil`7p-Rvk^1gBswPH;;h&v!;Y-$3p4oDFG&^XHWey< zgYa5l3lmjwJ}LpQC_X`Q`;p%%YKeG8_?EP|LXY*CSr2JLY&!mEJJ3Q_i36#!1qf8$ zP>UPKf?THv5VMs3pN&OB3({JC)Uf+0^%qpcHIKWF9!07myWRe^5~TIr3tgg*6}rW4 z)FGD0l?}Eszc`VZnEvlJ8q2F($HWMxz|eL+42tVF)Ts4%EuBjNEV{tv*t?H)kR(wh z?rnu>c&8tmHSsAlD=C;X^j6dxiWBkHc zR_HDGI&P!N#cEFtA-ag;<(fZvL!NM>BMze+9}j_()Ikp0uG}Pu2*#(h1p(~>^LbG$PxApc zMBA5;@8v&_Cp};AiX0rB5gfMgG`3!j{h=bXTMCpvCH3wKe+M5?#s2sU#+(%2I$bV3 zjBjld3_2tP!{+xZ+(A&Vv)gxct-K|NXnL06rMq1lr1N=$PiJUgYZgjfo~u)~5K-Ld zj4<})r~ZD=fFhN<0#Y8}fZ_b3;W=QsRl)9Rjs}uz2kccdJ5a^kbI`xAy!~;-&)RQ$ zYe8${z=I;TKjd4bZO-@4Xo{MEiB_g>pj|WuHym~ZJlg6y)t0~bNf&|+cre0Nl5Y~Z zW+2Xh%bvq$c)=^d7uoI9U!cF_2;Wnt0FF~$O#seQlN7<$Ou!wgO&R^)W<_!A{#E>k9}Hr-j4}La?fRhDjIb6Ba}FnB7+WzfTw4z z^aqJhf=4@jZMJiCmkqZRcJXcJ(yClIebrsZ8{`W3L9I%IZ<4`~x4_%{lz0tT z6&T|?Flr(oFQL_i3UzDr??I|)^(NF%%H;vt@bFpT?gSwsR_M*#RAS8xx9y3cLzm99 z*h3hBo2eta3xKM zD9gzvk_iCP)?X(}M&FR6iv>N+DWqXzVPRon7FODa)*@G;8BZK|-m@nZsG({|Lh8%= zJjT#L)x`WR>%D-M*4eCC(&19w_RZ-=bDoDqLJY916(1s{V0LAoxkOn zB60aXD4^d>V*ci0CG+>Qt?>qL(=%Q65+!k7S^|X9VZ7|g} zb8-o2(erg22LQ}d_|4FM<;X`^)MH+iZNT1ajv@PH`n zv2buX838d`LV^M-`Y0l=}{R36xqVM_3_6e__EUVjCMDM)*j(wBM z+A#(p`vSY-UJ7$jRsh>cFTRSuLw{n9$o;{edjWp_=EL%e5s~BeGU6#kG|m`895;%& zOXwHvgqB#Fa-Ds4kK=02WG}Rf)?n)?Ku7cbUfg)*X+*oI0e;_4tTp2+xw`BWus`AySV!)# z)NY}$NM2w(m}6OS>(QZ1lx9n>L@33yi4`is_EN^H0*RY1OgTkNfO zyn>Fe1=VK?ZDXR^la5{`3c%8?1Do#RRyHhG;`17CODtK8n3a|GB!to-nt&~6rs-K# zP@i#J4&|78+UJS>SPy|_QzAvnrd@E~OK>mq2o1ZWs-a>7X2V3gpf`!?4*uEaT8<(o%vD`hVhm2ZJN2%NJ_b&?wh9P`0CJD>Y_-va7OUcdA}Yfv{-`uZAl&PyH!mRPatZV6U9Egt*?&+_rNWvD;rN z`Y%Ah1?vjnf~H{vekrlHk<;MbGhu(nBY&)Wn33&pakS$m$ z7ugf>Iote!^s;pp0g6uv$vp<{+}YJDs7)0@Z1hmFjpAOTG)f`52%m>40R!tK2E*>2 z@b--(kk{AL44i%s)R-AKg}nd+KTQIDD%#oHswogMS=~Ny$qTPrZCieUMF|Q1f6d($ z#AP{h;G1DNoIZZZYYof@@|`xY0c^xo*rfoUy$%YTS>Og_sj8a9k$^Fe^#k@qVWe+R zkqPPjRz;ryDD7yDNQeEqB>V4@fug}KN(g{s_Ne&^FXBP@qFne+cBT*tQlDOlmajXia@xd$X4&D`F=I)*jGzS*X_t>n^pUJE;Fwfw)n|2fI2t?4;=R7`B_PN(y~*nAd1zRt<- zenIG8a04{S1DdQ!&ukrG=->Uo8Oh+Q{&IM;TKynTU!hJ6Ojj-7KWjTK1ecXU0IryU z%T@}xo%m+?mQ$cxf4Mp?(83jPp01sDcR&lH*40oYVxz?nqJPdIon{{*T@Jhtgb*+o zhKU3+z;8bLNg;Yner#=b31p2%x|;ufYt+nh{%1_3z>REq?D2Q%yFGGldKYFYZPa0L zX)L#w`&FbQB-ZM;v9$lXssUMLiU#-|82SO0S=gP{-pxS%0}RR8*<18j*dk4z@_ z5R?QEvG|Ug%>byCdYMgM{3|^`C?a1eqgXB44VY3$t_9Gig&;kibsS{aAmG09UPeYn zm*KI4*x=$xfh|V%bE9*WIxw>k${1j3!&Rw})zCAAeOv)g@t>?GeU5$cB49yq@@}uk zGjmjs^??OAkav`1jI*<`X~^x66_u^*g6!%)kHm|Be>0 zGYSyGzo7ze#2px(paSi`w+J+y1Kigf4kE(;j$IHKURKfP|805zyuAND=6~Pje~p&% z Date: Thu, 14 Nov 2019 18:58:47 -0800 Subject: [PATCH 190/541] fixing links --- docs/source/_static/images/logo/logo.png | Bin 6529 -> 6900 bytes docs/source/api/index.rst | 6 +-- docs/source/contributing/index.rst | 12 +++--- docs/source/getting-started/index.rst | 4 +- docs/source/index-about.rst | 7 ++- docs/source/index-admin.rst | 10 +++++ docs/source/index-installation.rst | 11 ----- docs/source/index.rst | 52 +++++++++-------------- docs/source/installation-guide.rst | 4 +- docs/source/reference/index.rst | 1 + 10 files changed, 48 insertions(+), 59 deletions(-) create mode 100644 docs/source/index-admin.rst delete mode 100644 docs/source/index-installation.rst diff --git a/docs/source/_static/images/logo/logo.png b/docs/source/_static/images/logo/logo.png index f5f0188ed5a029d68259013baf5ed9be9832315d..a7a4e61b76ef38ddfc30a3e157aaae6674120bdf 100644 GIT binary patch literal 6900 zcmd6s_d8tA+s6-4mqi3gSiOrDo#?WOng}A6s2f69z1JXYLiA386;_EJy{yQFC3*>> z_uj(lCC`4of5r2|IcLsXGjqLXu9;K0M^ocXaE4jjD&I#1sUP} zLJV?A_)xlP!aM+giTA&UNXvj{9{`xqS`XEXd_V2Xv>8r6V#obGk`#0yJG`AP*O9`v zRCr>`R}78H2RrLFeY!V#*C+3wfXX>+s)3@UPdE1|pT5Okx&7PeS&iARnL<|HYfPGJ zeNFQ8Z?jAP8F|6E(HmTIF*6e|K0Z#+m0R-9m5c~@OZ$%SGf#>l1^{2RB7!UnIw1gf zd;9-=b&eae%H#}KHpPIuU^J*;G{s=^Rfvj$BR1d$kV~~|ZfSXPuD-Jy$)a7XQ81eH z(IrQypzh@4OElRmGXQ)Z-qPm`RX=%DdNS6JRwb^uWL zTCc=tpz+ry6d9-$Lka+A=hKE&&-d3JOSjSjfHCnmmFbziUo50=t5+BHKO1arwIFHp zHk6+1x_kaL#kZpWTh!sn>?l9E7U^m6_h|lX%SBDWqrCZn8^BvgOeBbs=G;*OBXej6 z@5Ndlv`J==`Ey$G+Y%#1o2F;L11Sb^kl@QtTzUY|s~i#a_i(Mr&Wa0skrKG0XVH2v zmfnwDh-A=oUJ;gAvC(78QoN2Ji8b8NlVg5pI4;dw=Oy4~QfSk>96$=>$~wOh>Kw?4 zTQ2`c-smw7_ReLQCJdOuGU_KcosHC(@%{HD+5b7Ge!619+V$hM)L^}-8~G<{>=(BE zaqDgDLpp@rVm@qGmF7{8;cLAeaXTcF(ChGis@N2tpdMyuS^TwKu?0Qf%Cn$rnSgXUsBxA?D&ewTsp9rQXa5Ch+nhh;VvYfpRK zt|Ii({?Hz}Ht@!r+)!~D$db<3Kq0L=!|kVAnk0^d-44YS3E=C3O45r8(O16TdFs*X=m-l> z4*mR%6aT6PCbGAaJkUwC=twA$Z)$0gyaY*f8olD~pa!LOv5LaEj(Xdg%JLlmP=(5( z)W`A$+ZXlT_^%W&*zel5{#1mp{rdcPyfqO{1OSYIrkC1b5hIxl!xaB2)%mZYmEk3$p|}La}QK_$8U~IgYT4pD$x^^`ti_d z@%KXuw9Lstt8HUK%WUCza(sf5&FW;*-w{PfHaJfZ%LxE-)scklIGy}l0%1qbgEyEc z`}6i5qeQ2>@YI3rR(rZ;rIqA;0Dv^$jUcAXRx|gi#v_{jDJkHTccu>h#kmIu>cs|m zbi3RVNiqeybFUq`rc&>9xV`j?Fcr3>Bgt|{BsqSX#i&|NeI1o{UeRt*qvOfq;@kVT z>Twr$U#Z+A^FIUBSRqY|45)tnDAkbimJaLezFy?xW9q4@Hps(~-dcr8)!@6C{)u?8 zlpjZ&Gy?(ahiT90NTyN+`wA??D8fE)-dRS@Wy zo@LU9UGUK^Mjj}}r5J1-l${)Sl_sA%(&@!Tx71_)dWzt^G|L~K-}{?puo+(Am^fv~ zsX+=O7!cjkUi3@)s7H}~gBI&Bu{xL_xXI-#!aQ}yF9_KklWE~Hvfq+1aF?XrB+M=& z#l~x3yh4p`9T&GGCwjT}@WflQQamE#f~Nh8xSzS1nzzM7jX74)Q93A6vVhp*&p5TR zvfi2FC#>i7ZlJNPVI8*4Xt6pk!knWjR&*}!IxhVk*0+ziu4Cik0q$jyPX0SUX94ur{dvZ@+$k7fW4w^- zr`ccQd-XXrh&Mt!n{-ZkWN2@ka^X%3ARdd9S#f1DjRCDi3$d`d-`UCbo-f0kShtEN zvcDyTsuM3|Sj*K%v1?l_Rpat1hAMh|MY8Ag^xz9d@#Fj<<7?%sL1x8V04i5Rwi{{Pmad#U( z47(?*9;+9>#CBCp*qEXL$!R~GK;j?Py_JD2_xg(lRSNlZBo;o`k#%oV7VCE<^;H8y zzeTT((P4Zu$`(BUU&T7+y-n}Zr(wd;SoSHBC@1$Pk1)X>zA#o3M>s3C z4Lfo+$bin*@}FHAv$+`NM^Af`xA8@@J+}>r{Zc1-o(xq_6f9a-t=eD~pm#5;7tyey zeHritG|^8PBn!o#D{agsbT}H}Paz^Sdg~9Yf=-&?AcoDQy=O{Zcq&Q`nSuOv4NNIV zF7{{0%1g5Vf4nryL&K|dF(!Y>gFul5@e!LMIUfDxB#&?IBMyJN`zkF%E#8^s_e>S+ zt|oZeHY=`GgJci`L$waS(O!@2hBcn?@*rTu`Fk1iFbyl0MLAK(N5v8FcnHGUCV_^d zygjcSzQx75{X+u#$Q|rO`_l}`9{1|bcB~mH%sJ>m|B$xFE@*%|E@XHA3zV=+L3#c zMrRgiY3Tajy35s66XnC5!bRY|B#yR5;ogL)C*-uou~VsF@$v2mnEdi#0j{tLu9 zc68qV9!1J5$WY9{9Nbp*)>lhgWT8d#IHU5&m`CWcH!;m{8F>(EO5} zo<)e3P6e{8K2P%toJy%6b;tY8x!lh1B!k4VRp#tgGvBY#=2~Oyb~KDieKuggr=xBy z&t$}@EtWsU(TOVX9f(82ye+@%!lywwL2A1$-oWl-(C_&QSP3dwDEx1UX<<3jTd!f7~LXqrOqZ9C{;#(;R)Pr zz2k4|h8YXUF39D@t^vb)Cs9f1l1in2*bW%SI}qL+(U!jwJ3Q7rAIQI@UkS7S^y%r za<#X*1fDUY6Cx4V)>S?8RR(WOWn?D(^sscw7CG14XDN+{tlfMAW?Y z(#ir_*3&P3(hEgNWuo_oifaYmA&OA3h=H^Z((bN0Lr|Qy5W~wm*TAOj7Ny{*At(G4 z%_{l%e=EFhDi%?K3PvFmBpD)7Y_b#r9Z$pci9F*F{>44}xDs#>p2$qVY6J4dUSO0& zVYkbma--U*UeMR`4FUx05W*6LPHW!BwwoVJhETMCh$@P2Q14a`8V1*p69)%*x* z#8`a$${Cx9Q|N@=`u~aK)Q(BoB5e-ikdwvBO$$$bmi%bVe7-(9$pH18)}&sKX%Xo+ zbY^syxFj0wk+H4OzG2Z|l|&ev^bZqz^YbpPB2^gXM9SoOokQ$%5Ep_p3#LSmM#YJi z>m}GJrb#>PlH%1+w!@T+0$jPbTrf)h;gVL65YE9U36lx_M5q? zLB$_b_Vec;vB=cysJ2%lRZl4xyOt&DEL^9YM-C^V$hVejO1-q;J=j3K8L1;<#l*v} z!ZDjA4ECAI_2;H(f7sZ*cKd`+|8y>ylfJz431dMK^VON(43h4w>wNLMWiPa6>o!+R zn%g=SUQ|gMwydxc@f|&m-j~PQKDe!WZ-;iu&J4q{%;ztJ@kl>_bx8KW=R~gw;U!<) z{mow}_1!$ZW@o<5>67^n6&AOTTz10B{vOCobIe@3P^(BJE}8Y5T}zCi#rq7ZBE(+P zVAYy@Q>=z)>y+-X>6`@HO5lf#Vjdack_drMd4cR&&=`hrIMOE~RoRR-o}_lxi+q)3 zliyBTc(XXDf9^b?>$9##6{-9YHF)UxbgD7v*;4#%Q}sI1`khKxW4*dRh=y5l^EHM_ zhSzDwG5}BhQ(?;`YQc1hIdaA>j6K^Yn#dvu9n&b>>?TD<_ z76EdprE!C>D^Sm{(hK`9JUO`xGpEIpKbs*oe#&Zx=KoM0bWG=L&E( znt*T0;hqCoB^%E(I!$Q(NYq?c2T#!=aPKZ|`BZ}n-kHrdg-d($nZ3G=0t}mBq)3BP zAxJx@@^|<8z|I~9sjhhJ-Ai`KFG4twKQ@bgfe9{yKm< zZ^IGE8DHTgC*WRKfg~ry!R9)|(8Vf}Xafxedd-)_5!sKLa!&d>z#Vv%pWpoCAmBWQ z&k=5)xkDH8UA`V{l)s`Ru44`*cVF|#2#htj2Z>#7Aw{Pp-erUOi)~i(5m`e>+7loH zT21NCm}3)0g%sTa+1K14<4oE|7X(jLFVy3X7{LOhaiqK(Sw8gOvv!v}bAjNXpf|V! zlPS8a>+Nf1lJE>)_|1W+)pvJ+ajV{eMd;oF2es$y<6Bs$W%8 zD+nUVHd~vs)~mFw)pR%|KR!0U|tL}Jio{OYphO*pPZ>!hWKy&y#K=fRj$j3UN6 z-2U8~jb?6@AuCvfbE9=MCD7y!$Uj{H&85Nj04AwCTn&=u@0L4Lgd7K>(g|^1qNTPY zFRt{#)26ME@(nqBJkB_L3Sp_qZN=$+{_I+WW4ihvG z@lS=xXSpPfU0RwgDn(-u$>;udlnl6V`;q{`z@C7LC|}gM$cFa4Aq8l0mPAdOFc@NIL zNTWx{Vuu{Y`srtJA`+tq)r%txY{9yuRC76VinNNiKj(2dP-H-i+9iDVoy>h8VW5>w3XZD6pojT?!#}-9VcXy6h>A7 zO3Q!sW_90_)|LilfSAV4KhS&no^?v=7q#doY?f&%CJ^_hh}E6z<$6&+AC~J7p$lDHU zD7!(nSn>;{sXzQYXkpPi!EjD-WbSswhw4y>YcWria>gkz`*5=gdp0Df50&81%kn=6 zp4JazjVgP$Pc!M2N}^ z0(2mzXv54VT-sPPY7cG8_dPZ6kI=E*@B`OT&u|f^Xa(tOzp)(7yIgm463P+YLw*Lr zI~zx|wnU{dqh7N$fw3cY2Nuq=NrmSOQ~QJ3SN(`6%vLHfu1h?cJI>k4@^+(#C7&Qe zkcc#gXh(7Mtd2{+BW^bB!GAn%E!gl4=wNkrEBj+>Ig*OcR1Dv_;f%t{#Ou;w-V^rliwjn_S`Ul;w%Hm#9e2!0faP`?$Dj!akB#(>)8a?KI zH3p2w?6V)b7GXQ`9ibm3zQUbg@cBdwkStZ(>5KB*S`F}rox{mroOdbhVvv#>wp>#9 zchfO#UMBs`NjyBl(iC?!Iyf>dx?OQ|k?bQe2T26Jm%Lbktt(&Q=s-`!&Xi52DwFH@ zIzFFx1HLo0L)kbbTedeJG;kBp{B~rtZiS+f%2C*M*jH`JIC4txpuEGcCzi`g^&*Bx zli^Rxrr%?xf7KCDbx5vL_&q-KI9Ro;6r~0zih|0YCwBqk+gX9i*G3$Ns3IW^YdK2&vq4yMF%G$y?7aXnlGDTeR z#~h1%(0TdG8%PqQ=QAsV<&`G#@DJI_lPM_=5u`qase5qJu1C&weZA*(H`(5j$ss`t zO=@v{Nu>Zs=ohUu8n9Q^MANr`W@3BGu2Pn%N*v3W9#Bc`ckhi|VqV8k)GX1K>itbs z>(v+zicT7h2k)X7`9c?eTF21&3j)GWls<~bgm8aIj1O5x%Cb^1a3d|EMr6uzfVNj% zSSEp*9VX#U(p-KJGV0wZtI-Uk2#jAeo?-cKBzYhI7w)uskm^YWYz-1JhzC)BtS>PyC-E}>^S{RZ3YTvCJ?)VnxA>>%w;mKGeP;Lh=%X*eBayl@Qm?b!`mCdX z8Vm8})qIsMPt843sz!&aLj2|SOw$<{k;hs9lN_=}n&}fgW~mqRY2jHmkCCo!yx_}+ zAccDBsp1!IqCQ@aS^rS|^k6d9p%g#OS2@3wAkLpZ(F6E+_D=w+vnK$~rqq z?mt-_+PXH2D-6h$k^m(>BVzlc2Pk!afqqc${9xO>3_^(s+7(;mL!BoGeZT&hg96{y z9pZ_D4zoN?2L>O(uRAl8Rd7YOY6TZewtvxSX44>tf<7u$=rB;f2|Q))(|WCDvfVA6o5z-|lQ z1OuvZGa$z5_rD!JjJUzJ#pstxFY^6W&1eeamb$884LghJu+CL3Ro}QD^n&b~Y`s87`x>eZ! E0qpzomH+?% literal 6529 zcmZ`;c_38p_m+Jd#*k%98e?BWvNdQ1W5|{$`(DNt!pE*K_H_`ll|7Upds$*MWF4}F zFvyZD38CaSzW@LJxc9!xx#vCax#xZFbDlTB#7Gyw3}&XHq5|llwN0t0sKJ!74^`Fw+D~Kw; ze0=cmX_;L)+G;T6nXG^Lwsc^Pz5!2L!aPx@v58LmJEyj!CB*uaj{DM)8tLEgZ-1z;*I>Vuq#|}BrbCsLl@ozTM!_=Xe}o!+MnPnubOcsDSR)3UP@%dcN0 zR6dcJeD#GydGqhzrGxZrDU{bY;Zib+P=&^6r{TTk=cewNPSKQBU)M=L#Z+2c@!qe} zywtc0xyw>pW4DZmnrv53@>KaLisSifevHjL4m*EUvT|Wy2uqF8kG92UG$Ppak|6^5 zX8A-*@YSo@pF`VQ4@o&q7Kac3Wnx$}w1+zQmrszCnS6XjWl^B->#UH?)*sA>Re6Pj_SK` z?Q6v($b|x-Acmr4CVT#$xA@7FYI({JIONeNp;&3-YL+R3h<0p(*vt__$F&aQO`1K^ z4Zp5|;G}=&936a=S)=7aX+*n`yJz5b$OxcjjcgK%CI;yl)`vCh1yQ^}+o#E={dwzk z_$_VEA3L$uduz!{-&7VC({ghV6ce(R7DiX<4Ogmn#TXdwp;{axaeW3L2t~2Q!mQ}& zTW))cqqv#Is&~0@1R34~h6uJ%evemjV}b=gp?TwX5$I@IM7nU)wd%oTm4{kzWXJ$d z|FAe+JFjm47UsGY)tNkdTs`-dgGWG9b_7s3VJV>%9eQ)Ll@)uCb8f)KCd*+Zhs!UG z1WgXI#V0GCT3pKs4FDn~h4g6It+-4@uoJh&`TSjg{CFs8=OqECU!{5T^kZ?_iE#l9 zjt8*$$WjCte-5q3+5-9Ssb6=%r zA(Eb9!2}oroP2S-f4}OIYiHkk{_cMoyPQ2je5(()ejW!4u#GZ|WfgN>tT@^d62;4g z{(rJ^5jGo2i*NXl*&qSufv|Zu)RpnV|Mbpi5p@YohEpo)c?kS=fP0Gdmpdwq zQ7&>WkN+n9QAl+Td8k)9|Gus5)7Nu2WXBPO=5_`0HpQaCqDccqj{avg2*u$aBIERX zbZ+}9o7ceWVVp_Z0w;f|S)v@Q#qqL@T~J0*`ug1W!%)VZl^|lO9+Btt-Lp0&pwjqy zhuwMk+0}AT?VH~+uN@b5bE1?dru-~6B1WixAM?V-MRIPZ$*CNLpT%tD1P+%AX1mt< zxrDLq=fx2y@y}jg*r#6=@OMMqPE5b5i(%}b_uI@pfU!sMw4i0$ffU)he46n;QGQD9CJx@zIy{@>_ zmRYSMYas3EuN9Tl!Y9U!_i3F7!ah6J@f@yo_7a;nji2g!XwzL;L-Ha$r`)quuy6N|MJ@=>c zJAwODXa2mj-4bdG*wrEW9v&Uu&H%9=H5LEF#UfoGruO7905&FF=^xE5yMBc}d{VH#KRF;J9YhlaAErRmz7hhu6 zvwQ3xWk_dL^C3X9Nu@C>NMNR2RM>jZi@K+!B{D*5jT6XvHvB zAfKN3r_jHlSByWVUBP}L!y!e-M!;=}F8oN4n5v*$%hH?+hpSK*Zv!4eybg;^lEX#4$vHn>|&4I4-K>H`Pd<=zKJisbJw!W z3)0eb$DA8zB>J;Nhgk8ZAN|3~n}yuK&}=8g(Cmj@g59ydnt43!dZiuE^7Q?@Xxci*{F2h#Ybgn{S=6+CyJ5J=!#$TQ4kPQRR|mEn zS(i0JIs57xEcTO?9-cp=B`R2D%_OGKkG@I5)bnsNsX79hDwp4UoD;&5Ubl)U@`BRI zH@@GPdUOEaJK^E>4v^Q*Xax+I-L$|O)+Q$6Me8tXN_T5b|xnru_ z#iIZxuW~Pq#_cuzVnlysq`6&JEBOkp9V{D*1|egtGOV$NBkv||(vX?&R@Lu9q%wIt z-$YfXS+ZakLr0BA$D4D3?hm^XQ=C#nIMBt2coFk(-=tsqp31b&*O+o(@_#yG3=P&f z?=LZ>_jq;2#0K86p?U$+vRtJhmEzL8$6AtwonAl2h%5G2U$2q#un!AC+0$DKm)dJ% zay5jGMlgaETbpM#((US<42w;I64SqVee-*@GExj<(0pavnvGQ&#UyBr(F6PWp#7|N z;FNJYw_dT4%qN*1QQNITU;B-cS#7>o)Ae*-xdk`lE0j98ZJK}ILBq>*g|6Z~>RG2y zpzP&SmnNu~%d=Or#|123C6WvR&c5vV;9yQAupR3!x@73S_YddzUuJdjc ziAt;lcR#Tp!%u>nz_kM?-59-@OvSG(M_2G=lxleQnLnD>o?qHu)uNCTvmOw z@^i*$0+GJkfjQs5J}_1W51w(I2Dvl+Wc#1JF>=fwzXoL1Lm6dRixPBh?-u~$B|OKg z7Wia?AQh~&7l3;)yu8J@G1B6@35@Gu%e@*sh*Xt7eWu&Y<#?{xzb-!dr z*U5FMs&eB2B_!xGNA>0TjEW+qntA*L*KKgCD0Q(@UL@|wAvd-1SI6}wvV4Hy_I?59 za;hTh(3aUuEOw9}sjR^s$4-|J&ZaL) zG4%3+AKP!U0N`Hv6*y5d)pc^hwcX@XWgesgW&wGbk*{68{Q>ru_25bHm5%EMlkyqR z1|lr0jMGIz=^l+l;F3I&rW`R-R#lMpDluh*K(1Xn4EC01cyQ@Lb&RndXMA9u%#CKJSKJbQ|B`M&;S(w@x%YgA-tz?tF5SJzcYFNXF3O$Ep{%-bxoCyUYxR?oKVBm)i)pTp2j4{tte{7xgW zi&|`Xa?Dm5bdboQIg_k%-my`%M&2XA(u&!p1eNrIm7od>mcq?Db7uL%(xHmYYvgo8 zug4#neio_BJoaS8DUsI4IZOV5h&+FSQ^g2eefTXFI0t`dGfHb+lNRw3uz5SF<=nKG zp%~3rR!e%8<=hav_l&2Wqwi;ZdP~Mjf_Tn@nmY#_S7{?V|6TnO*{Dw0);*H;KDAiM zwFc4pV;lw87MrvwX-e#jI2T(Kx}JmYU0J~5gSkPi$%AX_CvZqA{aE9`>idyPINx{f zU+J3o!OOP>RD+(1_13Iv=m)q%$nWSXY>VIaejL1W*#ihzfikB0YE*7w^>{Nm9$zi8 z5a`o^^gUxT4-Z2C+kIPOeN#HFd-j^cEHeMBL#X|(pIlFM&MEsUuOSt)e$erUf|)sA zH$~X4-MCAb^>&ymO+H+FtrGmawcZ;icLIrWzPc=&X|~hDu38*ZSG_vK8Zop-l!hx( z@@{H;v_(Xoni&6Bna*75R^$Q*9E}N4rQk;va+cGIy(w(P#=f)}azACGvO`lQ@b`ze ziNeE|kH)Yq8-QNqJsl!A`KZT-AyQ8)!De#e`Th(7Gck3OfS~>QZcX4wwP&~1P&OTZ zDB!DNTN4D(k_?t^?4B%2VHC{CEPoL$wd#Z+bf%5oAA#m|Qj+x+Ri-zKNR%MVtW@8OxW>gEkvkE}V*NgUCNyWI?i7)CG= z9GK^_zLnJaY4_jKr?3muZ{9Cg`fFf4*l24{`eD=kVx9pDu=LwY`&^xDG>~$;Q97Kj zLVSfIooivsXqj$*YIlrt#mz#c>PC2RsZK8 z{?6S+xImDRr-(>or2l}F&l0U8YXU4G4^@1LA?Z^+2nefJrV zG%wrm(_xe-oNw7Tj96A#I68iCMQE)^=|f6Pxv3LjIup+=bIsofL9+msxau^O<)N9n z(g6lUgmg`}KIv*XIL>k;ZW6a?1mb##3Jh0dPe$HSmu9dPNz^+|vdweIU^=CQ6wHc9 z=-?ZmBB);D@5?+YeZR_S@eK&Y2SbPU^>@|=t)A@UtE4s{nM8~41cPe1`F$bY%T@1R z1v=AfRqL2pYk39uQxA&-u$%MM4rs?EEvrni8;(jcR`$;9pg!BFWeh{}cA)bPwt3IB zoSruHh?w(+30Zk!x}#kt-mX{FrT731yCgF*>xUjs>Vds{&h^f$jG(|Gdhkg73DbeID|WPIBJQ+J(hrha48pah+~L z^s;cpA;Rol{`NWHJ$Po}(oU37f+6(}gEEz<|jft`tYXWygue zd~NohbZEGu<`RMN3I5BD8R&;M{d%yn54QDn%_ORJ4USbeFY!JU1Nd7v zIX=avXFJF!KHW}-C5Ty;P{GRdWTle>^V4m}QgfgD&2KfOaVZ27I@z%475!VRc}yT7 zUG;F&DVXy_B2>V)Y1SxbWnDqgJaMPu)=^pR3V9xA9b0RbZ=IElR&?WYy zQ0OBEq?90bzUPMS3U@T-oicmedOXKm^NttGY0a4LGI`M(t286z&r#So^Io11mOb^mzfS!AkaJQS-U#}!55^XJB zP>Q2NRe3im2CndgdtTw-(<#z!iaaS2%v>PDz!D0Kf^P^lB$M-dwlWq%DJEz-K5%(G}O-5@ZXNf__!pj zK1;VRpi~nvzLD*C5XL9FcMv#_bHsqwV`u)-)o#jj{yR;vTclu*$2)W~iekQyhOFnn zajTuL^Yinn%>;XPFEzI6UfcJ-KBqP~zKA3I*~=29A?@6ZPh(k?FNwWPP3v3yzwx;&IKQle>5nV)V_6BQ zF5eiVZk-!Nkl0dtJ#-@xjGN4s#hL1T`x7?~Nc~(4Ixk;BSM8U&-}T+5FzT=tIC$@2 zn0SzY{po=_h5i&Q`y-vxlKoTP->qHkf?aiYu*7&~&3p@&<-Mqm2YJuvP)K87MxC@` z?kA&*qPH|lio&FT=MzIpE!}z^1je)n+*<qDGtH@=X6J4CU5 zwD)?P)S>5kngIV zI Date: Tue, 19 Nov 2019 09:55:48 -0800 Subject: [PATCH 191/541] index descriptions --- docs/source/getting-started/index.rst | 5 +++++ docs/source/index-about.rst | 5 +++++ docs/source/index-admin.rst | 3 +++ docs/source/installation-guide.rst | 4 ++++ docs/source/reference/index.rst | 3 +++ 5 files changed, 20 insertions(+) diff --git a/docs/source/getting-started/index.rst b/docs/source/getting-started/index.rst index 39f7e388..3c1e1304 100644 --- a/docs/source/getting-started/index.rst +++ b/docs/source/getting-started/index.rst @@ -1,6 +1,11 @@ Get Started =========== +This section covers how to configure and customize JupyterHub for your +needs. It contains information about authentication, networking, security, and +other topics that are relevant to individuals or organizations deploying their +own JupyterHub. + .. toctree:: :maxdepth: 2 diff --git a/docs/source/index-about.rst b/docs/source/index-about.rst index 818a19de..90549520 100644 --- a/docs/source/index-about.rst +++ b/docs/source/index-about.rst @@ -2,6 +2,11 @@ About ===== +JupyterHub is an open source project and community. It is a part of the +`Jupyter Project `_. JupyterHub is an open and inclusive +community, and invites contributions from anyone. This section covers information +about our community, as well as ways that you can connect and get involved. + .. toctree:: :maxdepth: 1 diff --git a/docs/source/index-admin.rst b/docs/source/index-admin.rst index e404fd0c..ff81b531 100644 --- a/docs/source/index-admin.rst +++ b/docs/source/index-admin.rst @@ -2,6 +2,9 @@ Administrator's Guide ===================== +This guide covers best-practices, tips, common questions and operations, as +well as other information relevant to running your own JupyterHub over time. + .. toctree:: :maxdepth: 2 diff --git a/docs/source/installation-guide.rst b/docs/source/installation-guide.rst index 0176d721..b2415fcc 100644 --- a/docs/source/installation-guide.rst +++ b/docs/source/installation-guide.rst @@ -1,6 +1,10 @@ Installation ============ +These sections cover how to get up-and-running with JupyterHub. They cover +some basics of the tools needed to deploy JupyterHub as well as how to get it +running on your own infrastructure. + .. toctree:: :maxdepth: 3 diff --git a/docs/source/reference/index.rst b/docs/source/reference/index.rst index b5ce872c..b900025d 100644 --- a/docs/source/reference/index.rst +++ b/docs/source/reference/index.rst @@ -1,6 +1,9 @@ Technical Reference =================== +This section covers more of the details of the JupyterHub architecture, as well as +what happens under-the-hood when you deploy and configure your JupyterHub. + .. toctree:: :maxdepth: 2 From 45a4362bb3ba82227c05ace41219062389964e00 Mon Sep 17 00:00:00 2001 From: Chris Holdgraf Date: Tue, 19 Nov 2019 09:57:51 -0800 Subject: [PATCH 192/541] fixing EOL --- docs/environment.yml | 2 +- docs/source/contributing/index.rst | 2 +- docs/source/index-about.rst | 2 +- docs/source/index-admin.rst | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/environment.yml b/docs/environment.yml index 2a4044ff..15a41a3a 100644 --- a/docs/environment.yml +++ b/docs/environment.yml @@ -26,4 +26,4 @@ dependencies: - alabaster_jupyterhub - autodoc-traits - sphinx-jsonschema - - -r requirements.txt \ No newline at end of file + - -r requirements.txt diff --git a/docs/source/contributing/index.rst b/docs/source/contributing/index.rst index 2fd31327..78c02037 100644 --- a/docs/source/contributing/index.rst +++ b/docs/source/contributing/index.rst @@ -18,4 +18,4 @@ helps keep our community welcoming to as many people as possible. docs tests roadmap - security \ No newline at end of file + security diff --git a/docs/source/index-about.rst b/docs/source/index-about.rst index 90549520..f0771c60 100644 --- a/docs/source/index-about.rst +++ b/docs/source/index-about.rst @@ -12,4 +12,4 @@ about our community, as well as ways that you can connect and get involved. contributor-list changelog - gallery-jhub-deployments \ No newline at end of file + gallery-jhub-deployments diff --git a/docs/source/index-admin.rst b/docs/source/index-admin.rst index ff81b531..f780d0ab 100644 --- a/docs/source/index-admin.rst +++ b/docs/source/index-admin.rst @@ -10,4 +10,4 @@ well as other information relevant to running your own JupyterHub over time. troubleshooting admin/upgrading - changelog \ No newline at end of file + changelog From e44ee6ed8ae21ce19621ecbb8ad172e551352929 Mon Sep 17 00:00:00 2001 From: Chris Holdgraf Date: Tue, 19 Nov 2019 18:17:26 -0800 Subject: [PATCH 193/541] reordering requirements --- docs/requirements.txt | 2 +- docs/source/getting-started/index.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/requirements.txt b/docs/requirements.txt index cf69b427..01d85db1 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -3,8 +3,8 @@ -r ../requirements.txt alabaster_jupyterhub autodoc-traits +git+https://github.com/pandas-dev/pandas-sphinx-theme.git@master recommonmark==0.5.0 sphinx-copybutton sphinx-jsonschema sphinx>=1.7 -git+https://github.com/pandas-dev/pandas-sphinx-theme.git@master diff --git a/docs/source/getting-started/index.rst b/docs/source/getting-started/index.rst index 3c1e1304..00bcdfbc 100644 --- a/docs/source/getting-started/index.rst +++ b/docs/source/getting-started/index.rst @@ -15,4 +15,4 @@ own JupyterHub. authenticators-users-basics spawners-basics services-basics - institutional-faq \ No newline at end of file + institutional-faq From 0b3ffe1a996c8ed17e3da49fc2d1463873ad558f Mon Sep 17 00:00:00 2001 From: Chris Holdgraf Date: Thu, 21 Nov 2019 12:08:32 -0800 Subject: [PATCH 194/541] extra heading # to institutional faq for sidebar --- .../getting-started/institutional-faq.md | 52 +++++++++---------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/docs/source/getting-started/institutional-faq.md b/docs/source/getting-started/institutional-faq.md index 501d311b..3ff17f1f 100644 --- a/docs/source/getting-started/institutional-faq.md +++ b/docs/source/getting-started/institutional-faq.md @@ -3,9 +3,9 @@ This page contains common questions from users of JupyterHub, broken down by their roles within organizations. -# For all +## For all -## Is it appropriate for adoption within a larger institutional context? +### Is it appropriate for adoption within a larger institutional context? Yes! JupyterHub has been used at-scale for large pools of users, as well as complex and high-performance computing. For example, UC Berkeley uses @@ -14,7 +14,7 @@ JupyterHub for its Data Science Education Program courses (serving over to scalable cloud computing with Dask. JupyterHub is stable customizable to the use-cases of large organizations. -## I keep hearing about Jupyter Notebook, JupyterLab, and now JupyterHub. What’s the difference? +### I keep hearing about Jupyter Notebook, JupyterLab, and now JupyterHub. What’s the difference? Here is a quick breakdown of these three tools: @@ -29,23 +29,23 @@ Here is a quick breakdown of these three tools: It also connects them with infrastructure those users wish to access. It can provide remote access to Jupyter Notebooks and Jupyter Lab for many people. -# For management +## For management -## Briefly, what problem does JupyterHub solve for us? +### Briefly, what problem does JupyterHub solve for us? JupyterHub provides a shared platform for data science and collaboration. It allows users to utilize familiar data science workflows (such as the scientific python stack, the R tidyverse, and Jupyter Notebooks) on institutional infrastructure. It also allows administrators some control over access to resources, security, environments, and authentication. -## Is JupyterHub mature? Why should we trust it? +### Is JupyterHub mature? Why should we trust it? Yes - the core JupyterHub application recently reached 1.0 status, and is considered stable and performant for most institutions. JupyterHub has also been deployed (along with other tools) to work on scalable infrastructure, large datasets, and high-performance computing. -## Who else uses JupyterHub? +### Who else uses JupyterHub? JupyterHub is used at a variety of institutions in academia, industry, and government research labs. It is most-commonly used by two kinds of groups: @@ -68,7 +68,7 @@ Here are a sample of organizations that use JupyterHub: See the [Gallery of JupyterHub deployments](../gallery-jhub-deployments.md) for a more complete list of JupyterHub deployments at institutions. -## How does JupyterHub compare with hosted products, like Google Colaboratory, RStudio.cloud, or Anaconda Enterprise? +### How does JupyterHub compare with hosted products, like Google Colaboratory, RStudio.cloud, or Anaconda Enterprise? JupyterHub puts you in control of your data, infrastructure, and coding environment. In addition, it is vendor neutral, which reduces lock-in to a particular vendor or service. @@ -83,9 +83,9 @@ computational hardware. It can also be deployed anywhere - on enterprise cloud i High-Performance-Computing machines, on local hardware, or even on a single laptop, which is not possible with most other tools for shared interactive computing. -# For IT +## For IT -## How would I set up JupyterHub on institutional hardware? +### How would I set up JupyterHub on institutional hardware? That depends on what kind of hardware you've got. JupyterHub is flexible enough to be deployed on a variety of hardware, including in-room hardware, on-prem clusters, cloud infrastructure, @@ -103,7 +103,7 @@ that we currently suggest are: lightweight computational resources. -## Does JupyterHub run well in the cloud? +### Does JupyterHub run well in the cloud? Yes - most deployments of JupyterHub are run via cloud infrastructure and on a variety of cloud providers. Depending on the distribution of JupyterHub that you'd like to use, you can also connect your JupyterHub @@ -117,7 +117,7 @@ project for distributed computing. The Z2JH Helm Chart also has some functionality built in for auto-scaling your cluster up and down as more resources are needed - allowing you to utilize the benefits of a flexible cloud-based deployment. -## Is JupyterHub secure? +### Is JupyterHub secure? The short answer: yes. JupyterHub as a standalone application has been battle-tested at an institutional level for several years, and makes a number of "default" security decisions that are reasonable for most @@ -138,7 +138,7 @@ If you are worried about security, don't hesitate to reach out to the JupyterHub individuals with experience running secure JupyterHub deployments. -## Does JupyterHub provide computing or data infrastructure? +### Does JupyterHub provide computing or data infrastructure? No - JupyterHub manages user sessions and can *control* computing infrastructure, but it does not provide these things itself. You are expected to run JupyterHub on your own infrastructure (local or in the cloud). Moreover, @@ -146,7 +146,7 @@ JupyterHub has no internal concept of "data", but is designed to be able to comm (again, either locally or remotely) for use within interactive computing sessions. -## How do I manage users? +### How do I manage users? JupyterHub offers a few options for managing your users. Upon setting up a JupyterHub, you can choose what kind of **authentication** you'd like to use. For example, you can have users sign up with an institutional @@ -158,7 +158,7 @@ Moreover, the *active* users on a JupyterHub can be found on the administrator's gives you the abiltiy to stop or restart kernels, inspect user filesystems, and even take over user sessions to assist them with debugging. -## How do I manage software environments? +### How do I manage software environments? A key benefit of JupyterHub is the ability for an administrator to define the environment(s) that users have access to. There are many ways to do this, depending on what kind of infrastructure you're using for @@ -170,7 +170,7 @@ an environment by installing packages to a shared folder that exists on the path own list of Docker images that users can select from, and can also control things like the amount of RAM available to users, or the types of machines that their sessions will use in the cloud. -## How does JupyterHub manage computational resources? +### How does JupyterHub manage computational resources? For interactive computing sessions, JupyterHub controls computational resources via a **spawner**. Spawners define how a new user session is created, and are customized for particular kinds of @@ -183,14 +183,14 @@ scalable or high-performance resources from within their JupyterHub sessions. Th how those resources are controlled is taken care of by the non-JupyterHub application. -## Can JupyterHub be used with my high-performance computing resources? +### Can JupyterHub be used with my high-performance computing resources? Yes - JupyterHub can provide access to many kinds of computing infrastructure. Especially when combined with other open-source schedulers such as Dask, you can manage fairly complex computing infrastructure from the interactive sessions of a JupyterHub. For example [see the Dask HPC page](https://docs.dask.org/en/latest/setup/hpc.html). -## How much resources do user sessions take? +### How much resources do user sessions take? This is highly configurable by the administrator. If you wish for your users to have simple data analytics environments for prototyping and light data exploring, you can restrict their @@ -198,15 +198,15 @@ memory and CPU based on the resources that you have available. If you'd like you to serve as a gateway to high-performance compute or data resources, you may increase the resources available on user machines, or connect them with computing infrastructure elsewhere. -## Can I customize the look and feel of a JupyterHub? +### Can I customize the look and feel of a JupyterHub? JupyterHub provides some customization of the graphics displayed to users. The most common modification is to add custom branding to the JupyterHub login page, loading pages, and various elements that persist across all pages (such as headers). -# For Technical Leads +## For Technical Leads -## Will JupyterHub “just work” with our team's interactive computing setup? +### Will JupyterHub “just work” with our team's interactive computing setup? Depending on the complexity of your setup, you'll have different experiences with "out of the box" distributions of JupyterHub. If all of the resources you need will fit on a single VM, then @@ -219,7 +219,7 @@ In general, the base JupyterHub deployment is not the bottleneck for setup, it i your JupyterHub with the various services and tools that you wish to provide to your users. -## How well does JupyterHub scale? What are JupyterHub's limitations? +### How well does JupyterHub scale? What are JupyterHub's limitations? JupyterHub works well at both a small scale (e.g., a single VM or machine) as well as a high scale (e.g., a scalable Kubernetes cluster). It can be used for teams as small a 2, and @@ -228,7 +228,7 @@ infrastructure on which it is deployed. JupyterHub has been designed to be light flexible, so you can tailor your JupyterHub deployment to your needs. -## Is JupyterHub resilient? What happens when a machine goes down? +### Is JupyterHub resilient? What happens when a machine goes down? For JupyterHubs that are deployed in a containerized environment (e.g., Kubernetes), it is possible to configure the JupyterHub to be fairly resistant to failures in the system. @@ -238,13 +238,13 @@ seamlessly connect with the user database and the system will return to normal. Again, the details of your JupyterHub deployment (e.g., whether it's deployed on a scalable cluster) will affect the resiliency of the deployment. -## What interfaces does JupyterHub support? +### What interfaces does JupyterHub support? Out of the box, JupyterHub supports a variety of popular data science interfaces for user sessions, such as JupyterLab, Jupyter Notebooks, and RStudio. Any interface that can be served via a web address can be served with a JupyterHub (with the right setup). -## Does JupyterHub make it easier for our team to collaborate? +### Does JupyterHub make it easier for our team to collaborate? JupyterHub provides a standardized environment and access to shared resources for your teams. This greatly reduces the cost associated with sharing analyses and content with other team @@ -259,7 +259,7 @@ rendered as [voila dashboards](https://voila.readthedocs.io/en/stable/) with tho familiar with programming, or create publicly-available interactive analyses to allow others to interact with your work. -## Can I use JupyterHub with R/RStudio or other languages and environments? +### Can I use JupyterHub with R/RStudio or other languages and environments? Yes, Jupyter is a polyglot project, and there are over 40 community-provided kernels for a variety of languages (the most common being Python, Julia, and R). You can also use a JupyterHub to provide From 6956ffd2a9724d6ad3ca56f72b7c1ae5ad9bb676 Mon Sep 17 00:00:00 2001 From: Kenan Erdogan Date: Fri, 22 Nov 2019 10:56:49 +0100 Subject: [PATCH 195/541] add block for scripts included in head --- share/jupyterhub/templates/page.html | 2 ++ 1 file changed, 2 insertions(+) diff --git a/share/jupyterhub/templates/page.html b/share/jupyterhub/templates/page.html index cd50ee11..0f36b142 100644 --- a/share/jupyterhub/templates/page.html +++ b/share/jupyterhub/templates/page.html @@ -34,9 +34,11 @@ {% block stylesheet %} {% endblock %} + {% block scripts %} + {% endblock %} From a999ac8f073e2ff6b6e084a05eb40dd3993292c8 Mon Sep 17 00:00:00 2001 From: JohnPaton Date: Fri, 14 Feb 2020 16:51:27 +0100 Subject: [PATCH 275/541] Use only rel="icon" This is the officially recommended method from MDN https://developer.mozilla.org/en-US/docs/Learn/HTML/Introduction_to_HTML/The_head_metadata_in_HTML --- share/jupyterhub/templates/page.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/share/jupyterhub/templates/page.html b/share/jupyterhub/templates/page.html index b40be095..bc701ce4 100644 --- a/share/jupyterhub/templates/page.html +++ b/share/jupyterhub/templates/page.html @@ -35,7 +35,7 @@ {% endblock %} {% block favicon %} - + {% endblock %} {% block scripts %} From 79a51dfdce028e83d2921fdf29053307bdeb896d Mon Sep 17 00:00:00 2001 From: Min RK Date: Tue, 18 Feb 2020 17:10:19 +0100 Subject: [PATCH 276/541] make init_spawners check O(running servers) not O(total users) query on Server objects instead of User objects avoids lots of ORM work on startup since there are typically a small number of running servers relative to the total number of users this also means that the users dict is not fully populated. Is that okay? I hope so. --- jupyterhub/app.py | 39 ++++++++++++++++++++++++--------------- jupyterhub/orm.py | 4 ++-- 2 files changed, 26 insertions(+), 17 deletions(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 0bd57de7..b0cc694a 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -1670,9 +1670,12 @@ class JupyterHub(Application): # This lets whitelist be used to set up initial list, # but changes to the whitelist can occur in the database, # and persist across sessions. + total_users = 0 for user in db.query(orm.User): try: - await maybe_future(self.authenticator.add_user(user)) + f = self.authenticator.add_user(user) + if f: + await maybe_future() except Exception: self.log.exception("Error adding user %s already in db", user.name) if self.authenticator.delete_invalid_users: @@ -1694,6 +1697,7 @@ class JupyterHub(Application): ) ) else: + total_users += 1 # handle database upgrades where user.created is undefined. # we don't want to allow user.created to be undefined, # so initialize it to last_activity (if defined) or now. @@ -1705,6 +1709,8 @@ class JupyterHub(Application): # From this point on, any user changes should be done simultaneously # to the whitelist set and user db, unless the whitelist is empty (all users allowed). + TOTAL_USERS.set(total_users) + async def init_groups(self): """Load predefined groups into the database""" db = self.db @@ -2005,21 +2011,24 @@ class JupyterHub(Application): spawner._check_pending = False # parallelize checks for running Spawners + # run query on extant Server objects + # so this is O(running servers) not O(total users) check_futures = [] - for orm_user in db.query(orm.User): - user = self.users[orm_user] - self.log.debug("Loading state for %s from db", user.name) - for name, orm_spawner in user.orm_spawners.items(): - if orm_spawner.server is not None: - # spawner should be running - # instantiate Spawner wrapper and check if it's still alive - spawner = user.spawners[name] - # signal that check is pending to avoid race conditions - spawner._check_pending = True - f = asyncio.ensure_future(check_spawner(user, name, spawner)) - check_futures.append(f) - - TOTAL_USERS.set(len(self.users)) + for orm_server in db.query(orm.Server): + orm_spawners = orm_server.spawner + if not orm_spawners: + continue + orm_spawner = orm_spawners[0] + orm_user = orm_spawner.user + # instantiate Spawner wrapper and check if it's still alive + # spawner should be running + user = self.users[orm_spawner.user] + spawner = user.spawners[orm_spawner.name] + self.log.debug("Loading state for %s from db", spawner._log_name) + # signal that check is pending to avoid race conditions + spawner._check_pending = True + f = asyncio.ensure_future(check_spawner(user, spawner.name, spawner)) + check_futures.append(f) # it's important that we get here before the first await # so that we know all spawners are instantiated and in the check-pending state diff --git a/jupyterhub/orm.py b/jupyterhub/orm.py index 3198a046..4e151092 100644 --- a/jupyterhub/orm.py +++ b/jupyterhub/orm.py @@ -230,7 +230,7 @@ class Spawner(Base): user_id = Column(Integer, ForeignKey('users.id', ondelete='CASCADE')) server_id = Column(Integer, ForeignKey('servers.id', ondelete='SET NULL')) - server = relationship(Server, cascade="all") + server = relationship(Server, backref='spawner', cascade="all") state = Column(JSONDict) name = Column(Unicode(255)) @@ -282,7 +282,7 @@ class Service(Base): # service-specific interface _server_id = Column(Integer, ForeignKey('servers.id', ondelete='SET NULL')) - server = relationship(Server, cascade='all') + server = relationship(Server, backref='service', cascade='all') pid = Column(Integer) def new_api_token(self, token=None, **kwargs): From 13313abb37325aacb2f89f0ce8c3ea61fb53430b Mon Sep 17 00:00:00 2001 From: "Bruno P. Kinoshita" Date: Wed, 19 Feb 2020 10:46:49 +1300 Subject: [PATCH 277/541] Fix link to SSL encryption from troubleshooting page --- docs/source/troubleshooting.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/troubleshooting.md b/docs/source/troubleshooting.md index 617a5f44..dc222942 100644 --- a/docs/source/troubleshooting.md +++ b/docs/source/troubleshooting.md @@ -269,7 +269,7 @@ where `ssl_cert` is example-chained.crt and ssl_key to your private key. Then restart JupyterHub. -See also [JupyterHub SSL encryption](getting-started.md#ssl-encryption). +See also [JupyterHub SSL encryption](./getting-started/security-basics.html#ssl-encryption). ### Install JupyterHub without a network connection From dec324475899767babb4c82199e4b7cc1a35b2cf Mon Sep 17 00:00:00 2001 From: "Bruno P. Kinoshita" Date: Wed, 19 Feb 2020 12:39:20 +1300 Subject: [PATCH 278/541] Use fixed commit plus line number in github link --- docs/source/reference/services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/reference/services.md b/docs/source/reference/services.md index 7686d4a4..ec446c8e 100644 --- a/docs/source/reference/services.md +++ b/docs/source/reference/services.md @@ -360,7 +360,7 @@ and taking note of the following process: An example of using an Externally-Managed Service and authentication is in [nbviewer README][nbviewer example] section on securing the notebook viewer, -and an example of its configuration is found [here](https://github.com/jupyter/nbviewer/blob/master/nbviewer/providers/base.py#L94). +and an example of its configuration is found [here](https://github.com/jupyter/nbviewer/blob/ed942b10a52b6259099e2dd687930871dc8aac22/nbviewer/providers/base.py#L95). nbviewer can also be run as a Hub-Managed Service as described [nbviewer README][nbviewer example] section on securing the notebook viewer. From 31c0788bd964fff6178e4a88e7e1f955071a0407 Mon Sep 17 00:00:00 2001 From: "Bruno P. Kinoshita" Date: Wed, 19 Feb 2020 12:56:02 +1300 Subject: [PATCH 279/541] Move cookies to the end of the list (ssl, proxy, and then cookies) --- .../getting-started/security-basics.rst | 77 +++++++++---------- 1 file changed, 38 insertions(+), 39 deletions(-) diff --git a/docs/source/getting-started/security-basics.rst b/docs/source/getting-started/security-basics.rst index 80996555..7661cfd1 100644 --- a/docs/source/getting-started/security-basics.rst +++ b/docs/source/getting-started/security-basics.rst @@ -80,6 +80,44 @@ To achieve this, simply omit the configuration settings ``c.JupyterHub.ssl_key`` and ``c.JupyterHub.ssl_cert`` (setting them to ``None`` does not have the same effect, and is an error). +.. _authentication-token: + +Proxy authentication token +-------------------------- + +The Hub authenticates its requests to the Proxy using a secret token that +the Hub and Proxy agree upon. The value of this string should be a random +string (for example, generated by ``openssl rand -hex 32``). + +Generating and storing token in the configuration file +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Or you can set the value in the configuration file, ``jupyterhub_config.py``: + +.. code-block:: python + + c.JupyterHub.proxy_auth_token = '0bc02bede919e99a26de1e2a7a5aadfaf6228de836ec39a05a6c6942831d8fe5' + +Generating and storing as an environment variable +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +You can pass this value of the proxy authentication token to the Hub and Proxy +using the ``CONFIGPROXY_AUTH_TOKEN`` environment variable: + +.. code-block:: bash + + export CONFIGPROXY_AUTH_TOKEN=$(openssl rand -hex 32) + +This environment variable needs to be visible to the Hub and Proxy. + +Default if token is not set +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +If you don't set the Proxy authentication token, the Hub will generate a random +key itself, which means that any time you restart the Hub you **must also +restart the Proxy**. If the proxy is a subprocess of the Hub, this should happen +automatically (this is the default configuration). + .. _cookie-secret: Cookie secret @@ -145,42 +183,3 @@ itself, ``jupyterhub_config.py``, as a binary string: If the cookie secret value changes for the Hub, all single-user notebook servers must also be restarted. - - -.. _authentication-token: - -Proxy authentication token --------------------------- - -The Hub authenticates its requests to the Proxy using a secret token that -the Hub and Proxy agree upon. The value of this string should be a random -string (for example, generated by ``openssl rand -hex 32``). - -Generating and storing token in the configuration file -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Or you can set the value in the configuration file, ``jupyterhub_config.py``: - -.. code-block:: python - - c.JupyterHub.proxy_auth_token = '0bc02bede919e99a26de1e2a7a5aadfaf6228de836ec39a05a6c6942831d8fe5' - -Generating and storing as an environment variable -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -You can pass this value of the proxy authentication token to the Hub and Proxy -using the ``CONFIGPROXY_AUTH_TOKEN`` environment variable: - -.. code-block:: bash - - export CONFIGPROXY_AUTH_TOKEN=$(openssl rand -hex 32) - -This environment variable needs to be visible to the Hub and Proxy. - -Default if token is not set -~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -If you don't set the Proxy authentication token, the Hub will generate a random -key itself, which means that any time you restart the Hub you **must also -restart the Proxy**. If the proxy is a subprocess of the Hub, this should happen -automatically (this is the default configuration). From b92efcd7b064315e63219a4ef807c40cf541484e Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 20 Feb 2020 09:37:08 +0100 Subject: [PATCH 280/541] spawner test assumed app.users is populated --- jupyterhub/tests/test_spawner.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/jupyterhub/tests/test_spawner.py b/jupyterhub/tests/test_spawner.py index 177c1da0..fa0cbeab 100644 --- a/jupyterhub/tests/test_spawner.py +++ b/jupyterhub/tests/test_spawner.py @@ -103,7 +103,8 @@ async def wait_for_spawner(spawner, timeout=10): async def test_single_user_spawner(app, request): - user = next(iter(app.users.values()), None) + orm_user = app.db.query(orm.User).first() + user = app.users[orm_user] spawner = user.spawner spawner.cmd = ['jupyterhub-singleuser'] await user.spawn() From a0b6d8ec6f60877d3c90d71e564c5ef3de6e9e89 Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 20 Feb 2020 12:12:55 +0100 Subject: [PATCH 281/541] add allow_implicit_spawn setting - warn that there are known issues associated with enabling it - it is inherently incompatible with named servers --- jupyterhub/app.py | 28 ++++++++++++++++++++++++++++ jupyterhub/handlers/base.py | 8 +++++++- 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 0bd57de7..9df85c66 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -917,10 +917,37 @@ class JupyterHub(Application): def _authenticator_default(self): return self.authenticator_class(parent=self, db=self.db) + allow_implicit_spawn = Bool( + False, + help="""Allow implicit spawning + + When a user visits a URL for a server that's not running, + instead of confirming the spawn request, + automatically begin the spawn process. + + Warning: not compatible with named servers, + and known to cause issues with redirect loops, + server errors, and infinitely respawning servers. + """, + ).tag(config=True) + + @validate('allow_implicit_spawn') + def _allow_named_changed(self, proposal): + if proposal.value and self.allow_named_servers: + self.log.warning("Implicit spawn cannot work with named servers") + return False + return proposal.value + allow_named_servers = Bool( False, help="Allow named single-user servers per user" ).tag(config=True) + @observe('allow_named_servers') + def _allow_named_changed(self, change): + if change.new and self.allow_implicit_spawn: + self.log.warning("Implicit spawn cannot work with named servers") + self.allow_implicit_spawn = False + named_server_limit_per_user = Integer( 0, help=""" @@ -2158,6 +2185,7 @@ class JupyterHub(Application): subdomain_host=self.subdomain_host, domain=self.domain, statsd=self.statsd, + allow_implicit_spawn=self.allow_implicit_spawn, allow_named_servers=self.allow_named_servers, default_server_name=self._default_server_name, named_server_limit_per_user=self.named_server_limit_per_user, diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index 77c2ae27..9910cdde 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -1426,11 +1426,17 @@ class UserUrlHandler(BaseHandler): # serve a page prompting for spawn and 503 error # visiting /user/:name no longer triggers implicit spawn # without explicit user action - self.set_status(503) spawn_url = url_concat( url_path_join(self.hub.base_url, "spawn", user.escaped_name, server_name), {"next": self.request.uri}, ) + if self.settings["allow_implicit_spawn"]: + self.log.warning("Allowing implicit spawn for %s", self.request.path) + self.redirect(spawn_url) + return + else: + self.set_status(503) + auth_state = await user.get_auth_state() html = self.render_template( "not_running.html", From 436757dd5547319b409e13756c5103a331c8abcb Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 20 Feb 2020 12:43:39 +0100 Subject: [PATCH 282/541] handle implicit spawn with a javascript redirect less dangerous than using a Location redirect, so remove conflicts delay is a user-configurable timer (0 = no implicit spawn, default) --- jupyterhub/app.py | 36 ++++++++------------- jupyterhub/handlers/base.py | 8 ++--- share/jupyterhub/templates/not_running.html | 24 +++++++++++++- 3 files changed, 39 insertions(+), 29 deletions(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 9df85c66..ee52bd9a 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -917,37 +917,29 @@ class JupyterHub(Application): def _authenticator_default(self): return self.authenticator_class(parent=self, db=self.db) - allow_implicit_spawn = Bool( - False, - help="""Allow implicit spawning + implicit_spawn_seconds = Float( + 0, + help="""Trigger implicit spawns after this many seconds. When a user visits a URL for a server that's not running, - instead of confirming the spawn request, - automatically begin the spawn process. + they are shown a page indicating that the requested server + is not running with a button to spawn the server. - Warning: not compatible with named servers, - and known to cause issues with redirect loops, - server errors, and infinitely respawning servers. + Setting this to a positive value will redirect the user + after this many seconds, effectively clicking this button + automatically for the users, + automatically beginning the spawn process. + + Warning: this can result in errors and surprising behavior + when sharing access URLs to actual servers, + since the wrong server is likely to be started. """, ).tag(config=True) - @validate('allow_implicit_spawn') - def _allow_named_changed(self, proposal): - if proposal.value and self.allow_named_servers: - self.log.warning("Implicit spawn cannot work with named servers") - return False - return proposal.value - allow_named_servers = Bool( False, help="Allow named single-user servers per user" ).tag(config=True) - @observe('allow_named_servers') - def _allow_named_changed(self, change): - if change.new and self.allow_implicit_spawn: - self.log.warning("Implicit spawn cannot work with named servers") - self.allow_implicit_spawn = False - named_server_limit_per_user = Integer( 0, help=""" @@ -2185,7 +2177,7 @@ class JupyterHub(Application): subdomain_host=self.subdomain_host, domain=self.domain, statsd=self.statsd, - allow_implicit_spawn=self.allow_implicit_spawn, + implicit_spawn_seconds=self.implicit_spawn_seconds, allow_named_servers=self.allow_named_servers, default_server_name=self._default_server_name, named_server_limit_per_user=self.named_server_limit_per_user, diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index 9910cdde..9606fa61 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -1430,12 +1430,7 @@ class UserUrlHandler(BaseHandler): url_path_join(self.hub.base_url, "spawn", user.escaped_name, server_name), {"next": self.request.uri}, ) - if self.settings["allow_implicit_spawn"]: - self.log.warning("Allowing implicit spawn for %s", self.request.path) - self.redirect(spawn_url) - return - else: - self.set_status(503) + self.set_status(503) auth_state = await user.get_auth_state() html = self.render_template( @@ -1444,6 +1439,7 @@ class UserUrlHandler(BaseHandler): server_name=server_name, spawn_url=spawn_url, auth_state=auth_state, + implicit_spawn_seconds=self.settings.get("implicit_spawn_seconds", 0), ) self.finish(html) diff --git a/share/jupyterhub/templates/not_running.html b/share/jupyterhub/templates/not_running.html index 182e7ba0..fa493d97 100644 --- a/share/jupyterhub/templates/not_running.html +++ b/share/jupyterhub/templates/not_running.html @@ -23,7 +23,14 @@ {% endif %} Would you like to retry starting it? {% else %} - Your server {{ server_name }} is not running. Would you like to start it? + Your server {{ server_name }} is not running. + {% if implicit_spawn_seconds %} + It will be restarted automatically. + If you are not redirected in a few seconds, + click below to launch your server. + {% else %} + Would you like to start it? + {% endif %} {% endif %}

    {% endblock %} @@ -42,3 +49,18 @@
    {% endblock %} +{% block script %} +{{ super () }} +{% if implicit_spawn_seconds %} + +{% endif %} +{% endblock script %} From 0787489e1bbac11d14482a96c1179755a210d2ba Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 20 Feb 2020 12:53:15 +0100 Subject: [PATCH 283/541] maybe_future needs a future! --- jupyterhub/app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index b0cc694a..93f56de7 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -1675,7 +1675,7 @@ class JupyterHub(Application): try: f = self.authenticator.add_user(user) if f: - await maybe_future() + await maybe_future(f) except Exception: self.log.exception("Error adding user %s already in db", user.name) if self.authenticator.delete_invalid_users: From d2a1b8e349786de66dcf26011f4cfa138113d07b Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 20 Feb 2020 15:31:38 +0100 Subject: [PATCH 284/541] update docs environments - python 3.7 - node 12 - sync recommonmark 0.6 --- docs/environment.yml | 6 +++--- docs/requirements.txt | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/environment.yml b/docs/environment.yml index 35b5c405..4ba57441 100644 --- a/docs/environment.yml +++ b/docs/environment.yml @@ -5,12 +5,12 @@ channels: - conda-forge dependencies: - pip -- nodejs -- python=3.6 +- nodejs=12 +- python=3.7 - alembic - jinja2 - pamela -- recommonmark==0.6.0 +- recommonmark>=0.6 - requests - sqlalchemy>=1 - tornado>=5.0 diff --git a/docs/requirements.txt b/docs/requirements.txt index 01d85db1..4934ec4d 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -4,7 +4,7 @@ alabaster_jupyterhub autodoc-traits git+https://github.com/pandas-dev/pandas-sphinx-theme.git@master -recommonmark==0.5.0 +recommonmark>=0.6 sphinx-copybutton sphinx-jsonschema sphinx>=1.7 From 0c4db2d99f5a2ba513cbc6c9efc175d5420272b5 Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 20 Feb 2020 15:54:43 +0100 Subject: [PATCH 285/541] docs: use metachannel for faster environment solve rtd is having memory issues with conda-forge, which should hopefully be fixed by metachannel this should also make things quicker for anyone --- docs/environment.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/environment.yml b/docs/environment.yml index 4ba57441..0b613bad 100644 --- a/docs/environment.yml +++ b/docs/environment.yml @@ -2,7 +2,10 @@ # if you change the dependencies of JupyterHub in the various `requirements.txt` name: jhub_docs channels: - - conda-forge + # use metachannel for faster solves / less memory on RTD + # which has memory issues with full conda-forge + # only need to list 'leaf' dependencies here + - https://metachannel.conda-forge.org/conda-forge/jupyterhub,sphinx,recommonmark dependencies: - pip - nodejs=12 From 606775f72da2ce648a5a5fbe8e452c72f082e263 Mon Sep 17 00:00:00 2001 From: Tim Head Date: Thu, 20 Feb 2020 16:56:03 +0100 Subject: [PATCH 286/541] Remove unused variable --- jupyterhub/app.py | 1 - 1 file changed, 1 deletion(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 93f56de7..41abcf4c 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -2019,7 +2019,6 @@ class JupyterHub(Application): if not orm_spawners: continue orm_spawner = orm_spawners[0] - orm_user = orm_spawner.user # instantiate Spawner wrapper and check if it's still alive # spawner should be running user = self.users[orm_spawner.user] From 287b0302d9e6677a826727c973f39e66ea5bc6d5 Mon Sep 17 00:00:00 2001 From: "Bruno P. Kinoshita" Date: Wed, 19 Feb 2020 13:46:45 +1300 Subject: [PATCH 287/541] Add more docs about authentication and cookies, using text posted by MinRK on Discourse --- .../getting-started/security-basics.rst | 71 ++++++++++++++++++- 1 file changed, 69 insertions(+), 2 deletions(-) diff --git a/docs/source/getting-started/security-basics.rst b/docs/source/getting-started/security-basics.rst index 7661cfd1..6704e7ce 100644 --- a/docs/source/getting-started/security-basics.rst +++ b/docs/source/getting-started/security-basics.rst @@ -86,7 +86,7 @@ Proxy authentication token -------------------------- The Hub authenticates its requests to the Proxy using a secret token that -the Hub and Proxy agree upon. The value of this string should be a random +the Hub and Proxy agree upon. The value of this token should be a random string (for example, generated by ``openssl rand -hex 32``). Generating and storing token in the configuration file @@ -96,7 +96,7 @@ Or you can set the value in the configuration file, ``jupyterhub_config.py``: .. code-block:: python - c.JupyterHub.proxy_auth_token = '0bc02bede919e99a26de1e2a7a5aadfaf6228de836ec39a05a6c6942831d8fe5' + c.ConfigurableHTTPProxy.api_token = 'abc123...' # any random string Generating and storing as an environment variable ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -183,3 +183,70 @@ itself, ``jupyterhub_config.py``, as a binary string: If the cookie secret value changes for the Hub, all single-user notebook servers must also be restarted. + +.. _cookies: + +Cookies used by JupyterHub authentication +----------------------------------------- + +The following cookies are used by the Hub for handling user authentication. + +jupyterhub-hub-login +~~~~~~~~~~~~~~~~~~~~ + +This is the login token used when visiting Hub-served pages encrypted such +as the main home, the spawn form, etc. If this cookie is set, then the +user is logged in. + +Resetting the Hub cookie secret effectively revokes this cookie. + +This cookie is restricted to the path ``/hub/``. + +jupyterhub-user- +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This is the cookie used for authenticating with a single-user server +encrypted. It is set by the single-user server after OAuth with the Hub. + +Effectively the same as ``jupyterhub-hub-login``, but for the +single-user server instead of the Hub. It contains an OAuth access token, +which is checked with the Hub to authenticate the browser. + +Each OAuth access token is associated with a session id (see ``jupyterhub-session-id`` section +below). + +To avoid hitting the Hub on every request, the authentication response +is cached. And to avoid a stale cache the cache key is comprised of both +the token and session id. + +Resetting the Hub cookie secret effectively revokes this cookie. + +This cookie is restricted to the path ``/user/``, so that +only the user’s server receives it. + +jupyterhub-session-id +~~~~~~~~~~~~~~~~~~~~~ + +This is a random string, meaningless in itself, and the only cookie +shared by the Hub and single-user servers. + +Its sole purpose is to to coordinate logout of the multiple OAuth cookies. + +This cookie is set to ``/`` so all endpoints can receive it, or clear it, etc. + +jupyterhub-user--oauth-state +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +A short-lived cookie, used solely to store and validate OAuth state. +It is only set while OAuth between the single-user server and the Hub +is processing. + +If you use your browser development tools, you should see this cookie +for a very brief moment before your are logged in, +with an expiration date shorter than ``jupyterhub-hub-login`` or +``jupyterhub-user-``. + +This cookie should not exist after you have successfully logged in. + +This cookie is restricted to the path ``/user/``, so that only +the user’s server receives it. From f5bd5b7751f87dd0ac229be8db909f199cd39a09 Mon Sep 17 00:00:00 2001 From: "Bruno P. Kinoshita" Date: Fri, 21 Feb 2020 10:32:11 +1300 Subject: [PATCH 288/541] Incorporate review feedback --- .../getting-started/security-basics.rst | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/docs/source/getting-started/security-basics.rst b/docs/source/getting-started/security-basics.rst index 6704e7ce..1a79f2e6 100644 --- a/docs/source/getting-started/security-basics.rst +++ b/docs/source/getting-started/security-basics.rst @@ -87,12 +87,13 @@ Proxy authentication token The Hub authenticates its requests to the Proxy using a secret token that the Hub and Proxy agree upon. The value of this token should be a random -string (for example, generated by ``openssl rand -hex 32``). +string (for example, generated by ``openssl rand -hex 32``). You can store +it in the configuration file or an environment variable Generating and storing token in the configuration file ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Or you can set the value in the configuration file, ``jupyterhub_config.py``: +You can set the value in the configuration file, ``jupyterhub_config.py``: .. code-block:: python @@ -191,12 +192,16 @@ Cookies used by JupyterHub authentication The following cookies are used by the Hub for handling user authentication. +This section was created based on this post_ from Discourse. + +.. _post: https://discourse.jupyter.org/t/how-to-force-re-login-for-users/1998/6 + jupyterhub-hub-login ~~~~~~~~~~~~~~~~~~~~ -This is the login token used when visiting Hub-served pages encrypted such -as the main home, the spawn form, etc. If this cookie is set, then the -user is logged in. +This is the login token used when visiting Hub-served pages that are +protected by authentication such as the main home, the spawn form, etc. +If this cookie is set, then the user is logged in. Resetting the Hub cookie secret effectively revokes this cookie. @@ -205,8 +210,8 @@ This cookie is restricted to the path ``/hub/``. jupyterhub-user- ~~~~~~~~~~~~~~~~~~~~~~~~~~ -This is the cookie used for authenticating with a single-user server -encrypted. It is set by the single-user server after OAuth with the Hub. +This is the cookie used for authenticating with a single-user server. +It is set by the single-user server after OAuth with the Hub. Effectively the same as ``jupyterhub-hub-login``, but for the single-user server instead of the Hub. It contains an OAuth access token, From 239a4c63a2e644f44297c0f330f8985cd25716b0 Mon Sep 17 00:00:00 2001 From: "Bruno P. Kinoshita" Date: Fri, 21 Feb 2020 10:35:30 +1300 Subject: [PATCH 289/541] Add note that not all proxy implementations use an auth token --- docs/source/getting-started/security-basics.rst | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/docs/source/getting-started/security-basics.rst b/docs/source/getting-started/security-basics.rst index 1a79f2e6..5da0a668 100644 --- a/docs/source/getting-started/security-basics.rst +++ b/docs/source/getting-started/security-basics.rst @@ -86,9 +86,13 @@ Proxy authentication token -------------------------- The Hub authenticates its requests to the Proxy using a secret token that -the Hub and Proxy agree upon. The value of this token should be a random -string (for example, generated by ``openssl rand -hex 32``). You can store -it in the configuration file or an environment variable +the Hub and Proxy agree upon. Note that this applies to the default +``ConfigurableHTTPProxy`` implementation. Not all proxy implementations +use an auth token. + +The value of this token should be a random string (for example, generated by +``openssl rand -hex 32``). You can store it in the configuration file or an +environment variable Generating and storing token in the configuration file ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From 7735c7ddd42fd1b8c3dcb429581dafc80e463bcd Mon Sep 17 00:00:00 2001 From: Min RK Date: Fri, 21 Feb 2020 10:05:40 +0100 Subject: [PATCH 290/541] make spawner:server backref explicitly one-to-one using backref(uselist=False), single_parent=True --- jupyterhub/app.py | 13 ++++++++++--- jupyterhub/orm.py | 15 +++++++++++++-- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 41abcf4c..22e7bb53 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -2013,12 +2013,19 @@ class JupyterHub(Application): # parallelize checks for running Spawners # run query on extant Server objects # so this is O(running servers) not O(total users) + # Server objects can be associated with either a Spawner or a Service, + # we are only interested in the ones associated with a Spawner check_futures = [] for orm_server in db.query(orm.Server): - orm_spawners = orm_server.spawner - if not orm_spawners: + orm_spawner = orm_server.spawner + if not orm_spawner: + # sanity check for orphaned Server rows + # this shouldn't happen if we've got our sqlachemy right + if not orm_server.service: + self.log.warning("deleting orphaned server %s", orm_server) + self.db.delete(orm_server) + self.db.commit() continue - orm_spawner = orm_spawners[0] # instantiate Spawner wrapper and check if it's still alive # spawner should be running user = self.users[orm_spawner.user] diff --git a/jupyterhub/orm.py b/jupyterhub/orm.py index 4e151092..81c01dd3 100644 --- a/jupyterhub/orm.py +++ b/jupyterhub/orm.py @@ -26,6 +26,7 @@ from sqlalchemy import select from sqlalchemy import Table from sqlalchemy import Unicode from sqlalchemy.ext.declarative import declarative_base +from sqlalchemy.orm import backref from sqlalchemy.orm import interfaces from sqlalchemy.orm import object_session from sqlalchemy.orm import relationship @@ -230,7 +231,12 @@ class Spawner(Base): user_id = Column(Integer, ForeignKey('users.id', ondelete='CASCADE')) server_id = Column(Integer, ForeignKey('servers.id', ondelete='SET NULL')) - server = relationship(Server, backref='spawner', cascade="all") + server = relationship( + Server, + backref=backref('spawner', uselist=False), + single_parent=True, + cascade="all, delete-orphan", + ) state = Column(JSONDict) name = Column(Unicode(255)) @@ -282,7 +288,12 @@ class Service(Base): # service-specific interface _server_id = Column(Integer, ForeignKey('servers.id', ondelete='SET NULL')) - server = relationship(Server, backref='service', cascade='all') + server = relationship( + Server, + backref=backref('service', uselist=False), + single_parent=True, + cascade="all, delete-orphan", + ) pid = Column(Integer) def new_api_token(self, token=None, **kwargs): From 3e6abb7a5e399b1aebfd85ce388c1d9d1962bfba Mon Sep 17 00:00:00 2001 From: Min RK Date: Fri, 21 Feb 2020 13:52:03 +0100 Subject: [PATCH 291/541] add general faq and put a first q about user-redirect --- docs/source/getting-started/faq.md | 36 +++++++++++++++++++++++++++ docs/source/getting-started/index.rst | 1 + 2 files changed, 37 insertions(+) create mode 100644 docs/source/getting-started/faq.md diff --git a/docs/source/getting-started/faq.md b/docs/source/getting-started/faq.md new file mode 100644 index 00000000..ae912847 --- /dev/null +++ b/docs/source/getting-started/faq.md @@ -0,0 +1,36 @@ +# Frequently asked questions + + +### How do I share links to notebooks? + +In short, where you see `/user/name/notebooks/foo.ipynb` use `/hub/user-redirect/notebooks/foo.ipynb` (replace `/user/name` with `/hub/user-redirect`). + +Sharing links to notebooks is a common activity, +and can look different based on what you mean. +Your first instinct might be to copy the URL you see in the browser, +e.g. `hub.jupyter.org/user/yourname/notebooks/coolthing.ipynb`. +However, let's break down what this URL means: + +`hub.jupyter.org/user/yourname/` is the URL prefix handled by *your server*, +which means that sharing this URL is asking the person you share the link with +to come to *your server* and look at the exact same file. +In most circumstances, this is forbidden by permissions because the person you share with does not have access to your server. +What actually happens when someone visits this URL will depend on whether your server is running and other factors. + +But what is our actual goal? +A typical situation is that you have some shared or common filesystem, +such that the same path corresponds to the same document +(either the exact same document or another copy of it). +Typically, what folks want when they do sharing like this +is for each visitor to open the same file *on their own server*, +so Breq would open `/user/breq/notebooks/foo.ipynb` and +Seivarden would open `/user/seivarden/notebooks/foo.ipynb`, etc. + +JupyterHub has a special URL that does exactly this! +It's called `/hub/user-redirect/...` and after the visitor logs in, +So if you replace `/user/yourname` in your URL bar +with `/hub/user-redirect` any visitor should get the same +URL on their own server, rather than visiting yours. + +In JupyterLab 2.0, this should also be the result of the "Copy Shareable Link" +action in the file browser. diff --git a/docs/source/getting-started/index.rst b/docs/source/getting-started/index.rst index 00bcdfbc..bae95f8f 100644 --- a/docs/source/getting-started/index.rst +++ b/docs/source/getting-started/index.rst @@ -15,4 +15,5 @@ own JupyterHub. authenticators-users-basics spawners-basics services-basics + faq institutional-faq From 84acdd5a7ffb3d79ca04aa86ffcea7e067cce6ee Mon Sep 17 00:00:00 2001 From: Min RK Date: Fri, 21 Feb 2020 14:10:36 +0100 Subject: [PATCH 292/541] handle uselist=False in our relationship expiry --- jupyterhub/orm.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/jupyterhub/orm.py b/jupyterhub/orm.py index 81c01dd3..130d16f0 100644 --- a/jupyterhub/orm.py +++ b/jupyterhub/orm.py @@ -634,7 +634,10 @@ def _expire_relationship(target, relationship_prop): return # many-to-many and one-to-many have a list of peers # many-to-one has only one - if relationship_prop.direction is interfaces.MANYTOONE: + if ( + relationship_prop.direction is interfaces.MANYTOONE + or not relationship_prop.uselist + ): peers = [peers] for obj in peers: if inspect(obj).persistent: From 7e3caf7f4870567775b1b34f95afc5112ecbc541 Mon Sep 17 00:00:00 2001 From: Alex Driedger Date: Sat, 22 Feb 2020 16:37:34 -0800 Subject: [PATCH 293/541] Fixed grammar on landing page --- docs/source/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/index.rst b/docs/source/index.rst index 1f819278..c9722089 100644 --- a/docs/source/index.rst +++ b/docs/source/index.rst @@ -3,7 +3,7 @@ JupyterHub ========== `JupyterHub`_ is the best way to serve `Jupyter notebook`_ for multiple users. -It can be used in a classes of students, a corporate data science group or scientific +It can be used in a class of students, a corporate data science group or scientific research group. It is a multi-user **Hub** that spawns, manages, and proxies multiple instances of the single-user `Jupyter notebook`_ server. From 76afec8adb8e30b6102854ebf79bbe1c0726c27c Mon Sep 17 00:00:00 2001 From: "Bruno P. Kinoshita" Date: Sat, 12 Oct 2019 12:44:02 +1300 Subject: [PATCH 294/541] Update app.bind_url and proxy.public_url when (external) SSL is enabled --- jupyterhub/app.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 0cf649bf..dda4c127 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -576,6 +576,22 @@ class JupyterHub(Application): """, ).tag(config=True) + @validate('bind_url') + def _validate_bind_url(self, proposal): + """ensure protocol field of bind_url matches ssl""" + v = proposal['value'] + proto, sep, rest = v.partition('://') + if self.ssl_cert and proto != 'https': + return 'https' + sep + rest + elif proto != 'http' and not self.ssl_cert: + return 'http' + sep + rest + return v + + @default('bind_url') + def _bind_url_default(self): + proto = 'https' if self.ssl_cert else 'http' + return proto + '://:8000' + subdomain_host = Unicode( '', help="""Run single-user servers on subdomains of this host. From 3b05135f11dc3926ff30adf78eae21e767b7a4f3 Mon Sep 17 00:00:00 2001 From: "Bruno P. Kinoshita" Date: Mon, 24 Feb 2020 20:48:42 +1300 Subject: [PATCH 295/541] Fix couple typos --- docs/source/contributing/tests.rst | 2 +- docs/source/getting-started/security-basics.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/source/contributing/tests.rst b/docs/source/contributing/tests.rst index 46360eb7..c607df92 100644 --- a/docs/source/contributing/tests.rst +++ b/docs/source/contributing/tests.rst @@ -64,5 +64,5 @@ Troubleshooting Test Failures All the tests are failing ------------------------- -Make sure you have completed all the steps in :ref:`contributing/setup` sucessfully, and +Make sure you have completed all the steps in :ref:`contributing/setup` successfully, and can launch ``jupyterhub`` from the terminal. diff --git a/docs/source/getting-started/security-basics.rst b/docs/source/getting-started/security-basics.rst index 5da0a668..87007311 100644 --- a/docs/source/getting-started/security-basics.rst +++ b/docs/source/getting-started/security-basics.rst @@ -239,7 +239,7 @@ jupyterhub-session-id This is a random string, meaningless in itself, and the only cookie shared by the Hub and single-user servers. -Its sole purpose is to to coordinate logout of the multiple OAuth cookies. +Its sole purpose is to coordinate logout of the multiple OAuth cookies. This cookie is set to ``/`` so all endpoints can receive it, or clear it, etc. From facf52f117c709aa5f21b39139b65cd1a2cd23ff Mon Sep 17 00:00:00 2001 From: Juan Cruz-Benito Date: Tue, 25 Feb 2020 17:03:01 +0100 Subject: [PATCH 296/541] Removing unneeded pass of request to the template --- jupyterhub/handlers/pages.py | 1 - 1 file changed, 1 deletion(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index 2adbef45..0bcca7a6 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -481,7 +481,6 @@ class AdminHandler(BaseHandler): auth_state = await self.current_user.get_auth_state() html = self.render_template( 'admin.html', - request=self.request, current_user=self.current_user, auth_state=auth_state, admin_access=self.settings.get('admin_access', False), From 7b6ac158ccf4cd3bc4ffafd4ba3681b0a8ddb3df Mon Sep 17 00:00:00 2001 From: Juan Cruz-Benito Date: Tue, 25 Feb 2020 19:11:09 +0100 Subject: [PATCH 297/541] Removing python-paginate package and adding minimal Pagination class to enable a pagination API for AdminHandler --- jupyterhub/handlers/pages.py | 68 ++++++++++++++++++++++++++++++------ requirements.txt | 1 - 2 files changed, 57 insertions(+), 12 deletions(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index 0bcca7a6..20052b35 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -10,7 +10,6 @@ from datetime import datetime from http.client import responses from jinja2 import TemplateNotFound -from python_paginate.web.tornado_paginate import Pagination from tornado import gen from tornado import web from tornado.httputil import url_concat @@ -404,15 +403,7 @@ class AdminHandler(BaseHandler): @web.authenticated @admin_only async def get(self): - DEFAULT_PER_PAGE = 100 - page, per_page, offset = Pagination.get_page_args(self) - _per_page = self.get_arguments("per_page") - # No arg called per_page in the URL, - # avoiding default value from the python-paginate lib - # https://github.com/lixxu/python-paginate/blob/master/python_paginate/web/tornado_paginate.py#L23 - if per_page == 10 and len(_per_page) == 0: - per_page = DEFAULT_PER_PAGE available = {'name', 'admin', 'running', 'last_activity'} default_sort = ['admin', 'name'] @@ -472,8 +463,6 @@ class AdminHandler(BaseHandler): pagination = Pagination( url=self.request.uri, total=total, - record_name='users', - display_msg='Displaying {record_name} {start} - {end}. Total {record_name}: {total}', page=page, per_page=per_page, ) @@ -619,6 +608,63 @@ class HealthCheckHandler(BaseHandler): def get(self, *args): self.finish() +class Pagination(BaseHandler): + + _page_name = 'page' + _per_page_name = 'per_page' + _default_page = 1 + _default_per_page = 100 + _max_per_page = 250 + _record_name='users' + _display_msg='Displaying {record_name} {start} - {end}. Total {record_name}: {total}' + + def __init__(self, *args, **kwargs): + """Detail parameters remark. + **url**: current request url + **page**: current page + **per_page**: how many records displayed on one page. By default 100 + **total**: total records for pagination + **display_msg**: text for pagation information + **record_name**: record name showed in pagination information + """ + self.page = kwargs.get(self._page_name, 1) + + if self.per_page > self._max_per_page: + self.per_page = self._max_per_page + + self.total = int(kwargs.get('total', 0)) + self.display_msg = kwargs.get('display_msg', self._display_msg) + + self.record_name = kwargs.get('record_name', self._record_name) + self.url = kwargs.get('url') or self.get_url() + self.init_values() + + def init_values(self): + self._cached = {} + self.skip = (self.page - 1) * self.per_page + pages = divmod(self.total, self.per_page) + self.total_pages = pages[0] + 1 if pages[1] else pages[0] + + self.has_prev = self.page > 1 + self.has_next = self.page < self.total_pages + + @classmethod + def get_page_args(self, handler): + self.page = handler.get_argument(self._page_name, self._default_page) + self.per_page = handler.get_argument(self._per_page_name, self._default_per_page) + try: + self.per_page = int(self.per_page) + if self.per_page > self._max_per_page: + self.per_page = self._max_per_page + except: + self.per_page = self._default_per_page + + try: + self.page = int(self.page) + except: + self.page = self._default_page + + return self.page, self.per_page, self.per_page * (self.page - 1) default_handlers = [ (r'/', RootHandler), diff --git a/requirements.txt b/requirements.txt index 74215f5a..825fd409 100644 --- a/requirements.txt +++ b/requirements.txt @@ -9,7 +9,6 @@ pamela prometheus_client>=0.0.21 psutil>=5.6.5; sys_platform == 'win32' python-dateutil -python-paginate requests SQLAlchemy>=1.1 tornado>=5.0 From 2f6ea7110626754ef5c52d04235521d3c07e3cbe Mon Sep 17 00:00:00 2001 From: "Bruno P. Kinoshita" Date: Fri, 4 Oct 2019 19:41:59 +1300 Subject: [PATCH 298/541] Add not_running.js to modify button spawn_url --- share/jupyterhub/static/js/not_running.js | 13 +++++++++++++ share/jupyterhub/templates/not_running.html | 3 +++ 2 files changed, 16 insertions(+) create mode 100644 share/jupyterhub/static/js/not_running.js diff --git a/share/jupyterhub/static/js/not_running.js b/share/jupyterhub/static/js/not_running.js new file mode 100644 index 00000000..12ad601a --- /dev/null +++ b/share/jupyterhub/static/js/not_running.js @@ -0,0 +1,13 @@ +// Copyright (c) Jupyter Development Team. +// Distributed under the terms of the Modified BSD License. + +require(["jquery", "utils"], function($, utils) { + "use strict"; + + var hash = utils.parse_url(window.location.href).hash; + if (hash !== undefined && hash !== '') { + var el = $("#start"); + var current_spawn_url = el.attr("href"); + el.attr("href", current_spawn_url + hash); + } +}); diff --git a/share/jupyterhub/templates/not_running.html b/share/jupyterhub/templates/not_running.html index fa493d97..0ef3ae7d 100644 --- a/share/jupyterhub/templates/not_running.html +++ b/share/jupyterhub/templates/not_running.html @@ -63,4 +63,7 @@ ); {% endif %} + {% endblock script %} From 18205fbf4a14cdfac6e4e148b1feff09d18ac751 Mon Sep 17 00:00:00 2001 From: Juan Cruz-Benito Date: Wed, 26 Feb 2020 10:36:36 +0100 Subject: [PATCH 299/541] Fixing black formatting issues --- jupyterhub/handlers/pages.py | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index 20052b35..d2ebf235 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -461,10 +461,7 @@ class AdminHandler(BaseHandler): total = self.db.query(orm.User.id).count() pagination = Pagination( - url=self.request.uri, - total=total, - page=page, - per_page=per_page, + url=self.request.uri, total=total, page=page, per_page=per_page, ) auth_state = await self.current_user.get_auth_state() @@ -608,6 +605,7 @@ class HealthCheckHandler(BaseHandler): def get(self, *args): self.finish() + class Pagination(BaseHandler): _page_name = 'page' @@ -615,8 +613,10 @@ class Pagination(BaseHandler): _default_page = 1 _default_per_page = 100 _max_per_page = 250 - _record_name='users' - _display_msg='Displaying {record_name} {start} - {end}. Total {record_name}: {total}' + _record_name = 'users' + _display_msg = ( + 'Displaying {record_name} {start} - {end}. Total {record_name}: {total}' + ) def __init__(self, *args, **kwargs): """Detail parameters remark. @@ -634,7 +634,7 @@ class Pagination(BaseHandler): self.total = int(kwargs.get('total', 0)) self.display_msg = kwargs.get('display_msg', self._display_msg) - + self.record_name = kwargs.get('record_name', self._record_name) self.url = kwargs.get('url') or self.get_url() self.init_values() @@ -651,7 +651,9 @@ class Pagination(BaseHandler): @classmethod def get_page_args(self, handler): self.page = handler.get_argument(self._page_name, self._default_page) - self.per_page = handler.get_argument(self._per_page_name, self._default_per_page) + self.per_page = handler.get_argument( + self._per_page_name, self._default_per_page + ) try: self.per_page = int(self.per_page) if self.per_page > self._max_per_page: @@ -666,6 +668,7 @@ class Pagination(BaseHandler): return self.page, self.per_page, self.per_page * (self.page - 1) + default_handlers = [ (r'/', RootHandler), (r'/home', HomeHandler), From f49cc1fcf0b04f0b7417f8bc32dd100e0fc9fe6b Mon Sep 17 00:00:00 2001 From: Juan Cruz-Benito Date: Wed, 26 Feb 2020 10:40:44 +0100 Subject: [PATCH 300/541] Improving description of potential parameters --- jupyterhub/handlers/pages.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index d2ebf235..3bb7b63a 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -619,13 +619,13 @@ class Pagination(BaseHandler): ) def __init__(self, *args, **kwargs): - """Detail parameters remark. - **url**: current request url - **page**: current page - **per_page**: how many records displayed on one page. By default 100 - **total**: total records for pagination - **display_msg**: text for pagation information - **record_name**: record name showed in pagination information + """Potential parameters. + **url**: URL in request + **page**: current page in use + **per_page**: number of records to display in the page. By default 100 + **total**: total records considered while paginating + **display_msg**: informative text for pagination + **record_name**: name of the record, showed in pagination info """ self.page = kwargs.get(self._page_name, 1) From f4b7b85b021eebdc90babcecae4c7a16eab55166 Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 27 Feb 2020 13:49:47 +0100 Subject: [PATCH 301/541] preserve auth type when logging obfuscated auth header Authorization header has the form " " rather than checking for "token" only, preserve type value, which could be Bearer, Basic, etc. --- jupyterhub/log.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/jupyterhub/log.py b/jupyterhub/log.py index aca5383b..d60b358a 100644 --- a/jupyterhub/log.py +++ b/jupyterhub/log.py @@ -98,8 +98,12 @@ def _scrub_headers(headers): headers = dict(headers) if 'Authorization' in headers: auth = headers['Authorization'] - if auth.startswith('token '): - headers['Authorization'] = 'token [secret]' + if ' ' in auth: + auth_type = auth.split(' ', 1)[0] + else: + # no space, hide the whole thing in case there was a mistake + auth_type = '' + headers['Authorization'] = '{} [secret]'.format(auth_type) if 'Cookie' in headers: c = SimpleCookie(headers['Cookie']) redacted = [] From 996483de94fe13b1f2783fb83314fa7b66209473 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Thu, 27 Feb 2020 17:35:52 +0000 Subject: [PATCH 302/541] Pin sphinx theme (https://github.com/jupyterhub/binderhub/pull/1070) Closes https://github.com/jupyterhub/jupyterhub/issues/2955 --- docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/requirements.txt b/docs/requirements.txt index 4934ec4d..4d3a03bd 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -3,7 +3,7 @@ -r ../requirements.txt alabaster_jupyterhub autodoc-traits -git+https://github.com/pandas-dev/pandas-sphinx-theme.git@master +https://github.com/pandas-dev/pandas-sphinx-theme/archive/ade576c92cfe46a372b6783fb83f45c44fc67976.zip recommonmark>=0.6 sphinx-copybutton sphinx-jsonschema From a2e2b1d5122a5ca613c30a05d5b612574535bf6c Mon Sep 17 00:00:00 2001 From: Juan Cruz-Benito Date: Fri, 28 Feb 2020 12:01:56 +0100 Subject: [PATCH 303/541] As pointed out in the PR, Pagination isn't a Handler --- jupyterhub/handlers/pages.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index 3bb7b63a..8a7e2033 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -606,7 +606,7 @@ class HealthCheckHandler(BaseHandler): self.finish() -class Pagination(BaseHandler): +class Pagination(): _page_name = 'page' _per_page_name = 'per_page' From ede71db11af9dd2680fbce9d84ab670c869bde8a Mon Sep 17 00:00:00 2001 From: Juan Cruz-Benito Date: Fri, 28 Feb 2020 12:04:53 +0100 Subject: [PATCH 304/541] Moving Pagination class to its own file --- jupyterhub/handlers/pages.py | 65 +----------------------------------- jupyterhub/pagination.py | 65 ++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+), 64 deletions(-) create mode 100644 jupyterhub/pagination.py diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index 8a7e2033..60b6ae50 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -23,6 +23,7 @@ from ..utils import admin_only from ..utils import maybe_future from ..utils import url_path_join from .base import BaseHandler +from ..pagination import Pagination class RootHandler(BaseHandler): @@ -605,70 +606,6 @@ class HealthCheckHandler(BaseHandler): def get(self, *args): self.finish() - -class Pagination(): - - _page_name = 'page' - _per_page_name = 'per_page' - _default_page = 1 - _default_per_page = 100 - _max_per_page = 250 - _record_name = 'users' - _display_msg = ( - 'Displaying {record_name} {start} - {end}. Total {record_name}: {total}' - ) - - def __init__(self, *args, **kwargs): - """Potential parameters. - **url**: URL in request - **page**: current page in use - **per_page**: number of records to display in the page. By default 100 - **total**: total records considered while paginating - **display_msg**: informative text for pagination - **record_name**: name of the record, showed in pagination info - """ - self.page = kwargs.get(self._page_name, 1) - - if self.per_page > self._max_per_page: - self.per_page = self._max_per_page - - self.total = int(kwargs.get('total', 0)) - self.display_msg = kwargs.get('display_msg', self._display_msg) - - self.record_name = kwargs.get('record_name', self._record_name) - self.url = kwargs.get('url') or self.get_url() - self.init_values() - - def init_values(self): - self._cached = {} - self.skip = (self.page - 1) * self.per_page - pages = divmod(self.total, self.per_page) - self.total_pages = pages[0] + 1 if pages[1] else pages[0] - - self.has_prev = self.page > 1 - self.has_next = self.page < self.total_pages - - @classmethod - def get_page_args(self, handler): - self.page = handler.get_argument(self._page_name, self._default_page) - self.per_page = handler.get_argument( - self._per_page_name, self._default_per_page - ) - try: - self.per_page = int(self.per_page) - if self.per_page > self._max_per_page: - self.per_page = self._max_per_page - except: - self.per_page = self._default_per_page - - try: - self.page = int(self.page) - except: - self.page = self._default_page - - return self.page, self.per_page, self.per_page * (self.page - 1) - - default_handlers = [ (r'/', RootHandler), (r'/home', HomeHandler), diff --git a/jupyterhub/pagination.py b/jupyterhub/pagination.py new file mode 100644 index 00000000..b1396cd8 --- /dev/null +++ b/jupyterhub/pagination.py @@ -0,0 +1,65 @@ +"""Basic class to manage pagination utils.""" +# Copyright (c) Jupyter Development Team. +# Distributed under the terms of the Modified BSD License. + +class Pagination(): + + _page_name = 'page' + _per_page_name = 'per_page' + _default_page = 1 + _default_per_page = 100 + _max_per_page = 250 + _record_name = 'users' + _display_msg = ( + 'Displaying {record_name} {start} - {end}. Total {record_name}: {total}' + ) + + def __init__(self, *args, **kwargs): + """Potential parameters. + **url**: URL in request + **page**: current page in use + **per_page**: number of records to display in the page. By default 100 + **total**: total records considered while paginating + **display_msg**: informative text for pagination + **record_name**: name of the record, showed in pagination info + """ + self.page = kwargs.get(self._page_name, 1) + + if self.per_page > self._max_per_page: + self.per_page = self._max_per_page + + self.total = int(kwargs.get('total', 0)) + self.display_msg = kwargs.get('display_msg', self._display_msg) + + self.record_name = kwargs.get('record_name', self._record_name) + self.url = kwargs.get('url') or self.get_url() + self.init_values() + + def init_values(self): + self._cached = {} + self.skip = (self.page - 1) * self.per_page + pages = divmod(self.total, self.per_page) + self.total_pages = pages[0] + 1 if pages[1] else pages[0] + + self.has_prev = self.page > 1 + self.has_next = self.page < self.total_pages + + @classmethod + def get_page_args(self, handler): + self.page = handler.get_argument(self._page_name, self._default_page) + self.per_page = handler.get_argument( + self._per_page_name, self._default_per_page + ) + try: + self.per_page = int(self.per_page) + if self.per_page > self._max_per_page: + self.per_page = self._max_per_page + except: + self.per_page = self._default_per_page + + try: + self.page = int(self.page) + except: + self.page = self._default_page + + return self.page, self.per_page, self.per_page * (self.page - 1) From 53927f04901f8d076ce3b49730cdbc0a44b109a8 Mon Sep 17 00:00:00 2001 From: Juan Cruz-Benito Date: Fri, 28 Feb 2020 12:05:50 +0100 Subject: [PATCH 305/541] Pre-commit fixes --- jupyterhub/handlers/pages.py | 3 ++- jupyterhub/pagination.py | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index 60b6ae50..676bdf54 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -19,11 +19,11 @@ from .. import __version__ from .. import orm from ..metrics import SERVER_POLL_DURATION_SECONDS from ..metrics import ServerPollStatus +from ..pagination import Pagination from ..utils import admin_only from ..utils import maybe_future from ..utils import url_path_join from .base import BaseHandler -from ..pagination import Pagination class RootHandler(BaseHandler): @@ -606,6 +606,7 @@ class HealthCheckHandler(BaseHandler): def get(self, *args): self.finish() + default_handlers = [ (r'/', RootHandler), (r'/home', HomeHandler), diff --git a/jupyterhub/pagination.py b/jupyterhub/pagination.py index b1396cd8..8f16bbe0 100644 --- a/jupyterhub/pagination.py +++ b/jupyterhub/pagination.py @@ -2,7 +2,8 @@ # Copyright (c) Jupyter Development Team. # Distributed under the terms of the Modified BSD License. -class Pagination(): + +class Pagination: _page_name = 'page' _per_page_name = 'per_page' From 392525571f2b0f5858e381b14c3f7c12aae509e0 Mon Sep 17 00:00:00 2001 From: Juan Cruz-Benito Date: Fri, 28 Feb 2020 12:14:59 +0100 Subject: [PATCH 306/541] Documenting get_page_args method --- jupyterhub/pagination.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/jupyterhub/pagination.py b/jupyterhub/pagination.py index 8f16bbe0..d961f478 100644 --- a/jupyterhub/pagination.py +++ b/jupyterhub/pagination.py @@ -47,6 +47,15 @@ class Pagination: @classmethod def get_page_args(self, handler): + """ + This method gets the arguments used in the webpage to configurate the pagination + In case of no arguments, it uses the default values from this class + + It returns: + - self.page: The page requested for paginating or the default value (1) + - self.per_page: The number of items to return in this page. By default 100 and no more than 250 + - self.per_page * (self.page - 1): The offset to consider when managing pagination via the ORM + """ self.page = handler.get_argument(self._page_name, self._default_page) self.per_page = handler.get_argument( self._per_page_name, self._default_per_page From e82c06cf93c5de13eedac7a5715d4b8f5ecf6b52 Mon Sep 17 00:00:00 2001 From: Juan Cruz-Benito Date: Fri, 28 Feb 2020 12:31:53 +0100 Subject: [PATCH 307/541] Removing display_msg and record name since it can be coded directly as they're needed in the templates --- jupyterhub/pagination.py | 9 --------- 1 file changed, 9 deletions(-) diff --git a/jupyterhub/pagination.py b/jupyterhub/pagination.py index d961f478..76d10342 100644 --- a/jupyterhub/pagination.py +++ b/jupyterhub/pagination.py @@ -10,10 +10,6 @@ class Pagination: _default_page = 1 _default_per_page = 100 _max_per_page = 250 - _record_name = 'users' - _display_msg = ( - 'Displaying {record_name} {start} - {end}. Total {record_name}: {total}' - ) def __init__(self, *args, **kwargs): """Potential parameters. @@ -21,8 +17,6 @@ class Pagination: **page**: current page in use **per_page**: number of records to display in the page. By default 100 **total**: total records considered while paginating - **display_msg**: informative text for pagination - **record_name**: name of the record, showed in pagination info """ self.page = kwargs.get(self._page_name, 1) @@ -30,9 +24,6 @@ class Pagination: self.per_page = self._max_per_page self.total = int(kwargs.get('total', 0)) - self.display_msg = kwargs.get('display_msg', self._display_msg) - - self.record_name = kwargs.get('record_name', self._record_name) self.url = kwargs.get('url') or self.get_url() self.init_values() From 8f46d89ac05c457a05f50696937e4416e06117f9 Mon Sep 17 00:00:00 2001 From: Juan Cruz-Benito Date: Fri, 28 Feb 2020 13:19:53 +0100 Subject: [PATCH 308/541] Adding info method to pagination and related items in admin template --- jupyterhub/pagination.py | 13 +++++++++++++ share/jupyterhub/templates/admin.html | 4 +++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/jupyterhub/pagination.py b/jupyterhub/pagination.py index 76d10342..440e4e26 100644 --- a/jupyterhub/pagination.py +++ b/jupyterhub/pagination.py @@ -64,3 +64,16 @@ class Pagination: self.page = self._default_page return self.page, self.per_page, self.per_page * (self.page - 1) + + @property + def info(self): + """Get the pagination information.""" + start = 1 + (self.page - 1) * self.per_page + end = start + self.per_page - 1 + if end > self.total: + end = self.total + + if start > self.total: + start = self.total + + return {'total': self.total, 'start': start, 'end': end} diff --git a/share/jupyterhub/templates/admin.html b/share/jupyterhub/templates/admin.html index 0835d758..b98108de 100644 --- a/share/jupyterhub/templates/admin.html +++ b/share/jupyterhub/templates/admin.html @@ -18,7 +18,9 @@ {% block main %}
    - {{ pagination.info|safe }} +
    + Displaying users {{ pagination.info.start|safe }} - {{ pagination.info.end|safe }}. Total users {{ pagination.info.total|safe }} +
    From 1a2d5913eb3843e8d2a5fcb49fa57d356b434be9 Mon Sep 17 00:00:00 2001 From: Jeremy Tuloup Date: Fri, 28 Feb 2020 14:55:41 +0100 Subject: [PATCH 309/541] Add .vscode to gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 90608475..2eb6e784 100644 --- a/.gitignore +++ b/.gitignore @@ -24,5 +24,6 @@ MANIFEST .coverage.* htmlcov .idea/ +.vscode/ .pytest_cache pip-wheel-metadata From cfcd85a188ba40967a938a45cf85ae7fdad7d994 Mon Sep 17 00:00:00 2001 From: Jeremy Tuloup Date: Fri, 28 Feb 2020 15:17:16 +0100 Subject: [PATCH 310/541] Start named servers by pressing the Enter key --- share/jupyterhub/static/js/home.js | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/share/jupyterhub/static/js/home.js b/share/jupyterhub/static/js/home.js index e10ed7c3..0422b24f 100644 --- a/share/jupyterhub/static/js/home.js +++ b/share/jupyterhub/static/js/home.js @@ -50,6 +50,17 @@ require(["jquery", "moment", "jhapi", "utils"], function( } } + function startServer() { + var row = getRow($(this)); + var serverName = row.find(".new-server-name").val(); + if (serverName === "") { + // ../spawn/user/ causes a 404, ../spawn/user redirects correctly to the default server + window.location.href = "./spawn/" + user; + } else { + window.location.href = "./spawn/" + user + "/" + serverName; + } + } + function stopServer() { var row = getRow($(this)); var serverName = row.data("server-name"); @@ -100,14 +111,10 @@ require(["jquery", "moment", "jhapi", "utils"], function( }); }); - $(".new-server-btn").click(function() { - var row = getRow($(this)); - var serverName = row.find(".new-server-name").val(); - if (serverName === "") { - // ../spawn/user/ causes a 404, ../spawn/user redirects correctly to the default server - window.location.href = "./spawn/" + user; - } else { - window.location.href = "./spawn/" + user + "/" + serverName; + $(".new-server-btn").click(startServer); + $(".new-server-name").on('keypress', function(e) { + if (e.which === 13) { + startServer.call(this); } }); From 534e251f97ffc39ea21d63ecf75cac4f35800d74 Mon Sep 17 00:00:00 2001 From: Juan Cruz-Benito Date: Fri, 28 Feb 2020 17:15:19 +0100 Subject: [PATCH 311/541] Adding links generation inside the Pagination class --- jupyterhub/pagination.py | 86 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) diff --git a/jupyterhub/pagination.py b/jupyterhub/pagination.py index 440e4e26..95e5293b 100644 --- a/jupyterhub/pagination.py +++ b/jupyterhub/pagination.py @@ -77,3 +77,89 @@ class Pagination: start = self.total return {'total': self.total, 'start': start, 'end': end} + + def calculate_pages_window(self): + """Calculates the set of pages to render later in links() method. + It returns the list of pages to render via links for the pagination + By default, as we've observed in other applications, we're going to render + only a finite and predefined number of pages, avoiding visual fatigue related + to a long list of pages. By default, we render 7 pages plus some inactive links with the characters '...' + to point out that there are other pages that aren't explicitly rendered. + The primary way of work is to provide current webpage and 5 next pages, the last 2 ones + (in case the current page + 5 does not overflow the total lenght of pages) and the first one for reference. + """ + + self.separator_character = '...' + default_pages_to_render = 7 + after_page = 5 + before_end = 2 + + pages = [] + + if self.total_pages > default_pages_to_render: + if self.page > 1: + pages.extend([1, '...']) + + if self.total_pages < self.page + after_page: + pages.extend(list(range(self.page, self.total_pages))) + else: + if self.total_pages > self.page + after_page + before_end: + pages.extend(list(range(self.page, self.page + after_page))) + pages.append('...') + pages.extend( + list(range(self.total_pages - before_end, self.total_pages)) + ) + else: + pages.extend(list(range(self.page, self.page + after_page))) + + return pages + + else: + return list(range(1, self.total_pages)) + + @property + def links(self): + """Sets the links for the pagination. + Getting the input from calculate_pages_window(), generates the HTML code + for the pages to render, plus the arrows to go onwards and backwards (if needed). + """ + + pages_to_render = self.calculate_pages_window() + print(f"pages_to_render {pages_to_render} ") + + links = ['') + + return ''.join(links) From 492c5072b714c50a9e34460cd2ca8fc1a91d6e8c Mon Sep 17 00:00:00 2001 From: Juan Cruz-Benito Date: Fri, 28 Feb 2020 17:31:19 +0100 Subject: [PATCH 312/541] =?UTF-8?q?Removing=20print=20statements=20?= =?UTF-8?q?=F0=9F=A4=A6=E2=80=8D=E2=99=82=EF=B8=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- jupyterhub/pagination.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/jupyterhub/pagination.py b/jupyterhub/pagination.py index 95e5293b..3f82eb35 100644 --- a/jupyterhub/pagination.py +++ b/jupyterhub/pagination.py @@ -125,7 +125,6 @@ class Pagination: """ pages_to_render = self.calculate_pages_window() - print(f"pages_to_render {pages_to_render} ") links = [' {% endblock user_row %} + {% endfor %} {% endfor %} From e93cc83d58e39ab95ed5189f2733d3ea953e5830 Mon Sep 17 00:00:00 2001 From: Steffen Vogel Date: Wed, 15 Apr 2020 23:20:42 +0200 Subject: [PATCH 342/541] remove unused imports --- docs/source/conf.py | 1 - examples/external-oauth/whoami-oauth-basic.py | 2 -- examples/service-announcement/announcement.py | 1 - examples/service-whoami-flask/jupyterhub_config.py | 3 --- examples/service-whoami/jupyterhub_config.py | 1 - examples/service-whoami/whoami-oauth.py | 2 +- examples/service-whoami/whoami.py | 2 +- jupyterhub/apihandlers/groups.py | 1 - jupyterhub/apihandlers/proxy.py | 3 --- jupyterhub/crypto.py | 1 - jupyterhub/handlers/base.py | 3 --- jupyterhub/handlers/metrics.py | 1 - jupyterhub/handlers/pages.py | 4 ---- jupyterhub/oauth/provider.py | 3 --- jupyterhub/proxy.py | 1 - jupyterhub/spawner.py | 2 -- jupyterhub/tests/test_api.py | 1 - jupyterhub/tests/test_app.py | 2 -- jupyterhub/tests/test_auth.py | 1 - jupyterhub/tests/test_auth_expiry.py | 1 - jupyterhub/tests/test_dummyauth.py | 2 -- jupyterhub/tests/test_internal_ssl_app.py | 2 -- jupyterhub/tests/test_proxy.py | 1 - jupyterhub/tests/test_services.py | 5 ----- jupyterhub/tests/test_services_auth.py | 1 - jupyterhub/tests/test_singleuser.py | 2 -- jupyterhub/utils.py | 1 - setup.py | 1 - 28 files changed, 2 insertions(+), 49 deletions(-) diff --git a/docs/source/conf.py b/docs/source/conf.py index fd0d4b92..bf6d7ed1 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -1,7 +1,6 @@ # -*- coding: utf-8 -*- # import os -import shlex import sys # Set paths diff --git a/examples/external-oauth/whoami-oauth-basic.py b/examples/external-oauth/whoami-oauth-basic.py index ad98115c..2aca9f55 100644 --- a/examples/external-oauth/whoami-oauth-basic.py +++ b/examples/external-oauth/whoami-oauth-basic.py @@ -5,13 +5,11 @@ so all URLs and requests necessary for OAuth with JupyterHub should be in one pl """ import json import os -import sys from urllib.parse import urlencode from urllib.parse import urlparse from tornado import log from tornado import web -from tornado.auth import OAuth2Mixin from tornado.httpclient import AsyncHTTPClient from tornado.httpclient import HTTPRequest from tornado.httputil import url_concat diff --git a/examples/service-announcement/announcement.py b/examples/service-announcement/announcement.py index 2b140fdb..a0cf5964 100644 --- a/examples/service-announcement/announcement.py +++ b/examples/service-announcement/announcement.py @@ -4,7 +4,6 @@ import json import os from tornado import escape -from tornado import gen from tornado import ioloop from tornado import web diff --git a/examples/service-whoami-flask/jupyterhub_config.py b/examples/service-whoami-flask/jupyterhub_config.py index 54d3c736..63ddaa38 100644 --- a/examples/service-whoami-flask/jupyterhub_config.py +++ b/examples/service-whoami-flask/jupyterhub_config.py @@ -1,6 +1,3 @@ -import os -import sys - c.JupyterHub.services = [ { 'name': 'whoami', diff --git a/examples/service-whoami/jupyterhub_config.py b/examples/service-whoami/jupyterhub_config.py index d9ccd889..1d1f9435 100644 --- a/examples/service-whoami/jupyterhub_config.py +++ b/examples/service-whoami/jupyterhub_config.py @@ -1,4 +1,3 @@ -import os import sys c.JupyterHub.services = [ diff --git a/examples/service-whoami/whoami-oauth.py b/examples/service-whoami/whoami-oauth.py index c1a576c9..72c97dda 100644 --- a/examples/service-whoami/whoami-oauth.py +++ b/examples/service-whoami/whoami-oauth.py @@ -6,7 +6,6 @@ showing the user their own info. """ import json import os -from getpass import getuser from urllib.parse import urlparse from tornado.httpserver import HTTPServer @@ -25,6 +24,7 @@ class WhoAmIHandler(HubOAuthenticated, RequestHandler): # `getuser()` here would mean only the user who started the service # can access the service: + # from getpass import getuser # hub_users = {getuser()} @authenticated diff --git a/examples/service-whoami/whoami.py b/examples/service-whoami/whoami.py index 6dc56c9e..2a5a3373 100644 --- a/examples/service-whoami/whoami.py +++ b/examples/service-whoami/whoami.py @@ -4,7 +4,6 @@ This serves `/services/whoami/`, authenticated with the Hub, showing the user th """ import json import os -from getpass import getuser from urllib.parse import urlparse from tornado.httpserver import HTTPServer @@ -21,6 +20,7 @@ class WhoAmIHandler(HubAuthenticated, RequestHandler): # `getuser()` here would mean only the user who started the service # can access the service: + # from getpass import getuser # hub_users = {getuser()} @authenticated diff --git a/jupyterhub/apihandlers/groups.py b/jupyterhub/apihandlers/groups.py index 78e833f7..e6b439ba 100644 --- a/jupyterhub/apihandlers/groups.py +++ b/jupyterhub/apihandlers/groups.py @@ -3,7 +3,6 @@ # Distributed under the terms of the Modified BSD License. import json -from tornado import gen from tornado import web from .. import orm diff --git a/jupyterhub/apihandlers/proxy.py b/jupyterhub/apihandlers/proxy.py index 83901832..0a43583b 100644 --- a/jupyterhub/apihandlers/proxy.py +++ b/jupyterhub/apihandlers/proxy.py @@ -2,12 +2,9 @@ # Copyright (c) Jupyter Development Team. # Distributed under the terms of the Modified BSD License. import json -from urllib.parse import urlparse -from tornado import gen from tornado import web -from .. import orm from ..utils import admin_only from .base import APIHandler diff --git a/jupyterhub/crypto.py b/jupyterhub/crypto.py index 57bd00d3..039201b1 100644 --- a/jupyterhub/crypto.py +++ b/jupyterhub/crypto.py @@ -6,7 +6,6 @@ from concurrent.futures import ThreadPoolExecutor from traitlets import Any from traitlets import default -from traitlets import Dict from traitlets import Integer from traitlets import List from traitlets import observe diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index 9606fa61..f8ecf348 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -2,7 +2,6 @@ # Copyright (c) Jupyter Development Team. # Distributed under the terms of the Modified BSD License. import asyncio -import copy import json import math import random @@ -27,14 +26,12 @@ from tornado.httputil import url_concat from tornado.ioloop import IOLoop from tornado.log import app_log from tornado.web import addslash -from tornado.web import MissingArgumentError from tornado.web import RequestHandler from .. import __version__ from .. import orm from ..metrics import PROXY_ADD_DURATION_SECONDS from ..metrics import PROXY_DELETE_DURATION_SECONDS -from ..metrics import ProxyAddStatus from ..metrics import ProxyDeleteStatus from ..metrics import RUNNING_SERVERS from ..metrics import SERVER_POLL_DURATION_SECONDS diff --git a/jupyterhub/handlers/metrics.py b/jupyterhub/handlers/metrics.py index f7a95b62..0f63d9c3 100644 --- a/jupyterhub/handlers/metrics.py +++ b/jupyterhub/handlers/metrics.py @@ -1,7 +1,6 @@ from prometheus_client import CONTENT_TYPE_LATEST from prometheus_client import generate_latest from prometheus_client import REGISTRY -from tornado import gen from ..utils import metrics_authentication from .base import BaseHandler diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index 5cd1f4a7..ec378b9a 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -2,15 +2,12 @@ # Copyright (c) Jupyter Development Team. # Distributed under the terms of the Modified BSD License. import asyncio -import codecs -import copy import time from collections import defaultdict from datetime import datetime from http.client import responses from jinja2 import TemplateNotFound -from tornado import gen from tornado import web from tornado.httputil import url_concat @@ -464,7 +461,6 @@ class AdminHandler(BaseHandler): users = self.db.query(orm.User).outerjoin(orm.Spawner).order_by(*ordered) users = [self._user_from_orm(u) for u in users] - from itertools import chain running = [] for u in users: diff --git a/jupyterhub/oauth/provider.py b/jupyterhub/oauth/provider.py index 6157223f..fd529cc9 100644 --- a/jupyterhub/oauth/provider.py +++ b/jupyterhub/oauth/provider.py @@ -3,15 +3,12 @@ implements https://oauthlib.readthedocs.io/en/latest/oauth2/server.html """ from datetime import datetime -from urllib.parse import urlparse from oauthlib import uri_validate from oauthlib.oauth2 import RequestValidator from oauthlib.oauth2 import WebApplicationServer from oauthlib.oauth2.rfc6749.grant_types import authorization_code from oauthlib.oauth2.rfc6749.grant_types import base -from sqlalchemy.orm import scoped_session -from tornado import web from tornado.escape import url_escape from tornado.log import app_log diff --git a/jupyterhub/proxy.py b/jupyterhub/proxy.py index cbe1cba3..0666bcda 100644 --- a/jupyterhub/proxy.py +++ b/jupyterhub/proxy.py @@ -24,7 +24,6 @@ import time from functools import wraps from subprocess import Popen from urllib.parse import quote -from urllib.parse import urlparse from tornado import gen from tornado.httpclient import AsyncHTTPClient diff --git a/jupyterhub/spawner.py b/jupyterhub/spawner.py index 4abc355b..56761516 100644 --- a/jupyterhub/spawner.py +++ b/jupyterhub/spawner.py @@ -4,8 +4,6 @@ Contains base Spawner class & default implementation # Copyright (c) Jupyter Development Team. # Distributed under the terms of the Modified BSD License. import ast -import asyncio -import errno import json import os import pipes diff --git a/jupyterhub/tests/test_api.py b/jupyterhub/tests/test_api.py index aedb4426..47751621 100644 --- a/jupyterhub/tests/test_api.py +++ b/jupyterhub/tests/test_api.py @@ -1,5 +1,4 @@ """Tests for the REST API.""" -import asyncio import json import re import sys diff --git a/jupyterhub/tests/test_app.py b/jupyterhub/tests/test_app.py index bc59176b..bce50ae6 100644 --- a/jupyterhub/tests/test_app.py +++ b/jupyterhub/tests/test_app.py @@ -7,13 +7,11 @@ import time from subprocess import check_output from subprocess import PIPE from subprocess import Popen -from subprocess import run from tempfile import NamedTemporaryFile from tempfile import TemporaryDirectory from unittest.mock import patch import pytest -from tornado import gen from traitlets.config import Config from .. import orm diff --git a/jupyterhub/tests/test_auth.py b/jupyterhub/tests/test_auth.py index 10ae0b1a..a2fb98c5 100644 --- a/jupyterhub/tests/test_auth.py +++ b/jupyterhub/tests/test_auth.py @@ -1,7 +1,6 @@ """Tests for PAM authentication""" # Copyright (c) Jupyter Development Team. # Distributed under the terms of the Modified BSD License. -import os from unittest import mock import pytest diff --git a/jupyterhub/tests/test_auth_expiry.py b/jupyterhub/tests/test_auth_expiry.py index 781c751b..48f85eb4 100644 --- a/jupyterhub/tests/test_auth_expiry.py +++ b/jupyterhub/tests/test_auth_expiry.py @@ -7,7 +7,6 @@ authentication can expire in a number of ways: - doesn't need refresh - needs refresh and cannot be refreshed without new login """ -import asyncio from contextlib import contextmanager from unittest import mock from urllib.parse import parse_qs diff --git a/jupyterhub/tests/test_dummyauth.py b/jupyterhub/tests/test_dummyauth.py index 3f34c343..dbeaf583 100644 --- a/jupyterhub/tests/test_dummyauth.py +++ b/jupyterhub/tests/test_dummyauth.py @@ -1,8 +1,6 @@ """Tests for dummy authentication""" # Copyright (c) Jupyter Development Team. # Distributed under the terms of the Modified BSD License. -import pytest - from jupyterhub.auth import DummyAuthenticator diff --git a/jupyterhub/tests/test_internal_ssl_app.py b/jupyterhub/tests/test_internal_ssl_app.py index 95b382c4..cae0519b 100644 --- a/jupyterhub/tests/test_internal_ssl_app.py +++ b/jupyterhub/tests/test_internal_ssl_app.py @@ -1,8 +1,6 @@ """Test the JupyterHub entry point with internal ssl""" # Copyright (c) Jupyter Development Team. # Distributed under the terms of the Modified BSD License. -import sys - import jupyterhub.tests.mocking from jupyterhub.tests.test_app import * diff --git a/jupyterhub/tests/test_proxy.py b/jupyterhub/tests/test_proxy.py index 0de5748b..e912bc62 100644 --- a/jupyterhub/tests/test_proxy.py +++ b/jupyterhub/tests/test_proxy.py @@ -2,7 +2,6 @@ import json import os from contextlib import contextmanager -from queue import Queue from subprocess import Popen from urllib.parse import quote from urllib.parse import urlparse diff --git a/jupyterhub/tests/test_services.py b/jupyterhub/tests/test_services.py index 248de1b1..127a9f45 100644 --- a/jupyterhub/tests/test_services.py +++ b/jupyterhub/tests/test_services.py @@ -2,18 +2,13 @@ import asyncio import os import sys -import time from binascii import hexlify from contextlib import contextmanager from subprocess import Popen -from threading import Event -import pytest -import requests from async_generator import async_generator from async_generator import asynccontextmanager from async_generator import yield_ -from tornado import gen from tornado.ioloop import IOLoop from ..utils import maybe_future diff --git a/jupyterhub/tests/test_services_auth.py b/jupyterhub/tests/test_services_auth.py index de4d73e9..a57ba871 100644 --- a/jupyterhub/tests/test_services_auth.py +++ b/jupyterhub/tests/test_services_auth.py @@ -11,7 +11,6 @@ from threading import Thread from unittest import mock from urllib.parse import urlparse -import pytest import requests import requests_mock from pytest import raises diff --git a/jupyterhub/tests/test_singleuser.py b/jupyterhub/tests/test_singleuser.py index 1bd08696..0e4d3bd7 100644 --- a/jupyterhub/tests/test_singleuser.py +++ b/jupyterhub/tests/test_singleuser.py @@ -3,8 +3,6 @@ import sys from subprocess import check_output from urllib.parse import urlparse -import pytest - import jupyterhub from ..utils import url_path_join from .mocking import public_url diff --git a/jupyterhub/utils.py b/jupyterhub/utils.py index 851b4d53..524fd093 100644 --- a/jupyterhub/utils.py +++ b/jupyterhub/utils.py @@ -444,7 +444,6 @@ def print_stacks(file=sys.stderr): # local imports because these will not be used often, # no need to add them to startup import asyncio - import resource import traceback from .log import coroutine_frames diff --git a/setup.py b/setup.py index 5a5f4176..dbd1f3d3 100755 --- a/setup.py +++ b/setup.py @@ -10,7 +10,6 @@ from __future__ import print_function import os import shutil import sys -from glob import glob from subprocess import check_call from setuptools import setup From 485c7b72c29ba8ff37ca43e55a9c38de20dea1f4 Mon Sep 17 00:00:00 2001 From: Josh Meek Date: Thu, 16 Apr 2020 09:36:52 -0400 Subject: [PATCH 343/541] Fix use of auxiliary verb on index.rst --- docs/source/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/index.rst b/docs/source/index.rst index c9722089..8d51a6bc 100644 --- a/docs/source/index.rst +++ b/docs/source/index.rst @@ -7,7 +7,7 @@ It can be used in a class of students, a corporate data science group or scienti research group. It is a multi-user **Hub** that spawns, manages, and proxies multiple instances of the single-user `Jupyter notebook`_ server. -To make life easier, JupyterHub have distributions. Be sure to +To make life easier, JupyterHub has distributions. Be sure to take a look at them before continuing with the configuration of the broad original system of `JupyterHub`_. Today, you can find two main cases: From 8648285375ef47f9504e6c5f06bde8918531ee04 Mon Sep 17 00:00:00 2001 From: Thijs Walcarius Date: Fri, 17 Apr 2020 10:00:25 +0200 Subject: [PATCH 344/541] Fix broken test due to BeautifulSoup 4.9.0 behavior change cfr. https://bugs.launchpad.net/beautifulsoup/+bug/1871335 --- jupyterhub/tests/test_pages.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/tests/test_pages.py b/jupyterhub/tests/test_pages.py index b9d6bba5..20f3ea45 100644 --- a/jupyterhub/tests/test_pages.py +++ b/jupyterhub/tests/test_pages.py @@ -354,7 +354,7 @@ async def test_spawn_pending(app, username, slow_spawn): assert page.find('div', {'class': 'progress'}) # validate event source url by consuming it - script = page.body.find('script').text + script = page.body.find('script').string assert 'EventSource' in script # find EventSource url in javascript # maybe not the most robust way to check this? From c234463a6765491c6a8baee10541ad67be28b468 Mon Sep 17 00:00:00 2001 From: Richard Darst Date: Thu, 16 Apr 2020 11:47:07 +0300 Subject: [PATCH 345/541] sphinx conf.py: update add_stylesheet -> add_css_file - Seems to be added in 1.0: https://www.sphinx-doc.org/en/latest/changes.html#release-1-0-jul-23-2010 --- docs/source/conf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/conf.py b/docs/source/conf.py index fd0d4b92..14b548ee 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -62,7 +62,7 @@ from recommonmark.transform import AutoStructify def setup(app): app.add_config_value('recommonmark_config', {'enable_eval_rst': True}, True) - app.add_stylesheet('custom.css') + app.add_css_file('custom.css') app.add_transform(AutoStructify) From e882e7954c0473d2941c0fbc7d5f8c8e04a8658a Mon Sep 17 00:00:00 2001 From: Richard Darst Date: Thu, 16 Apr 2020 16:59:05 +0300 Subject: [PATCH 346/541] docs: use recommonmark as an extension - source_parsers deprecated in sphinx 3.0 - Since sphinx 1.4, it can (should) be used as a direct extension: https://github.com/readthedocs/recommonmark/pull/43 --- docs/source/conf.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/source/conf.py b/docs/source/conf.py index 14b548ee..64e4939a 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -20,6 +20,7 @@ extensions = [ 'autodoc_traits', 'sphinx_copybutton', 'sphinx-jsonschema', + 'recommonmark', ] templates_path = ['_templates'] @@ -66,8 +67,6 @@ def setup(app): app.add_transform(AutoStructify) -source_parsers = {'.md': 'recommonmark.parser.CommonMarkParser'} - source_suffix = ['.rst', '.md'] # source_encoding = 'utf-8-sig' From 9d6e8e6b6fb02ca7952b158bf665b3ad8a8a0223 Mon Sep 17 00:00:00 2001 From: Richard Darst Date: Thu, 16 Apr 2020 11:45:35 +0300 Subject: [PATCH 347/541] Temporary patch autodoc-traits to fix build error [temporary] - This commit should be removed later after autodoc-traits is fixed upstream --- docs/requirements.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/requirements.txt b/docs/requirements.txt index e0ea5aa4..472fcc28 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,7 +1,9 @@ -r ../requirements.txt alabaster_jupyterhub -autodoc-traits +# Temporary fix of #3021. Revert back to released autodoc-traits when +# 0.1.0 released. +https://github.com/jupyterhub/autodoc-traits/archive/75885ee24636efbfebfceed1043459715049cd84.zip pydata-sphinx-theme recommonmark>=0.6 sphinx-copybutton From 6f2e409fb9bb4959310f26f2316bc4d4d228acc0 Mon Sep 17 00:00:00 2001 From: Thijs Walcarius Date: Mon, 6 Apr 2020 16:26:16 +0200 Subject: [PATCH 348/541] Allow bypassing of spawn form by calling options in query arguments of /spawn --- jupyterhub/handlers/pages.py | 26 ++++++++++++++++++++++++++ jupyterhub/tests/test_pages.py | 22 ++++++++++++++++++++++ 2 files changed, 48 insertions(+) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index 5cd1f4a7..6f1a43f2 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -173,6 +173,32 @@ class SpawnHandler(BaseHandler): auth_state = await user.get_auth_state() await spawner.run_auth_state_hook(auth_state) + # Try to start server directly when query arguments are passed. + form_options = {} + for key, byte_list in self.request.query_arguments.items(): + form_options[key] = [bs.decode('utf8') for bs in byte_list] + + # 'next' is reserved argument for redirect after spawn + form_options.pop('next', None) + + if len(form_options) > 0: + try: + self.log.debug( + "Triggering spawn with supplied query arguments for %s", + spawner._log_name, + ) + options = await maybe_future(spawner.options_from_form(form_options)) + pending_url = self._get_pending_url(user, server_name) + return await self._wrap_spawn_single_user( + user, server_name, spawner, pending_url, options + ) + except Exception as e: + self.log.error( + "Failed to spawn single-user server with query arguments", + exc_info=True, + ) + # fallback to behavior without failing query arguments + spawner_options_form = await spawner.get_options_form() if spawner_options_form: self.log.debug("Serving options form for %s", spawner._log_name) diff --git a/jupyterhub/tests/test_pages.py b/jupyterhub/tests/test_pages.py index 20f3ea45..7ca4cb22 100644 --- a/jupyterhub/tests/test_pages.py +++ b/jupyterhub/tests/test_pages.py @@ -255,6 +255,28 @@ async def test_spawn_page_admin(app, admin_access): assert "Spawning server for {}".format(u.name) in r.text +async def test_spawn_with_query_arguments(app): + with mock.patch.dict(app.users.settings, {'spawner_class': FormSpawner}): + base_url = ujoin(public_host(app), app.hub.base_url) + cookies = await app.login_user('jones') + orm_u = orm.User.find(app.db, 'jones') + u = app.users[orm_u] + await u.stop() + next_url = ujoin(app.base_url, 'user/jones/tree') + r = await async_requests.get( + url_concat( + ujoin(base_url, 'spawn'), {'next': next_url, 'energy': '510keV'}, + ), + cookies=cookies, + ) + r.raise_for_status() + assert r.history + assert u.spawner.user_options == { + 'energy': '510keV', + 'notspecified': 5, + } + + async def test_spawn_form(app): with mock.patch.dict(app.users.settings, {'spawner_class': FormSpawner}): base_url = ujoin(public_host(app), app.hub.base_url) From 24387664184846db36cc0a13f984b5d3a07212a8 Mon Sep 17 00:00:00 2001 From: Thijs Walcarius Date: Tue, 7 Apr 2020 13:56:32 +0200 Subject: [PATCH 349/541] Show error message when spawning via query-arguments failed. Add options_from_query function --- jupyterhub/handlers/pages.py | 16 ++++++++++------ jupyterhub/spawner.py | 31 +++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 6 deletions(-) diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index 6f1a43f2..93c59fdb 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -174,20 +174,21 @@ class SpawnHandler(BaseHandler): await spawner.run_auth_state_hook(auth_state) # Try to start server directly when query arguments are passed. - form_options = {} + error_message = '' + query_options = {} for key, byte_list in self.request.query_arguments.items(): - form_options[key] = [bs.decode('utf8') for bs in byte_list] + query_options[key] = [bs.decode('utf8') for bs in byte_list] # 'next' is reserved argument for redirect after spawn - form_options.pop('next', None) + query_options.pop('next', None) - if len(form_options) > 0: + if len(query_options) > 0: try: self.log.debug( "Triggering spawn with supplied query arguments for %s", spawner._log_name, ) - options = await maybe_future(spawner.options_from_form(form_options)) + options = await maybe_future(spawner.options_from_query(query_options)) pending_url = self._get_pending_url(user, server_name) return await self._wrap_spawn_single_user( user, server_name, spawner, pending_url, options @@ -197,13 +198,16 @@ class SpawnHandler(BaseHandler): "Failed to spawn single-user server with query arguments", exc_info=True, ) + error_message = str(e) # fallback to behavior without failing query arguments spawner_options_form = await spawner.get_options_form() if spawner_options_form: self.log.debug("Serving options form for %s", spawner._log_name) form = await self._render_form( - for_user=user, spawner_options_form=spawner_options_form + for_user=user, + spawner_options_form=spawner_options_form, + message=error_message, ) self.finish(form) else: diff --git a/jupyterhub/spawner.py b/jupyterhub/spawner.py index 4abc355b..54875837 100644 --- a/jupyterhub/spawner.py +++ b/jupyterhub/spawner.py @@ -384,6 +384,37 @@ class Spawner(LoggingConfigurable): """ return form_data + def options_from_query(self, query_data): + """Interpret query arguments passed to /spawn + + Query arguments will always arrive as a dict of unicode strings. + Override this function to understand single-values, numbers, etc. + + By default, options_from_form is called from this function. You can however override + this function if you need to process the query arguments differently. + + This should coerce form data into the structure expected by self.user_options, + which must be a dict, and should be JSON-serializeable, + though it can contain bytes in addition to standard JSON data types. + + This method should not have any side effects. + Any handling of `user_options` should be done in `.start()` + to ensure consistent behavior across servers + spawned via the API and form submission page. + + Instances will receive this data on self.user_options, after passing through this function, + prior to `Spawner.start`. + + .. versionadded:: 1.2 + user_options are persisted in the JupyterHub database to be reused + on subsequent spawns if no options are given. + user_options is serialized to JSON as part of this persistence + (with additional support for bytes in case of uploaded file data), + and any non-bytes non-jsonable values will be replaced with None + if the user_options are re-used. + """ + return self.options_from_form(query_data) + user_options = Dict( help=""" Dict of user specified options for the user's spawned instance of a single-user server. From 6283e7ec837e25a80de3add190d11d4a9b46e9c3 Mon Sep 17 00:00:00 2001 From: Steffen Vogel Date: Wed, 15 Apr 2020 23:21:53 +0200 Subject: [PATCH 350/541] support kubespawner running on a IPv6 only cluster --- jupyterhub/app.py | 10 +++++++--- jupyterhub/objects.py | 13 +++++++++---- jupyterhub/services/service.py | 2 +- jupyterhub/user.py | 7 ++++++- jupyterhub/utils.py | 4 ++-- 5 files changed, 25 insertions(+), 11 deletions(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 727b964f..50809e19 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -561,7 +561,11 @@ class JupyterHub(Application): def _url_part_changed(self, change): """propagate deprecated ip/port/base_url config to the bind_url""" urlinfo = urlparse(self.bind_url) - urlinfo = urlinfo._replace(netloc='%s:%i' % (self.ip, self.port)) + if ':' in self.ip: + fmt = '[%s]:%i' + else: + fmt = '%s:%i' + urlinfo = urlinfo._replace(netloc=fmt % (self.ip, self.port)) urlinfo = urlinfo._replace(path=self.base_url) bind_url = urlunparse(urlinfo) if bind_url != self.bind_url: @@ -727,10 +731,10 @@ class JupyterHub(Application): help="""The ip or hostname for proxies and spawners to use for connecting to the Hub. - Use when the bind address (`hub_ip`) is 0.0.0.0 or otherwise different + Use when the bind address (`hub_ip`) is 0.0.0.0, :: or otherwise different from the connect address. - Default: when `hub_ip` is 0.0.0.0, use `socket.gethostname()`, otherwise use `hub_ip`. + Default: when `hub_ip` is 0.0.0.0 or ::, use `socket.gethostname()`, otherwise use `hub_ip`. Note: Some spawners or proxy implementations might not support hostnames. Check your spawner or proxy documentation to see if they have extra requirements. diff --git a/jupyterhub/objects.py b/jupyterhub/objects.py index de2ac7a6..e5aa9c1c 100644 --- a/jupyterhub/objects.py +++ b/jupyterhub/objects.py @@ -53,7 +53,7 @@ class Server(HasTraits): Never used in APIs, only logging, since it can be non-connectable value, such as '', meaning all interfaces. """ - if self.ip in {'', '0.0.0.0'}: + if self.ip in {'', '0.0.0.0', '::'}: return self.url.replace(self._connect_ip, self.ip or '*', 1) return self.url @@ -87,13 +87,13 @@ class Server(HasTraits): """The address to use when connecting to this server When `ip` is set to a real ip address, the same value is used. - When `ip` refers to 'all interfaces' (e.g. '0.0.0.0'), + When `ip` refers to 'all interfaces' (e.g. '0.0.0.0' or '::'), clients connect via hostname by default. Setting `connect_ip` explicitly overrides any default behavior. """ if self.connect_ip: return self.connect_ip - elif self.ip in {'', '0.0.0.0'}: + elif self.ip in {'', '0.0.0.0', '::'}: # if listening on all interfaces, default to hostname for connect return socket.gethostname() else: @@ -149,7 +149,12 @@ class Server(HasTraits): if self.connect_url: parsed = urlparse(self.connect_url) return "{proto}://{host}".format(proto=parsed.scheme, host=parsed.netloc) - return "{proto}://{ip}:{port}".format( + + if ':' in self._connect_ip: + fmt = "{proto}://[{ip}]:{port}" + else: + fmt = "{proto}://{ip}:{port}" + return fmt.format( proto=self.proto, ip=self._connect_ip, port=self._connect_port ) diff --git a/jupyterhub/services/service.py b/jupyterhub/services/service.py index fbf1f331..dcd28946 100644 --- a/jupyterhub/services/service.py +++ b/jupyterhub/services/service.py @@ -342,7 +342,7 @@ class Service(LoggingConfigurable): env['JUPYTERHUB_SERVICE_PREFIX'] = self.server.base_url hub = self.hub - if self.hub.ip in ('0.0.0.0', ''): + if self.hub.ip in ('', '0.0.0.0', '::'): # if the Hub is listening on all interfaces, # tell services to connect via localhost # since they are always local subprocesses diff --git a/jupyterhub/user.py b/jupyterhub/user.py index 71ceac4e..4f049817 100644 --- a/jupyterhub/user.py +++ b/jupyterhub/user.py @@ -566,7 +566,12 @@ class User: else: # >= 0.7 returns (ip, port) proto = 'https' if self.settings['internal_ssl'] else 'http' - url = '%s://%s:%i' % ((proto,) + url) + + # check if spawner returned an IPv6 address + if ':' in url[0]: + url = '%s://[%s]:%i' % ((proto,) + url) + else: + url = '%s://%s:%i' % ((proto,) + url) urlinfo = urlparse(url) server.proto = urlinfo.scheme server.ip = urlinfo.hostname diff --git a/jupyterhub/utils.py b/jupyterhub/utils.py index 851b4d53..82bcc0c8 100644 --- a/jupyterhub/utils.py +++ b/jupyterhub/utils.py @@ -66,7 +66,7 @@ def can_connect(ip, port): Return True if we can connect, False otherwise. """ - if ip in {'', '0.0.0.0'}: + if ip in {'', '0.0.0.0', '::'}: ip = '127.0.0.1' try: socket.create_connection((ip, port)).close() @@ -179,7 +179,7 @@ async def exponential_backoff( async def wait_for_server(ip, port, timeout=10): """Wait for any server to show up at ip:port.""" - if ip in {'', '0.0.0.0'}: + if ip in {'', '0.0.0.0', '::'}: ip = '127.0.0.1' await exponential_backoff( lambda: can_connect(ip, port), From 17dde3a2a9d14b836ad7774b5b755a3391279ff6 Mon Sep 17 00:00:00 2001 From: Michael Blackmon Date: Mon, 20 Apr 2020 10:38:19 -0400 Subject: [PATCH 351/541] remove margin styling from submit button --- share/jupyterhub/static/less/login.less | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/share/jupyterhub/static/less/login.less b/share/jupyterhub/static/less/login.less index d0040908..f5ca78e5 100644 --- a/share/jupyterhub/static/less/login.less +++ b/share/jupyterhub/static/less/login.less @@ -6,7 +6,7 @@ .bg-warning(); padding:10px; } - + .service-login { text-align: center; display: table-cell; @@ -27,9 +27,9 @@ } input[type=submit] { - margin-top: 16px; + margin-top: 0px; } - + .form-control:focus, input[type=submit]:focus { box-shadow: inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px @jupyter-orange; border-color: @jupyter-orange; From 5fbd2838c9edbcc7bc40003597174bab30f50939 Mon Sep 17 00:00:00 2001 From: Michael Blackmon Date: Mon, 20 Apr 2020 10:39:57 -0400 Subject: [PATCH 352/541] add style class for feedback, widget and container --- share/jupyterhub/static/less/page.less | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/share/jupyterhub/static/less/page.less b/share/jupyterhub/static/less/page.less index 6193b357..328ffe7e 100644 --- a/share/jupyterhub/static/less/page.less +++ b/share/jupyterhub/static/less/page.less @@ -26,3 +26,19 @@ // .progress-log-event:hover { // background: rgba(66, 165, 245, 0.2); // } + + +.feedback { + &-container { + margin-top: 16px; + } + + &-widget { + padding: 5px 0px 0px 6px; + i { + font-size: 2em; + color: lightgrey; + } + } + +} From 42e7d1a3fbc2d997258a88f98716d80dc2aa6798 Mon Sep 17 00:00:00 2001 From: Michael Blackmon Date: Mon, 20 Apr 2020 10:59:34 -0400 Subject: [PATCH 353/541] put submit button & widget in feedback-container; extend template to include script block with form onsubmit handler --- share/jupyterhub/templates/spawn.html | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/share/jupyterhub/templates/spawn.html b/share/jupyterhub/templates/spawn.html index f1330b1f..d44bdd0d 100644 --- a/share/jupyterhub/templates/spawn.html +++ b/share/jupyterhub/templates/spawn.html @@ -23,9 +23,26 @@
    {{spawner_options_form | safe}}
    - + {% endblock %} + +{% block script %} +{{ super() }} + +{% endblock %} From 10bb5ef3c0ce25cb131aa134d89433bb4519f556 Mon Sep 17 00:00:00 2001 From: Michael Blackmon Date: Mon, 20 Apr 2020 11:00:40 -0400 Subject: [PATCH 354/541] wrap button & widget in feedback-container; add js block with onsubmit handler --- share/jupyterhub/templates/login.html | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/share/jupyterhub/templates/login.html b/share/jupyterhub/templates/login.html index 130339c9..cd585ded 100644 --- a/share/jupyterhub/templates/login.html +++ b/share/jupyterhub/templates/login.html @@ -56,13 +56,18 @@ tabindex="2" /> - + {% endif %} @@ -79,6 +84,11 @@ if (window.location.protocol === "http:") { var warning = document.getElementById('insecure-login-warning'); warning.className = warning.className.replace(/\bhidden\b/, ''); } +// setup onSubmit feedback +$('form').submit(() => { + $('.feedback-container>input').attr('disabled', true); + $('.feedback-container>*').toggleClass('hidden'); + $('.feedback-widget>*').toggleClass('fa-pulse'); +}); - {% endblock %} From debd2974943c03fadb1943ab6d8efb9634f3dff5 Mon Sep 17 00:00:00 2001 From: Michael Blackmon Date: Mon, 20 Apr 2020 11:33:38 -0400 Subject: [PATCH 355/541] restrict submit handler to only operate on targeted form --- share/jupyterhub/templates/login.html | 9 +++++---- share/jupyterhub/templates/spawn.html | 9 +++++---- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/share/jupyterhub/templates/login.html b/share/jupyterhub/templates/login.html index cd585ded..5c00d31d 100644 --- a/share/jupyterhub/templates/login.html +++ b/share/jupyterhub/templates/login.html @@ -85,10 +85,11 @@ if (window.location.protocol === "http:") { warning.className = warning.className.replace(/\bhidden\b/, ''); } // setup onSubmit feedback -$('form').submit(() => { - $('.feedback-container>input').attr('disabled', true); - $('.feedback-container>*').toggleClass('hidden'); - $('.feedback-widget>*').toggleClass('fa-pulse'); +$('form').submit((e) => { + var form = $(e.target); + form.find('.feedback-container>input').attr('disabled', true); + form.find('.feedback-container>*').toggleClass('hidden'); + form.find('.feedback-widget>*').toggleClass('fa-pulse'); }); {% endblock %} diff --git a/share/jupyterhub/templates/spawn.html b/share/jupyterhub/templates/spawn.html index d44bdd0d..773a55e7 100644 --- a/share/jupyterhub/templates/spawn.html +++ b/share/jupyterhub/templates/spawn.html @@ -39,10 +39,11 @@ {{ super() }} {% endblock %} From 137591f4582dfe470cb2c4e708d796caea16149a Mon Sep 17 00:00:00 2001 From: Will Starms Date: Fri, 1 May 2020 19:09:19 -0500 Subject: [PATCH 356/541] remove fixed position, causes Z ordering issues with the bottom of the users list --- share/jupyterhub/static/less/admin.less | 1 - 1 file changed, 1 deletion(-) diff --git a/share/jupyterhub/static/less/admin.less b/share/jupyterhub/static/less/admin.less index 6189e4e9..86dd6bcd 100644 --- a/share/jupyterhub/static/less/admin.less +++ b/share/jupyterhub/static/less/admin.less @@ -3,7 +3,6 @@ i.sort-icon { } .version_footer { - position: fixed; bottom: 0; width: 100%; } From da34c6cb34db6d677d3cebd0cadbc76f585fa5af Mon Sep 17 00:00:00 2001 From: Min RK Date: Wed, 6 May 2020 10:44:53 +0200 Subject: [PATCH 357/541] remove hardcoded path from pagination links allows pagination of other pages --- jupyterhub/pagination.py | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/jupyterhub/pagination.py b/jupyterhub/pagination.py index c64a3ded..7f2450ca 100644 --- a/jupyterhub/pagination.py +++ b/jupyterhub/pagination.py @@ -126,10 +126,12 @@ class Pagination: @property def links(self): - """Sets the links for the pagination. - Getting the input from calculate_pages_window(), generates the HTML code + """Get the links for the pagination. + Getting the input from calculate_pages_window(), generates the HTML code for the pages to render, plus the arrows to go onwards and backwards (if needed). """ + if self.total_pages == 1: + return [] pages_to_render = self.calculate_pages_window() @@ -139,9 +141,7 @@ class Pagination: if self.page > 1: prev_page = self.page - 1 links.append( - '
  • «
    • '.format( - prev_page=prev_page - ) + '
  • «
    • '.format(prev_page=prev_page) ) else: links.append( @@ -161,17 +161,13 @@ class Pagination: ) else: links.append( - '
  • {page}
    • '.format( - page=page - ) + '
  • {page}
    • '.format(page=page) ) if self.page >= 1 and self.page < self.total_pages: next_page = self.page + 1 links.append( - '
  • »
    • '.format( - next_page=next_page - ) + '
  • »
    • '.format(next_page=next_page) ) else: links.append( From 0d245fe4e4979ac3aae9f8b801ea3537b9111ccf Mon Sep 17 00:00:00 2001 From: Min RK Date: Wed, 6 May 2020 10:47:08 +0200 Subject: [PATCH 358/541] move pagination info next to pagination links at the bottom --- share/jupyterhub/static/less/admin.less | 4 ++++ share/jupyterhub/templates/admin.html | 24 ++++++++++++------------ 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/share/jupyterhub/static/less/admin.less b/share/jupyterhub/static/less/admin.less index 6189e4e9..88e36fd0 100644 --- a/share/jupyterhub/static/less/admin.less +++ b/share/jupyterhub/static/less/admin.less @@ -2,6 +2,10 @@ i.sort-icon { margin-left: 4px; } +tr.pagination-row > td.pagination-page-info { + vertical-align: middle; +} + .version_footer { position: fixed; bottom: 0; diff --git a/share/jupyterhub/templates/admin.html b/share/jupyterhub/templates/admin.html index b98108de..a13ba6c8 100644 --- a/share/jupyterhub/templates/admin.html +++ b/share/jupyterhub/templates/admin.html @@ -18,9 +18,6 @@ {% block main %}
    -
    - Displaying users {{ pagination.info.start|safe }} - {{ pagination.info.end|safe }}. Total users {{ pagination.info.total|safe }} -
    @@ -104,16 +101,19 @@ {% endfor %} {% endfor %} + + + + + +
    + {% if pagination.links %} + + {% endif %} + + Displaying users {{ pagination.info.start|safe }} - {{ pagination.info.end|safe }} of {{ pagination.info.total|safe }} +
    - {% if pagination.links %} - - - - - - - - {% endif %}
    From 4e29342711cce0a84331850fc203fb861b2f6452 Mon Sep 17 00:00:00 2001 From: Thijs Walcarius Date: Wed, 6 May 2020 11:04:30 +0200 Subject: [PATCH 359/541] Test error path when parsing query arguments --- jupyterhub/tests/mocking.py | 3 +++ jupyterhub/tests/test_pages.py | 19 +++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/jupyterhub/tests/mocking.py b/jupyterhub/tests/mocking.py index 5ac2406d..64af46a8 100644 --- a/jupyterhub/tests/mocking.py +++ b/jupyterhub/tests/mocking.py @@ -173,6 +173,9 @@ class FormSpawner(MockSpawner): options['energy'] = form_data['energy'][0] if 'hello_file' in form_data: options['hello'] = form_data['hello_file'][0] + + if 'illegal_argument' in form_data: + raise ValueError("You are not allowed to specify 'illegal_argument'") return options diff --git a/jupyterhub/tests/test_pages.py b/jupyterhub/tests/test_pages.py index 7ca4cb22..a1825d43 100644 --- a/jupyterhub/tests/test_pages.py +++ b/jupyterhub/tests/test_pages.py @@ -277,6 +277,25 @@ async def test_spawn_with_query_arguments(app): } +async def test_spawn_with_query_arguments_error(app): + with mock.patch.dict(app.users.settings, {'spawner_class': FormSpawner}): + base_url = ujoin(public_host(app), app.hub.base_url) + cookies = await app.login_user('jones') + orm_u = orm.User.find(app.db, 'jones') + u = app.users[orm_u] + await u.stop() + next_url = ujoin(app.base_url, 'user/jones/tree') + r = await async_requests.get( + url_concat( + ujoin(base_url, 'spawn'), + {'next': next_url, 'energy': '510keV', 'illegal_argument': '42'}, + ), + cookies=cookies, + ) + r.raise_for_status() + assert "You are not allowed to specify " in r.text + + async def test_spawn_form(app): with mock.patch.dict(app.users.settings, {'spawner_class': FormSpawner}): base_url = ujoin(public_host(app), app.hub.base_url) From 8859bf8842b3daa91bfb9f8bf3faeaa239453024 Mon Sep 17 00:00:00 2001 From: romainx Date: Fri, 8 May 2020 06:06:42 +0200 Subject: [PATCH 360/541] #1018 PAM added in prerequisites --- README.md | 2 ++ docs/source/quickstart.md | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/README.md b/README.md index 98ab6fa4..9fb2fe76 100644 --- a/README.md +++ b/README.md @@ -74,6 +74,8 @@ for administration of the Hub and its users. The `nodejs-legacy` package installs the `node` executable and is currently required for npm to work on Debian/Ubuntu. +- A [pluggable authentication module (PAM)](https://en.wikipedia.org/wiki/Pluggable_authentication_module) + to use the default Authenticator - TLS certificate and key for HTTPS communication - Domain name diff --git a/docs/source/quickstart.md b/docs/source/quickstart.md index f9c4beaa..b621aab2 100644 --- a/docs/source/quickstart.md +++ b/docs/source/quickstart.md @@ -26,6 +26,10 @@ Before installing JupyterHub, you will need: The `nodejs-legacy` package installs the `node` executable and is currently required for npm to work on Debian/Ubuntu. +- A [pluggable authentication module (PAM)](https://en.wikipedia.org/wiki/Pluggable_authentication_module) + to use the [default Authenticator](./getting-started/authenticators-users-basics.md). + PAM is often available by default on most distributions, if this is not the case it can be installed by + using the operating system's package manager. - TLS certificate and key for HTTPS communication - Domain name From d67b71b7aedd3f19f6522eb32e834fab22c3da14 Mon Sep 17 00:00:00 2001 From: ragar64 Date: Mon, 9 Mar 2020 13:04:20 +0530 Subject: [PATCH 361/541] " #2925 : Changing start my server button link to spawn url once server is stopped" --- share/jupyterhub/static/js/home.js | 1 + 1 file changed, 1 insertion(+) diff --git a/share/jupyterhub/static/js/home.js b/share/jupyterhub/static/js/home.js index 635f89b4..909c2b73 100644 --- a/share/jupyterhub/static/js/home.js +++ b/share/jupyterhub/static/js/home.js @@ -104,6 +104,7 @@ require(["jquery", "moment", "jhapi"], function( .text("Start My Server") .attr("title", "Start your default server") .attr("disabled", false) + .attr("href", base_url + "spawn/" + user) .off("click"); }, }); From 0e59ab003a8c6797de8efb1168a288afa639f947 Mon Sep 17 00:00:00 2001 From: romainx Date: Mon, 11 May 2020 14:54:32 +0200 Subject: [PATCH 362/541] Readme updated according to review --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 9fb2fe76..a6a65107 100644 --- a/README.md +++ b/README.md @@ -74,8 +74,7 @@ for administration of the Hub and its users. The `nodejs-legacy` package installs the `node` executable and is currently required for npm to work on Debian/Ubuntu. -- A [pluggable authentication module (PAM)](https://en.wikipedia.org/wiki/Pluggable_authentication_module) - to use the default Authenticator +- If using the default PAM Authenticator, a [pluggable authentication module (PAM)](https://en.wikipedia.org/wiki/Pluggable_authentication_module). - TLS certificate and key for HTTPS communication - Domain name From a36a56b4ff8530bab4e0b34d789f94faa02eb4be Mon Sep 17 00:00:00 2001 From: dp Date: Thu, 14 May 2020 16:16:07 -0700 Subject: [PATCH 363/541] docs: add proxy_http_version 1.1 add proxy_http_version 1.1 as it is required for KeepAlive connections --- docs/source/reference/config-proxy.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/source/reference/config-proxy.md b/docs/source/reference/config-proxy.md index 564f2efc..64ccb0ed 100644 --- a/docs/source/reference/config-proxy.md +++ b/docs/source/reference/config-proxy.md @@ -83,6 +83,7 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # websocket headers + proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } From 2991d2d1f1532cfe75a2a0b455659346f94ff2af Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Fri, 15 May 2020 11:34:03 +0200 Subject: [PATCH 364/541] Log successful /health requests on the debug level They are less relevant than other request and could very well end up cluttering the logs. It is not uncomming for these requests to be made every second or every other second. --- jupyterhub/log.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/jupyterhub/log.py b/jupyterhub/log.py index d60b358a..f9fbffe8 100644 --- a/jupyterhub/log.py +++ b/jupyterhub/log.py @@ -12,6 +12,7 @@ from tornado.log import LogFormatter from tornado.web import HTTPError from tornado.web import StaticFileHandler +from .handlers.pages import HealthCheckHandler from .metrics import prometheus_log_method @@ -127,7 +128,9 @@ def log_request(handler): """ status = handler.get_status() request = handler.request - if status == 304 or (status < 300 and isinstance(handler, StaticFileHandler)): + if status == 304 or ( + status < 300 and isinstance(handler, (StaticFileHandler, HealthCheckHandler)) + ): # static-file success and 304 Found are debug-level log_method = access_log.debug elif status < 400: From 0dbad9bd9969b5b29e1079856a26635daf27558f Mon Sep 17 00:00:00 2001 From: Mohammad Wasil Date: Fri, 15 May 2020 13:51:50 +0200 Subject: [PATCH 365/541] Disable proxy_buffering to make the progress bar working when using nginx reverse proxy --- docs/source/reference/config-proxy.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/source/reference/config-proxy.md b/docs/source/reference/config-proxy.md index 564f2efc..9e493cf4 100644 --- a/docs/source/reference/config-proxy.md +++ b/docs/source/reference/config-proxy.md @@ -85,6 +85,8 @@ server { # websocket headers proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; + + proxy_buffering off; } # Managing requests to verify letsencrypt host From d60fa9a400c7b2a8a89ef692299e29bb57c0d51a Mon Sep 17 00:00:00 2001 From: Jeremy Tuloup Date: Mon, 25 May 2020 16:10:08 +0200 Subject: [PATCH 366/541] Update links to the black GitHub repository --- .pre-commit-config.yaml | 2 +- CONTRIBUTING.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 02a918fa..e8f6663e 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -3,7 +3,7 @@ repos: rev: v1.9.0 hooks: - id: reorder-python-imports -- repo: https://github.com/ambv/black +- repo: https://github.com/psf/black rev: 19.10b0 hooks: - id: black diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 76ddf057..0f5ec05a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -66,7 +66,7 @@ pre-commit run which should run any autoformatting on your code and tell you about any errors it couldn't fix automatically. -You may also install [black integration](https://github.com/ambv/black#editor-integration) +You may also install [black integration](https://github.com/psf/black#editor-integration) into your text editor to format code automatically. If you have already committed files before setting up the pre-commit From 6bf4f3b2aae73c0f2f45ec39b5b01d83e3bbb0ba Mon Sep 17 00:00:00 2001 From: Min RK Date: Tue, 26 May 2020 13:40:21 +0200 Subject: [PATCH 367/541] document upgrading from api_tokens to services config --- docs/source/reference/rest.md | 38 +++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/docs/source/reference/rest.md b/docs/source/reference/rest.md index 95e9ea8b..0432f677 100644 --- a/docs/source/reference/rest.md +++ b/docs/source/reference/rest.md @@ -57,6 +57,9 @@ generating an API token is available from the JupyterHub user interface: ## Add API tokens to the config file +**This is deprecated. We are in no rush to remove this feature, +but please consider if service tokens are right for you.** + You may also add a dictionary of API tokens and usernames to the hub's configuration file, `jupyterhub_config.py` (note that the **key** is the 'secret-token' while the **value** is the 'username'): @@ -67,6 +70,41 @@ c.JupyterHub.api_tokens = { } ``` +### Updating to admin services + +The `api_tokens` configuration has been softly deprecated since the introduction of services. +We have no plans to remove it, +but users are encouraged to use service configuration instead. + +If you have been using `api_tokens` to create an admin user +and a token for that user to perform some automations, +the services mechanism may be a better fit. +If you have the following configuration: + +```python +c.JupyterHub.admin_users = {"service-admin",} +c.JupyterHub.api_tokens = { + "secret-token": "service-admin", +} +``` + +This can be updated to create an admin service, with the following configuration: + +```python +c.JupyterHub.services = [ + { + "name": "service-token", + "admin": True, + "api_token": "secret-token", + }, +] +``` + +The token will have the same admin permissions, +but there will no longer be a user account created to house it. +The main noticeable difference is that there will be no notebook server associated with the account +and the service will not show up in the various user list pages and APIs. + ## Make an API request To authenticate your requests, pass the API token in the request's From cd367338588374b09c97c5b22c4590a659f3bd2e Mon Sep 17 00:00:00 2001 From: GeorgianaElena Date: Tue, 26 May 2020 14:49:36 +0300 Subject: [PATCH 368/541] Remove the issue templates so that the ones from the central repo jupyterhub/.github take effect --- .github/ISSUE_TEMPLATE/bug_report.md | 33 ----------------------- .github/ISSUE_TEMPLATE/config.yml | 4 --- .github/ISSUE_TEMPLATE/feature_request.md | 25 ----------------- 3 files changed, 62 deletions(-) delete mode 100644 .github/ISSUE_TEMPLATE/bug_report.md delete mode 100644 .github/ISSUE_TEMPLATE/config.yml delete mode 100644 .github/ISSUE_TEMPLATE/feature_request.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index 2fe07734..00000000 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,33 +0,0 @@ ---- -name: "\U0001F41B Bug report" -about: Create a report to help us repair something that is currently broken - ---- - - -### Bug description - - -#### Expected behaviour - - -#### Actual behaviour - - -### How to reproduce - - -1. Go to '...' -2. Click on '....' -3. Scroll down to '....' -4. See error - -### Your personal set up - - - - OS: - - - Version: - - - Configuration: - diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml deleted file mode 100644 index 8574d777..00000000 --- a/.github/ISSUE_TEMPLATE/config.yml +++ /dev/null @@ -1,4 +0,0 @@ -contact_links: - - name: "\U0001F914 All other questions, including if you're not sure what to do." - url: https://discourse.jupyter.org - about: Search on Discourse for similar questions or ask for help there. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md deleted file mode 100644 index b027cbcf..00000000 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ /dev/null @@ -1,25 +0,0 @@ ---- -name: "\U0001F680 Feature request" -about: Suggest a new feature or a big change to JupyterHub - ---- - - -### Proposed change - - - -### Alternative options - - - -### Who would use this feature? - - - -### How much effort will adding it take? - - - -### Who can do this work? - From bcbc68dd82f06b69756b713dc6c998e3bfdec547 Mon Sep 17 00:00:00 2001 From: GeorgianaElena Date: Wed, 27 May 2020 19:55:47 +0300 Subject: [PATCH 369/541] Warn if both bind_url and ip/port/base_url are set --- jupyterhub/app.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 50809e19..ebc5938e 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -568,7 +568,16 @@ class JupyterHub(Application): urlinfo = urlinfo._replace(netloc=fmt % (self.ip, self.port)) urlinfo = urlinfo._replace(path=self.base_url) bind_url = urlunparse(urlinfo) + + # Warn if both bind_url and ip/port/base_url are set if bind_url != self.bind_url: + if self.bind_url != "http://:8000" and self.bind_url != "https://:8000": + self.log.warning( + "Both bind_url and ip/port/base_url have been configured. " + "JupyterHub.ip, JupyterHub.port, JupyterHub.base_url are" + " deprecated in JupyterHub 0.9," + " please use JupyterHub.bind_url instead." + ) self.bind_url = bind_url bind_url = Unicode( From e4e4d472b866309074b78701440b1200244639c8 Mon Sep 17 00:00:00 2001 From: GeorgianaElena Date: Thu, 28 May 2020 17:35:42 +0300 Subject: [PATCH 370/541] Add JupyterHub Demo docker image --- demo-image/Dockerfile | 16 ++++++++++++++++ demo-image/README.md | 25 +++++++++++++++++++++++++ demo-image/jupyterhub_config.py | 7 +++++++ 3 files changed, 48 insertions(+) create mode 100644 demo-image/Dockerfile create mode 100644 demo-image/README.md create mode 100644 demo-image/jupyterhub_config.py diff --git a/demo-image/Dockerfile b/demo-image/Dockerfile new file mode 100644 index 00000000..b5d69553 --- /dev/null +++ b/demo-image/Dockerfile @@ -0,0 +1,16 @@ +# Demo JupyterHub Docker image +# +# This should only be used for demo or testing and not as a base image to build on. +# +# It includes the notebook package and it uses the DummyAuthenticator and the SimpleLocalProcessSpawner. + +FROM jupyterhub/jupyterhub-onbuild + +# Install the notebook package +RUN python3 -m pip install notebook + +# Create a demo user +RUN useradd --create-home demo +RUN chown demo . + +USER demo diff --git a/demo-image/README.md b/demo-image/README.md new file mode 100644 index 00000000..7c9681b8 --- /dev/null +++ b/demo-image/README.md @@ -0,0 +1,25 @@ +## Demo Dockerfile + +This is a demo JupyterHub Docker image to help you get a quick overview of what +JupyterHub is and how it works. + +It uses the SimpleLocalProcessSpawner to spawn new user servers and +DummyAuthenticator for authentication. +The DummyAuthenticator allows you to log in with any username & password and the +SimpleLocalProcessSpawner allows starting servers without having to create a +local user for each JupyterHub user. + +### Important! + +This should only be used for demo or testing purposes! +It shouldn't be used as a base image to build on. + +### Try it +1. `cd` to the root of your jupyterhub repo. + +2. Build the demo image with `docker build -t jupyterhub-demo demo-image`. + +3. Run the demo image with `docker run -d -p 8000:8000 jupyterhub-demo`. + +4. Visit http://localhost:8000 and login with any username and password +5. Happy demo-ing :tada:! diff --git a/demo-image/jupyterhub_config.py b/demo-image/jupyterhub_config.py new file mode 100644 index 00000000..99a0ff13 --- /dev/null +++ b/demo-image/jupyterhub_config.py @@ -0,0 +1,7 @@ +# Configuration file for jupyterhub-demo + +c = get_config() + +# Use DummyAuthenticator and SympleSpawner +c.JupyterHub.spawner_class = "simple" +c.JupyterHub.authenticator_class = "dummy" From da3fedb5aa6a70b9e1b578594266ae969e182100 Mon Sep 17 00:00:00 2001 From: Zsailer Date: Mon, 1 Jun 2020 12:41:22 -0700 Subject: [PATCH 371/541] pin jupyter_telemetry dependency --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 825fd409..07cc96e8 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,7 +3,7 @@ async_generator>=1.8 certipy>=0.1.2 entrypoints jinja2 -jupyter_telemetry +jupyter_telemetry==0.1.0 oauthlib>=3.0 pamela prometheus_client>=0.0.21 From 66c3760b02b57e2571feaa573f4a9768e6d1e6ab Mon Sep 17 00:00:00 2001 From: Georgiana Elena Date: Wed, 3 Jun 2020 14:30:51 +0300 Subject: [PATCH 372/541] Update jupyterhub/app.py Co-authored-by: Erik Sundell --- jupyterhub/app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index ebc5938e..8b2119ed 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -571,7 +571,7 @@ class JupyterHub(Application): # Warn if both bind_url and ip/port/base_url are set if bind_url != self.bind_url: - if self.bind_url != "http://:8000" and self.bind_url != "https://:8000": + if self.bind_url != self._bind_url_default(): self.log.warning( "Both bind_url and ip/port/base_url have been configured. " "JupyterHub.ip, JupyterHub.port, JupyterHub.base_url are" From a8bc4f8a4a8d51201020e74290da52f3833cea12 Mon Sep 17 00:00:00 2001 From: Matthias Bussonnier Date: Fri, 5 Jun 2020 15:04:02 -0700 Subject: [PATCH 373/541] Test with some master dependencies. This does some of the test with the latest traitlets. We are looking into making a 5.0 release and would like to have some confidence that it does not break too many things. --- .travis.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.travis.yml b/.travis.yml index 8e2c56b0..f4de85ae 100644 --- a/.travis.yml +++ b/.travis.yml @@ -37,6 +37,10 @@ before_install: install: - pip install --upgrade pip - pip install --upgrade --pre -r dev-requirements.txt . + - | + if [[ "$MASTER_DEPENDENCIES" == "True" ]]; then + pip install git+https://github.com/ipython/traitlets#egg=traitlets --force + fi - pip freeze # run tests @@ -87,6 +91,14 @@ jobs: - PGPASSWORD=hub[test/:? # The password in url below is url-encoded with: urllib.parse.quote($PGPASSWORD, safe='') - JUPYTERHUB_TEST_DB_URL=postgresql://jupyterhub:hub%5Btest%2F%3A%3F@127.0.0.1/jupyterhub + - name: python:3.8 + master dependencies + python: 3.8 + env: + - PGUSER=jupyterhub + - PGPASSWORD=hub[test/:? + # The password in url below is url-encoded with: urllib.parse.quote($PGPASSWORD, safe='') + - JUPYTERHUB_TEST_DB_URL=postgresql://jupyterhub:hub%5Btest%2F%3A%3F@127.0.0.1/jupyterhub + - MASTER_DEPENDENCIES=True - name: python:nightly python: nightly allow_failures: From 522ef3daeae97c663890cfbf26ddd3a9ce2df190 Mon Sep 17 00:00:00 2001 From: "Bruno P. Kinoshita" Date: Mon, 8 Jun 2020 23:49:31 +1200 Subject: [PATCH 374/541] Add Configuration Reference --- docs/source/conf.py | 54 ++++++++++++++++++++++ docs/source/reference/config-reference.rst | 30 ++++++++++++ docs/source/reference/index.rst | 1 + 3 files changed, 85 insertions(+) create mode 100644 docs/source/reference/config-reference.rst diff --git a/docs/source/conf.py b/docs/source/conf.py index 64e4939a..e0eb3bb9 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -60,11 +60,65 @@ default_role = 'literal' import recommonmark from recommonmark.transform import AutoStructify +# -- Config ------------------------------------------------------------- +from jupyterhub.app import JupyterHub +from docutils import nodes +from sphinx.directives.other import SphinxDirective +from contextlib import redirect_stdout +from io import StringIO + +# create a temp instance of JupyterHub just to get the output of the generate-config +# and help --all commands. +jupyterhub_app = JupyterHub() + + +class ConfigDirective(SphinxDirective): + """Generate the configuration file output for use in the documentation.""" + + has_content = False + required_arguments = 0 + optional_arguments = 0 + final_argument_whitespace = False + option_spec = {} + + def run(self): + # The generated configuration file for this version + generated_config = jupyterhub_app.generate_config_file() + # post-process output + home_dir = os.environ['HOME'] + generated_config = generated_config.replace(home_dir, '$HOME', 1) + par = nodes.literal_block(text=generated_config) + return [par] + + +class HelpAllDirective(SphinxDirective): + """Print the output of jupyterhub help --all for use in the documentation.""" + + has_content = False + required_arguments = 0 + optional_arguments = 0 + final_argument_whitespace = False + option_spec = {} + + def run(self): + # The output of the help command for this version + buffer = StringIO() + with redirect_stdout(buffer): + jupyterhub_app.print_help('--help-all') + all_help = buffer.getvalue() + # post-process output + home_dir = os.environ['HOME'] + all_help = all_help.replace(home_dir, '$HOME', 1) + par = nodes.literal_block(text=all_help) + return [par] + def setup(app): app.add_config_value('recommonmark_config', {'enable_eval_rst': True}, True) app.add_css_file('custom.css') app.add_transform(AutoStructify) + app.add_directive('jupyterhub-generate-config', ConfigDirective) + app.add_directive('jupyterhub-help-all', HelpAllDirective) source_suffix = ['.rst', '.md'] diff --git a/docs/source/reference/config-reference.rst b/docs/source/reference/config-reference.rst new file mode 100644 index 00000000..5b3c2acb --- /dev/null +++ b/docs/source/reference/config-reference.rst @@ -0,0 +1,30 @@ +============================== +Configuration Reference +============================== + +.. important:: + + Make sure the version of JupyterHub for this documentation matches your + installation version, as the output of this command may change between versions. + +JupyterHub configuration +------------------------ + +As explained in the `Configuration Basics <../getting-started/config-basics.html#generate-a-default-config-file>`_ +section, the ``jupyterhub-config.py`` can be automatically generated via + + .. code-block:: bash + + jupyterhub --generate-config + + +The following contains the output of that command for reference. + +.. jupyterhub-generate-config:: + +JupyterHub help command output +------------------------------ + +This section contains the output of the command ``jupyterhub --help-all``. + +.. jupyterhub-help-all:: diff --git a/docs/source/reference/index.rst b/docs/source/reference/index.rst index b900025d..4008a723 100644 --- a/docs/source/reference/index.rst +++ b/docs/source/reference/index.rst @@ -24,3 +24,4 @@ what happens under-the-hood when you deploy and configure your JupyterHub. config-ghoauth config-proxy config-sudo + config-reference From b92ea54eda68bc922b702fe91d12a1ed32125fd2 Mon Sep 17 00:00:00 2001 From: niklas netter <40384506+gatoniel@users.noreply.github.com> Date: Wed, 10 Jun 2020 14:16:36 +0200 Subject: [PATCH 375/541] proxy settings might cause authentication errors --- docs/source/troubleshooting.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/source/troubleshooting.md b/docs/source/troubleshooting.md index dc222942..1addff21 100644 --- a/docs/source/troubleshooting.md +++ b/docs/source/troubleshooting.md @@ -196,6 +196,10 @@ After this, when you start your server via JupyterHub, it will build a new container. If this was the underlying cause of the issue, you should see your server again. +##### Proxy settings + +When your whole JupyterHub sits behind a organization proxy (*not* a reverse proxy like NGINX as part of your setup and *not* the configurable-http-proxy) the environment variables `HTTP_PROXY`, `HTTPS_PROXY`, `http_proxy` and `https_proxy` might be set. This confuses the jupyterhub-singleuser servers: When connecting to the Hub for authorization they connect via the proxy instead of directly connecting to the Hub on localhost. The proxy might deny the request. This results in the singleuser server thinking it has a wrong auth token. To circumvent this you should unset these environment variables. Using the environment variables `NO_PROXY` and `no_proxy` seems not to work. + ### Launching Jupyter Notebooks to run as an externally managed JupyterHub service with the `jupyterhub-singleuser` command returns a `JUPYTERHUB_API_TOKEN` error [JupyterHub services](https://jupyterhub.readthedocs.io/en/stable/reference/services.html) allow processes to interact with JupyterHub's REST API. Example use-cases include: From 4eb22821f24a6bd44ad85ef712346233322e4c64 Mon Sep 17 00:00:00 2001 From: niklas netter <40384506+gatoniel@users.noreply.github.com> Date: Wed, 10 Jun 2020 14:51:37 +0200 Subject: [PATCH 376/541] no_proxy does work --- docs/source/troubleshooting.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/source/troubleshooting.md b/docs/source/troubleshooting.md index 1addff21..d92c594b 100644 --- a/docs/source/troubleshooting.md +++ b/docs/source/troubleshooting.md @@ -152,7 +152,7 @@ You should see a similar 200 message, as above, in the Hub log when you first visit your single-user notebook server. If you don't see this message in the log, it may mean that your single-user notebook server isn't connecting to your Hub. -If you see 403 (forbidden) like this, it's a token problem: +If you see 403 (forbidden) like this, it's likely a token problem: ``` 403 GET /hub/api/authorizations/cookie/jupyterhub-token-name/[secret] (@10.0.1.4) 4.14ms @@ -196,9 +196,9 @@ After this, when you start your server via JupyterHub, it will build a new container. If this was the underlying cause of the issue, you should see your server again. -##### Proxy settings +##### Proxy settings (403 GET) -When your whole JupyterHub sits behind a organization proxy (*not* a reverse proxy like NGINX as part of your setup and *not* the configurable-http-proxy) the environment variables `HTTP_PROXY`, `HTTPS_PROXY`, `http_proxy` and `https_proxy` might be set. This confuses the jupyterhub-singleuser servers: When connecting to the Hub for authorization they connect via the proxy instead of directly connecting to the Hub on localhost. The proxy might deny the request. This results in the singleuser server thinking it has a wrong auth token. To circumvent this you should unset these environment variables. Using the environment variables `NO_PROXY` and `no_proxy` seems not to work. +When your whole JupyterHub sits behind a organization proxy (*not* a reverse proxy like NGINX as part of your setup and *not* the configurable-http-proxy) the environment variables `HTTP_PROXY`, `HTTPS_PROXY`, `http_proxy` and `https_proxy` might be set. This confuses the jupyterhub-singleuser servers: When connecting to the Hub for authorization they connect via the proxy instead of directly connecting to the Hub on localhost. The proxy might deny the request (403 GET). This results in the singleuser server thinking it has a wrong auth token. To circumvent this you should add `,,localhost,127.0.0.1` to the environment variables `NO_PROXY` and `no_proxy`. ### Launching Jupyter Notebooks to run as an externally managed JupyterHub service with the `jupyterhub-singleuser` command returns a `JUPYTERHUB_API_TOKEN` error From c357d02b566b76fc5801ae240ae7326bd8fd37cd Mon Sep 17 00:00:00 2001 From: Simon Li Date: Wed, 10 Jun 2020 14:53:58 +0100 Subject: [PATCH 377/541] Allow `python:3.8 + master dependencies` to fail Follow-up from https://github.com/jupyterhub/jupyterhub/pull/3076 --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index f4de85ae..dd24b9c8 100644 --- a/.travis.yml +++ b/.travis.yml @@ -103,4 +103,5 @@ jobs: python: nightly allow_failures: - name: python:nightly + - name: python:3.8 + master dependencies fast_finish: true From df35268bfee2ae9eb6ab51ac29e9521b8ae8ed1f Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 11 Jun 2020 09:45:18 +0200 Subject: [PATCH 378/541] make Spawner.environment config highest priority so that it can override 'default' env variables like JUPYTERHUB_API_URL use with caution! --- jupyterhub/spawner.py | 27 +++++++++++++++++---------- jupyterhub/tests/test_spawner.py | 12 ++++++++++++ 2 files changed, 29 insertions(+), 10 deletions(-) diff --git a/jupyterhub/spawner.py b/jupyterhub/spawner.py index 54875837..7c0bf9c4 100644 --- a/jupyterhub/spawner.py +++ b/jupyterhub/spawner.py @@ -467,6 +467,11 @@ class Spawner(LoggingConfigurable): Note that the spawner class' interface is not guaranteed to be exactly same across upgrades, so if you are using the callable take care to verify it continues to work after upgrades! + + .. versionchanged:: 1.2 + environment from this configuration has highest priority, + allowing override of 'default' env variables, + such as JUPYTERHUB_API_URL. """ ).tag(config=True) @@ -740,16 +745,6 @@ class Spawner(LoggingConfigurable): if key in os.environ: env[key] = os.environ[key] - # config overrides. If the value is a callable, it will be called with - # one parameter - the current spawner instance - and the return value - # will be assigned to the environment variable. This will be called at - # spawn time. - for key, value in self.environment.items(): - if callable(value): - env[key] = value(self) - else: - env[key] = value - env['JUPYTERHUB_API_TOKEN'] = self.api_token # deprecated (as of 0.7.2), for old versions of singleuser env['JPY_API_TOKEN'] = self.api_token @@ -797,6 +792,18 @@ class Spawner(LoggingConfigurable): env['JUPYTERHUB_SSL_CERTFILE'] = self.cert_paths['certfile'] env['JUPYTERHUB_SSL_CLIENT_CA'] = self.cert_paths['cafile'] + # env overrides from config. If the value is a callable, it will be called with + # one parameter - the current spawner instance - and the return value + # will be assigned to the environment variable. This will be called at + # spawn time. + # Called last to ensure highest priority, in case of overriding other + # 'default' variables like the API url + for key, value in self.environment.items(): + if callable(value): + env[key] = value(self) + else: + env[key] = value + return env async def get_url(self): diff --git a/jupyterhub/tests/test_spawner.py b/jupyterhub/tests/test_spawner.py index fa0cbeab..99b84393 100644 --- a/jupyterhub/tests/test_spawner.py +++ b/jupyterhub/tests/test_spawner.py @@ -404,3 +404,15 @@ async def test_spawner_routing(app, name): assert r.url == url assert r.text == urlparse(url).path await user.stop() + + +async def test_spawner_env(db): + env_overrides = { + "JUPYTERHUB_API_URL": "https://test.horse/hub/api", + "TEST_KEY": "value", + } + spawner = new_spawner(db, environment=env_overrides) + env = spawner.get_env() + for key, value in env_overrides.items(): + assert key in env + assert env[key] == value From aba55cc09319f9c402dcf96dd08efd6563ab5616 Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 4 Jun 2020 10:20:50 +0200 Subject: [PATCH 379/541] implement UserDict.get behaves more like one would expect (same as try get-key, except: return default) without relying on cache presence or underlying key type (integer only) --- jupyterhub/handlers/base.py | 5 ++-- jupyterhub/tests/test_user.py | 22 +++++++++++++++ jupyterhub/user.py | 51 +++++++++++++++++++++++++++++++++-- 3 files changed, 74 insertions(+), 4 deletions(-) create mode 100644 jupyterhub/tests/test_user.py diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index 9606fa61..07c7026e 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -676,9 +676,10 @@ class BaseHandler(RequestHandler): raise ValueError("Username doesn't match! %s != %s" % (username, user.name)) if user is None: - new_user = username not in self.users - user = self.user_from_username(username) + user = self.find_user(username) + new_user = user is None if new_user: + user = self.user_from_username(username) await maybe_future(self.authenticator.add_user(user)) # Only set `admin` if the authenticator returned an explicit value. if admin is not None and admin != user.admin: diff --git a/jupyterhub/tests/test_user.py b/jupyterhub/tests/test_user.py new file mode 100644 index 00000000..df7bc8a2 --- /dev/null +++ b/jupyterhub/tests/test_user.py @@ -0,0 +1,22 @@ +import pytest + +from ..user import UserDict +from .utils import add_user + + +@pytest.mark.parametrize("attr", ["self", "id", "name"]) +async def test_userdict_get(db, attr): + u = add_user(db, name="rey", app=False) + userdict = UserDict(db_factory=lambda: db, settings={}) + + if attr == "self": + key = u + else: + key = getattr(u, attr) + + # `in` checks cache only + assert key not in userdict + assert userdict.get(key) + assert userdict.get(key).id == u.id + # `in` should find it now + assert key in userdict diff --git a/jupyterhub/user.py b/jupyterhub/user.py index 4f049817..cfebe149 100644 --- a/jupyterhub/user.py +++ b/jupyterhub/user.py @@ -34,7 +34,23 @@ from .utils import url_path_join class UserDict(dict): """Like defaultdict, but for users - Getting by a user id OR an orm.User instance returns a User wrapper around the orm user. + Users can be retrieved by: + + - integer database id + - orm.User object + - username str + + A User wrapper object is always returned. + + This dict contains at least all active users, + but not necessarily all users in the database. + + Checking `key in userdict` returns whether + an item is already in the cache, + *not* whether it is in the database. + + .. versionchanged:: 1.2 + ``'username' in userdict`` pattern is now supported """ def __init__(self, db_factory, settings): @@ -57,11 +73,28 @@ class UserDict(dict): return self[orm_user.id] def __contains__(self, key): + """key in userdict checks presence in the cache + + it does not check if the user is in the database + """ if isinstance(key, (User, orm.User)): key = key.id + elif isinstance(key, str): + # username lookup, O(N) + for user in self.values(): + if user.name == key: + key = user.id + break return dict.__contains__(self, key) def __getitem__(self, key): + """UserDict allows retrieval of user by any of: + + - User object + - orm.User object + - username (str) + - orm.User.id int (actual key used in underlying dict) + """ if isinstance(key, User): key = key.id elif isinstance(key, str): @@ -69,7 +102,7 @@ class UserDict(dict): if orm_user is None: raise KeyError("No such user: %s" % key) else: - key = orm_user + key = orm_user.id if isinstance(key, orm.User): # users[orm_user] returns User(orm_user) orm_user = key @@ -92,6 +125,20 @@ class UserDict(dict): else: raise KeyError(repr(key)) + def get(self, key, default=None): + """Retrieve a User object if it can be found, else default + + Lookup can be by User object, id, or name + + .. versionchanged:: 1.2 + ``get()`` accesses the database instead of just the cache by integer id, + so is equivalent to catching KeyErrors on attempted lookup. + """ + try: + return self[key] + except KeyError: + return default + def __delitem__(self, key): user = self[key] for orm_spawner in user.orm_user._orm_spawners: From d4b5373c05c2614cb1af01128f18bc241d48e02c Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 4 Jun 2020 12:04:44 +0200 Subject: [PATCH 380/541] synchronize implementation of expiring values - base Expiring class - ensures expiring values (OAuthCode, OAuthAccessToken, APIToken) are not returned from `find` - all expire appropriately via purge_expired --- jupyterhub/app.py | 16 ++++-- jupyterhub/oauth/provider.py | 7 ++- jupyterhub/orm.py | 96 +++++++++++++++++++++++++++--------- jupyterhub/tests/test_orm.py | 77 ++++++++++++++++++++++++++++- 4 files changed, 166 insertions(+), 30 deletions(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 50809e19..174d5c71 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -1832,17 +1832,27 @@ class JupyterHub(Application): # purge expired tokens hourly purge_expired_tokens_interval = 3600 + def purge_expired_tokens(self): + """purge all expiring token objects from the database + + run periodically + """ + # this should be all the subclasses of Expiring + for cls in (orm.APIToken, orm.OAuthAccessToken, orm.OAuthCode): + self.log.debug("Purging expired {name}s".format(name=cls.__name__)) + cls.purge_expired(self.db) + async def init_api_tokens(self): """Load predefined API tokens (for services) into database""" await self._add_tokens(self.service_tokens, kind='service') await self._add_tokens(self.api_tokens, kind='user') - purge_expired_tokens = partial(orm.APIToken.purge_expired, self.db) - purge_expired_tokens() + + self.purge_expired_tokens() # purge expired tokens hourly # we don't need to be prompt about this # because expired tokens cannot be used anyway pc = PeriodicCallback( - purge_expired_tokens, 1e3 * self.purge_expired_tokens_interval + self.purge_expired_tokens, 1e3 * self.purge_expired_tokens_interval ) pc.start() diff --git a/jupyterhub/oauth/provider.py b/jupyterhub/oauth/provider.py index 6157223f..7c31d90d 100644 --- a/jupyterhub/oauth/provider.py +++ b/jupyterhub/oauth/provider.py @@ -2,7 +2,6 @@ implements https://oauthlib.readthedocs.io/en/latest/oauth2/server.html """ -from datetime import datetime from urllib.parse import urlparse from oauthlib import uri_validate @@ -250,7 +249,7 @@ class JupyterHubRequestValidator(RequestValidator): client=orm_client, code=code['code'], # oauth has 5 minutes to complete - expires_at=int(datetime.utcnow().timestamp() + 300), + expires_at=int(orm.OAuthCode.now() + 300), # TODO: persist oauth scopes # scopes=request.scopes, user=request.user.orm_user, @@ -347,7 +346,7 @@ class JupyterHubRequestValidator(RequestValidator): orm_access_token = orm.OAuthAccessToken( client=client, grant_type=orm.GrantType.authorization_code, - expires_at=datetime.utcnow().timestamp() + token['expires_in'], + expires_at=orm.OAuthAccessToken.now() + token['expires_in'], refresh_token=token['refresh_token'], # TODO: save scopes, # scopes=scopes, @@ -441,7 +440,7 @@ class JupyterHubRequestValidator(RequestValidator): Method is used by: - Authorization Code Grant """ - orm_code = self.db.query(orm.OAuthCode).filter_by(code=code).first() + orm_code = orm.OAuthCode.find(self.db, code=code) if orm_code is None: app_log.debug("No such code: %s", code) return False diff --git a/jupyterhub/orm.py b/jupyterhub/orm.py index 130d16f0..cc96ca88 100644 --- a/jupyterhub/orm.py +++ b/jupyterhub/orm.py @@ -311,7 +311,46 @@ class Service(Base): return db.query(cls).filter(cls.name == name).first() -class Hashed(object): +class Expiring: + """Mixin for expiring entries + + Subclass must define at least expires_at property, + which should be unix timestamp or datetime object + """ + + now = utcnow # funciton, must return float timestamp or datetime + expires_at = None # must be defined + + @property + def expires_in(self): + """Property returning expiration in seconds from now + + or None + """ + if self.expires_at: + delta = self.expires_at - self.now() + if isinstance(delta, timedelta): + delta = delta.total_seconds() + return delta + else: + return None + + @classmethod + def purge_expired(cls, db): + """Purge expired API Tokens from the database""" + now = cls.now() + deleted = False + for obj in ( + db.query(cls).filter(cls.expires_at != None).filter(cls.expires_at < now) + ): + app_log.debug("Purging expired %s", obj) + deleted = True + db.delete(obj) + if deleted: + db.commit() + + +class Hashed(Expiring): """Mixin for tables with hashed tokens""" prefix_length = 4 @@ -368,11 +407,21 @@ class Hashed(object): """Start the query for matching token. Returns an SQLAlchemy query already filtered by prefix-matches. + + .. versionchanged:: 1.2 + + Excludes expired matches. """ prefix = token[: cls.prefix_length] # since we can't filter on hashed values, filter on prefix # so we aren't comparing with all tokens - return db.query(cls).filter(bindparam('prefix', prefix).startswith(cls.prefix)) + prefix_match = db.query(cls).filter( + bindparam('prefix', prefix).startswith(cls.prefix) + ) + prefix_match = prefix_match.filter( + or_(cls.expires_at == None, cls.expires_at >= cls.now()) + ) + return prefix_match @classmethod def find(cls, db, token): @@ -408,6 +457,7 @@ class APIToken(Hashed, Base): return 'a%i' % self.id # token metadata for bookkeeping + now = datetime.utcnow # for expiry created = Column(DateTime, default=datetime.utcnow) expires_at = Column(DateTime, default=None, nullable=True) last_activity = Column(DateTime) @@ -428,20 +478,6 @@ class APIToken(Hashed, Base): cls=self.__class__.__name__, pre=self.prefix, kind=kind, name=name ) - @classmethod - def purge_expired(cls, db): - """Purge expired API Tokens from the database""" - now = utcnow() - deleted = False - for token in ( - db.query(cls).filter(cls.expires_at != None).filter(cls.expires_at < now) - ): - app_log.debug("Purging expired %s", token) - deleted = True - db.delete(token) - if deleted: - db.commit() - @classmethod def find(cls, db, token, *, kind=None): """Find a token object by value. @@ -452,9 +488,6 @@ class APIToken(Hashed, Base): `kind='service'` only returns API tokens for services """ prefix_match = cls.find_prefix(db, token) - prefix_match = prefix_match.filter( - or_(cls.expires_at == None, cls.expires_at >= utcnow()) - ) if kind == 'user': prefix_match = prefix_match.filter(cls.user_id != None) elif kind == 'service': @@ -497,7 +530,7 @@ class APIToken(Hashed, Base): assert service.id is not None orm_token.service = service if expires_in is not None: - orm_token.expires_at = utcnow() + timedelta(seconds=expires_in) + orm_token.expires_at = cls.now() + timedelta(seconds=expires_in) db.add(orm_token) db.commit() return token @@ -521,6 +554,10 @@ class OAuthAccessToken(Hashed, Base): __tablename__ = 'oauth_access_tokens' id = Column(Integer, primary_key=True, autoincrement=True) + @staticmethod + def now(): + return datetime.utcnow().timestamp() + @property def api_id(self): return 'o%i' % self.id @@ -547,11 +584,12 @@ class OAuthAccessToken(Hashed, Base): last_activity = Column(DateTime, nullable=True) def __repr__(self): - return "<{cls}('{prefix}...', client_id={client_id!r}, user={user!r}>".format( + return "<{cls}('{prefix}...', client_id={client_id!r}, user={user!r}, expires_in={expires_in}>".format( cls=self.__class__.__name__, client_id=self.client_id, user=self.user and self.user.name, prefix=self.prefix, + expires_in=self.expires_in, ) @classmethod @@ -568,8 +606,9 @@ class OAuthAccessToken(Hashed, Base): return orm_token -class OAuthCode(Base): +class OAuthCode(Expiring, Base): __tablename__ = 'oauth_codes' + id = Column(Integer, primary_key=True, autoincrement=True) client_id = Column( Unicode(255), ForeignKey('oauth_clients.identifier', ondelete='CASCADE') @@ -581,6 +620,19 @@ class OAuthCode(Base): # state = Column(Unicode(1023)) user_id = Column(Integer, ForeignKey('users.id', ondelete='CASCADE')) + @staticmethod + def now(): + return datetime.utcnow().timestamp() + + @classmethod + def find(cls, db, code): + return ( + db.query(cls) + .filter(cls.code == code) + .filter(or_(cls.expires_at == None, cls.expires_at >= cls.now())) + .first() + ) + class OAuthClient(Base): __tablename__ = 'oauth_clients' diff --git a/jupyterhub/tests/test_orm.py b/jupyterhub/tests/test_orm.py index 4790f386..0c125c5a 100644 --- a/jupyterhub/tests/test_orm.py +++ b/jupyterhub/tests/test_orm.py @@ -134,7 +134,7 @@ def test_token_expiry(db): assert orm_token.expires_at > now + timedelta(seconds=50) assert orm_token.expires_at < now + timedelta(seconds=70) the_future = mock.patch( - 'jupyterhub.orm.utcnow', lambda: now + timedelta(seconds=70) + 'jupyterhub.orm.APIToken.now', lambda: now + timedelta(seconds=70) ) with the_future: found = orm.APIToken.find(db, token=token) @@ -482,3 +482,78 @@ def test_group_delete_cascade(db): db.delete(user1) db.commit() assert user1 not in group1.users + + +def test_expiring_api_token(app, user): + db = app.db + token = orm.APIToken.new(expires_in=30, user=user) + orm_token = orm.APIToken.find(db, token, kind='user') + assert orm_token + + # purge_expired doesn't delete non-expired + orm.APIToken.purge_expired(db) + found = orm.APIToken.find(db, token) + assert found is orm_token + + with mock.patch.object( + orm.APIToken, 'now', lambda: datetime.utcnow() + timedelta(seconds=60) + ): + found = orm.APIToken.find(db, token) + assert found is None + assert orm_token in db.query(orm.APIToken) + orm.APIToken.purge_expired(db) + assert orm_token not in db.query(orm.APIToken) + + +def test_expiring_oauth_token(app, user): + db = app.db + token = "abc123" + now = orm.OAuthAccessToken.now + client = orm.OAuthClient(identifier="xxx", secret="yyy") + db.add(client) + orm_token = orm.OAuthAccessToken( + token=token, + grant_type=orm.GrantType.authorization_code, + client=client, + user=user, + expires_at=now() + 30, + ) + db.add(orm_token) + db.commit() + + found = orm.OAuthAccessToken.find(db, token) + assert found is orm_token + # purge_expired doesn't delete non-expired + orm.OAuthAccessToken.purge_expired(db) + found = orm.OAuthAccessToken.find(db, token) + assert found is orm_token + + with mock.patch.object(orm.OAuthAccessToken, 'now', lambda: now() + 60): + found = orm.OAuthAccessToken.find(db, token) + assert found is None + assert orm_token in db.query(orm.OAuthAccessToken) + orm.OAuthAccessToken.purge_expired(db) + assert orm_token not in db.query(orm.OAuthAccessToken) + + +def test_expiring_oauth_code(app, user): + db = app.db + code = "abc123" + now = orm.OAuthCode.now + orm_code = orm.OAuthCode(code=code, expires_at=now() + 30) + db.add(orm_code) + db.commit() + + found = orm.OAuthCode.find(db, code) + assert found is orm_code + # purge_expired doesn't delete non-expired + orm.OAuthCode.purge_expired(db) + found = orm.OAuthCode.find(db, code) + assert found is orm_code + + with mock.patch.object(orm.OAuthCode, 'now', lambda: now() + 60): + found = orm.OAuthCode.find(db, code) + assert found is None + assert orm_code in db.query(orm.OAuthCode) + orm.OAuthCode.purge_expired(db) + assert orm_code not in db.query(orm.OAuthCode) From 703703a6486d0d67dd709fbd1a5d04e5f5a70ad9 Mon Sep 17 00:00:00 2001 From: Jason Anderson Date: Thu, 11 Jun 2020 14:05:16 -0500 Subject: [PATCH 381/541] Ensure client dependencies build before wheel Bug #2852 describes an issue where templates cannot be found by JupyterHub when using the Docker images built out of this repo. The issue turned out to be due to missing node_modules at the time of build. There is a hook in the `package.json` that causes node_modules to be copied to the static/components directory post-install. If this is not run, those components are not in the static directory and thus are not included in the wheel when it is built. Fix #2905 fixed one problem--the `bower-lite` hook script wasn't copied to the Docker image, and so the hook couldn't run, but the other issue is that the client dependencies are never explicitly built. They must be built prior to the wheel build, and the hook script must have run so they are copied to the ./static folder, which is included in the wheel build thanks to [MANIFEST.in][1] .. note:: This removes the verbose flag from the wheel build command. The reason is that it generates a lot of writes to stdout. It seems that wheel can (or always) is switching to non-blocking mode, which can cause EAGAIN to be raised, which leads to fun errors like: BlockingIOError(.., 'write could not complete without blocking', ..) The wheels fail to build if this error is raised. Removing the verbosity flag is a quick solution (it drastically reduces writes to STDOUT), but comes at the cost of more trouble debugging a failed wheel build. Adding the "-v" back in the Dockerfile when debugging a build failure is still possible. [Credit: @vbraun][2] .. note:: This commit also removes some extraneous COPY operations during the Docker build, in particular the /src/jupyterhub/share directory is not used unless users have explicitly override their jupyterhub_config.py to include it somehow. If the default data_files_path behavior is used, JupyterHub should find the proper static directory when the application loads. Fixes: #2852 [1]: https://packaging.python.org/guides/using-manifest-in/ [2]: https://github.com/travis-ci/travis-ci/issues/4704#issuecomment-348435959 --- Dockerfile | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 36baddea..8b786bf0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -45,12 +45,15 @@ RUN apt-get update \ # compromise between needing to rebuild and maintaining # what needs to be part of the build COPY . /src/jupyterhub/ -COPY jupyterhub/ /src/jupyterhub/jupyterhub -COPY share/ /src/jupyterhub/share WORKDIR /src/jupyterhub + RUN python3 -m pip install --upgrade setuptools pip wheel -RUN python3 -m pip wheel -v --wheel-dir wheelhouse . + +# Build client component packages (they will be copied into ./share and +# packaged with the built wheel.) +RUN npm install +RUN python3 -m pip wheel --wheel-dir wheelhouse . FROM $BASE_IMAGE @@ -87,7 +90,6 @@ RUN npm install -g configurable-http-proxy@^4.2.0 \ # install the wheels we built in the first stage COPY --from=builder /src/jupyterhub/wheelhouse /tmp/wheelhouse -COPY --from=builder /src/jupyterhub/share /src/jupyterhub/share RUN python3 -m pip install --no-cache /tmp/wheelhouse/* RUN mkdir -p /srv/jupyterhub/ From 98dc1f71dbbf688529b076d91cea52211c3501e3 Mon Sep 17 00:00:00 2001 From: Min RK Date: Fri, 12 Jun 2020 10:03:34 +0200 Subject: [PATCH 382/541] build jupyterhub/jupyterhub-demo image on docker hub --- demo-image/Dockerfile | 4 ++-- demo-image/jupyterhub_config.py | 2 +- hooks/post_build | 3 +++ hooks/post_push | 34 ++++++++++++++++----------------- 4 files changed, 22 insertions(+), 21 deletions(-) diff --git a/demo-image/Dockerfile b/demo-image/Dockerfile index b5d69553..c5add75e 100644 --- a/demo-image/Dockerfile +++ b/demo-image/Dockerfile @@ -3,8 +3,8 @@ # This should only be used for demo or testing and not as a base image to build on. # # It includes the notebook package and it uses the DummyAuthenticator and the SimpleLocalProcessSpawner. - -FROM jupyterhub/jupyterhub-onbuild +ARG BASE_IMAGE=jupyterhub/jupyterhub-onbuild +FROM ${BASE_IMAGE} # Install the notebook package RUN python3 -m pip install notebook diff --git a/demo-image/jupyterhub_config.py b/demo-image/jupyterhub_config.py index 99a0ff13..312df765 100644 --- a/demo-image/jupyterhub_config.py +++ b/demo-image/jupyterhub_config.py @@ -2,6 +2,6 @@ c = get_config() -# Use DummyAuthenticator and SympleSpawner +# Use DummyAuthenticator and SimpleSpawner c.JupyterHub.spawner_class = "simple" c.JupyterHub.authenticator_class = "dummy" diff --git a/hooks/post_build b/hooks/post_build index 874fd6d5..70d712e2 100755 --- a/hooks/post_build +++ b/hooks/post_build @@ -1,4 +1,7 @@ #!/bin/bash set -exuo pipefail +# build jupyterhub-onbuild image docker build --build-arg BASE_IMAGE=$DOCKER_REPO:$DOCKER_TAG -t ${DOCKER_REPO}-onbuild:$DOCKER_TAG onbuild +# build jupyterhub-demo image +docker build --build-arg BASE_IMAGE=${DOCKER_REPO}-onbuild:$DOCKER_TAG -t ${DOCKER_REPO}-demo:$DOCKER_TAG demo-image diff --git a/hooks/post_push b/hooks/post_push index 1b19f796..4db84638 100755 --- a/hooks/post_push +++ b/hooks/post_push @@ -2,8 +2,11 @@ set -exuo pipefail export ONBUILD=${DOCKER_REPO}-onbuild +export DEMO=${DOCKER_REPO}-demo +export REPOS="${DOCKER_REPO} ${ONBUILD} ${DEMO}" # push ONBUILD image docker push $ONBUILD:$DOCKER_TAG +docker push $DEMO:$DOCKER_TAG function get_hub_version() { rm -f hub_version @@ -20,25 +23,20 @@ function get_hub_version() { fi } - get_hub_version -# when building master, push 0.9.0.dev as well -docker tag $DOCKER_REPO:$DOCKER_TAG $DOCKER_REPO:$hub_xyz -docker push $DOCKER_REPO:$hub_xyz -docker tag $ONBUILD:$DOCKER_TAG $ONBUILD:$hub_xyz -docker push $ONBUILD:$hub_xyz +for repo in ${REPOS}; do + # when building master, push 0.9.0.dev as well + docker tag $repo:$DOCKER_TAG $repo:$hub_xyz + docker push $repo:$hub_xyz -# when building 0.9.x, push 0.9 as well -docker tag $DOCKER_REPO:$DOCKER_TAG $DOCKER_REPO:$hub_xy -docker push $DOCKER_REPO:$hub_xy -docker tag $ONBUILD:$DOCKER_TAG $ONBUILD:$hub_xy -docker push $ONBUILD:$hub_xyz + # when building 0.9.x, push 0.9 as well + docker tag $repo:$DOCKER_TAG $repo:$hub_xy + docker push $repo:$hub_xy -# if building a stable release, tag latest as well -if [[ "$latest" == "1" ]]; then - docker tag $DOCKER_REPO:$DOCKER_TAG $DOCKER_REPO:latest - docker push $DOCKER_REPO:latest - docker tag $ONBUILD:$DOCKER_TAG $ONBUILD:latest - docker push $ONBUILD:latest -fi + # if building a stable release, tag latest as well + if [[ "$latest" == "1" ]]; then + docker tag $repo:$DOCKER_TAG $repo:latest + docker push $repo:latest + fi +done From 10f09f4f7041d7414d5fb9ba57f1c233888214a2 Mon Sep 17 00:00:00 2001 From: Leo Gallucci Date: Fri, 12 Jun 2020 18:00:00 +0200 Subject: [PATCH 383/541] Remove already done named servers from roadmap Remove already done "UI for managing named servers" from the roadmap --- docs/source/contributing/roadmap.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/source/contributing/roadmap.md b/docs/source/contributing/roadmap.md index 8ad33fbf..c1a6194e 100644 --- a/docs/source/contributing/roadmap.md +++ b/docs/source/contributing/roadmap.md @@ -83,7 +83,6 @@ these will be moved at a future review of the roadmap. - (prometheus?) API for resource monitoring - tracking activity on single-user servers instead of the proxy - notes and activity tracking per API token - - UI for managing named servers ### Later From 2d1f91e527721af9ce095acd65cd82df9b41f544 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Sat, 13 Jun 2020 11:47:34 +0100 Subject: [PATCH 384/541] Replace zonca/remotespawner with NERSC/sshspawner https://github.com/zonca/remotespawner is archived, the readme recommends https://github.com/jupyterhub/batchspawner --- docs/source/reference/spawners.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/source/reference/spawners.md b/docs/source/reference/spawners.md index d2a21472..78a78d3f 100644 --- a/docs/source/reference/spawners.md +++ b/docs/source/reference/spawners.md @@ -27,8 +27,8 @@ Some examples include: servers using batch systems - [YarnSpawner](https://github.com/jupyterhub/yarnspawner) for spawning notebook servers in YARN containers on a Hadoop cluster -- [RemoteSpawner](https://github.com/zonca/remotespawner) to spawn notebooks - and a remote server and tunnel the port via SSH +- [SSHSpawner](https://github.com/NERSC/sshspawner) to spawn notebooks + on a remote server using SSH ## Spawner control methods From 5bbf584cb7d691d4f41e5a725de611b98bef4ea9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Collonval?= Date: Sat, 13 Jun 2020 15:58:46 +0200 Subject: [PATCH 385/541] Make `delete_invalid_users` configurable --- jupyterhub/auth.py | 1 + 1 file changed, 1 insertion(+) diff --git a/jupyterhub/auth.py b/jupyterhub/auth.py index 9a43d280..ef18fead 100644 --- a/jupyterhub/auth.py +++ b/jupyterhub/auth.py @@ -206,6 +206,7 @@ class Authenticator(LoggingConfigurable): delete_invalid_users = Bool( False, + config=True, help="""Delete any users from the database that do not pass validation When JupyterHub starts, `.add_user` will be called From cc8e7806530466dce8968567d1bbd2b39a7afa26 Mon Sep 17 00:00:00 2001 From: Min RK Date: Mon, 15 Jun 2020 14:40:20 +0200 Subject: [PATCH 386/541] rename white/blacklist allowed/blocked - group_whitelist -> allowed_groups still todo: handle deprecated signatures in check_whitelist methods while preserving subclass overrides --- jupyterhub/apihandlers/auth.py | 9 +- jupyterhub/app.py | 48 +++--- jupyterhub/auth.py | 212 +++++++++++++++++-------- jupyterhub/services/auth.py | 8 +- jupyterhub/spawner.py | 6 +- jupyterhub/tests/test_app.py | 2 +- jupyterhub/tests/test_auth.py | 61 ++++--- jupyterhub/tests/test_pages.py | 2 +- jupyterhub/tests/test_services_auth.py | 10 +- 9 files changed, 219 insertions(+), 139 deletions(-) diff --git a/jupyterhub/apihandlers/auth.py b/jupyterhub/apihandlers/auth.py index 15a4d783..b7c4df0e 100644 --- a/jupyterhub/apihandlers/auth.py +++ b/jupyterhub/apihandlers/auth.py @@ -201,7 +201,7 @@ class OAuthAuthorizeHandler(OAuthHandler, BaseHandler): def needs_oauth_confirm(self, user, oauth_client): """Return whether the given oauth client needs to prompt for access for the given user - Checks whitelist for oauth clients + Checks list for oauth clients that don't need confirmation (i.e. the user's own server) @@ -214,9 +214,8 @@ class OAuthAuthorizeHandler(OAuthHandler, BaseHandler): if ( # it's the user's own server oauth_client.identifier in own_oauth_client_ids - # or it's in the global whitelist - or oauth_client.identifier - in self.settings.get('oauth_no_confirm_whitelist', set()) + # or it's in the global no-confirm list + or oauth_client.identifier in self.settings.get('oauth_no_confirm', set()) ): return False # default: require confirmation @@ -229,7 +228,7 @@ class OAuthAuthorizeHandler(OAuthHandler, BaseHandler): Render oauth confirmation page: "Server at ... would like permission to ...". - Users accessing their own server or a service whitelist + Users accessing their own server or a blessed service will skip confirmation. """ diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 8b2119ed..ba549aa4 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -1689,22 +1689,22 @@ class JupyterHub(Application): # the admin_users config variable will never be used after this point. # only the database values will be referenced. - whitelist = [ + allowed = [ self.authenticator.normalize_username(name) - for name in self.authenticator.whitelist + for name in self.authenticator.allowed ] - self.authenticator.whitelist = set(whitelist) # force normalization - for username in whitelist: + self.authenticator.allowed = set(allowed) # force normalization + for username in allowed: if not self.authenticator.validate_username(username): raise ValueError("username %r is not valid" % username) - if not whitelist: + if not allowed: self.log.info( - "Not using whitelist. Any authenticated user will be allowed." + "Not using allowed user list. Any authenticated user will be allowed." ) - # add whitelisted users to the db - for name in whitelist: + # add allowed users to the db + for name in allowed: user = orm.User.find(db, name) if user is None: user = orm.User(name=name) @@ -1714,9 +1714,9 @@ class JupyterHub(Application): db.commit() # Notify authenticator of all users. - # This ensures Auth whitelist is up-to-date with the database. - # This lets whitelist be used to set up initial list, - # but changes to the whitelist can occur in the database, + # This ensures Authenticator.allowed is up-to-date with the database. + # This lets .allowed be used to set up initial list, + # but changes to the allowed list can occur in the database, # and persist across sessions. total_users = 0 for user in db.query(orm.User): @@ -1753,9 +1753,9 @@ class JupyterHub(Application): user.created = user.last_activity or datetime.utcnow() db.commit() - # The whitelist set and the users in the db are now the same. + # The allowed set and the users in the db are now the same. # From this point on, any user changes should be done simultaneously - # to the whitelist set and user db, unless the whitelist is empty (all users allowed). + # to the allowed set and user db, unless the allowed set is empty (all users allowed). TOTAL_USERS.set(total_users) @@ -1770,11 +1770,11 @@ class JupyterHub(Application): for username in usernames: username = self.authenticator.normalize_username(username) if not ( - await maybe_future( - self.authenticator.check_whitelist(username, None) - ) + await maybe_future(self.authenticator.check_allowed(username, None)) ): - raise ValueError("Username %r is not in whitelist" % username) + raise ValueError( + "Username %r is not in Authenticator.allowed" % username + ) user = orm.User.find(db, name=username) if user is None: if not self.authenticator.validate_username(username): @@ -1798,11 +1798,13 @@ class JupyterHub(Application): if kind == 'user': name = self.authenticator.normalize_username(name) if not ( - await maybe_future(self.authenticator.check_whitelist(name, None)) + await maybe_future(self.authenticator.check_allowed(name, None)) ): - raise ValueError("Token name %r is not in whitelist" % name) + raise ValueError( + "Token user name %r is not in Authenticator.allowed" % name + ) if not self.authenticator.validate_username(name): - raise ValueError("Token name %r is not valid" % name) + raise ValueError("Token user name %r is not valid" % name) if kind == 'service': if not any(service["name"] == name for service in self.services): self.log.warning( @@ -2183,14 +2185,14 @@ class JupyterHub(Application): else: version_hash = datetime.now().strftime("%Y%m%d%H%M%S") - oauth_no_confirm_whitelist = set() + oauth_no_confirm_list = set() for service in self._service_map.values(): if service.oauth_no_confirm: self.log.warning( "Allowing service %s to complete OAuth without confirmation on an authorization web page", service.name, ) - oauth_no_confirm_whitelist.add(service.oauth_client_id) + oauth_no_confirm_list.add(service.oauth_client_id) settings = dict( log_function=log_request, @@ -2226,7 +2228,7 @@ class JupyterHub(Application): default_server_name=self._default_server_name, named_server_limit_per_user=self.named_server_limit_per_user, oauth_provider=self.oauth_provider, - oauth_no_confirm_whitelist=oauth_no_confirm_whitelist, + oauth_no_confirm_list=oauth_no_confirm_list, concurrent_spawn_limit=self.concurrent_spawn_limit, spawn_throttle_retry_range=self.spawn_throttle_retry_range, active_server_limit=self.active_server_limit, diff --git a/jupyterhub/auth.py b/jupyterhub/auth.py index 9a43d280..476e7441 100644 --- a/jupyterhub/auth.py +++ b/jupyterhub/auth.py @@ -7,6 +7,7 @@ import re import sys import warnings from concurrent.futures import ThreadPoolExecutor +from functools import partial from shutil import which from subprocess import PIPE from subprocess import Popen @@ -100,41 +101,74 @@ class Authenticator(LoggingConfigurable): """ ).tag(config=True) - whitelist = Set( + whitelist = Set(help="Deprecated, use `Authenticator.allowed`", config=True,) + + allowed = Set( help=""" - Whitelist of usernames that are allowed to log in. + Set of usernames that are allowed to log in. Use this with supported authenticators to restrict which users can log in. This is an - additional whitelist that further restricts users, beyond whatever restrictions the + additional list that further restricts users, beyond whatever restrictions the authenticator has in place. If empty, does not perform any additional restriction. + + .. versionchanged:: 1.2 + `Authenticator.whitelist` renamed to `allowed` """ ).tag(config=True) - blacklist = Set( + blocked = Set( help=""" - Blacklist of usernames that are not allowed to log in. + Set of usernames that are not allowed to log in. Use this with supported authenticators to restrict which users can not log in. This is an - additional blacklist that further restricts users, beyond whatever restrictions the + additional block list that further restricts users, beyond whatever restrictions the authenticator has in place. If empty, does not perform any additional restriction. .. versionadded: 0.9 + + .. versionchanged:: 1.2 + `Authenticator.blacklist` renamed to `blocked` """ ).tag(config=True) - @observe('whitelist') - def _check_whitelist(self, change): + _deprecated_aliases = { + "whitelist": ("allowed", "1.2"), + "blacklist": ("blocked", "1.2"), + } + + @observe(*list(_deprecated_aliases)) + def _deprecated_trait(self, change): + """observer for deprecated traits""" + old_attr = change.name + new_attr, version = self._deprecated_aliases.get(old_attr) + new_value = getattr(self, new_attr) + if new_value != change.new: + # only warn if different + # protects backward-compatible config from warnings + # if they set the same value under both names + self.log.warning( + "{cls}.{old} is deprecated in JupyterHub {version}, use {cls}.{new} instead".format( + cls=self.__class__.__name__, + old=old_attr, + new=new_attr, + version=version, + ) + ) + setattr(self, new_attr, change.new) + + @observe('allowed') + def _check_allowed(self, change): short_names = [name for name in change['new'] if len(name) <= 1] if short_names: sorted_names = sorted(short_names) single = ''.join(sorted_names) string_set_typo = "set('%s')" % single self.log.warning( - "whitelist contains single-character names: %s; did you mean set([%r]) instead of %s?", + "Allowed list contains single-character names: %s; did you mean set([%r]) instead of %s?", sorted_names[:8], single, string_set_typo, @@ -260,6 +294,8 @@ class Authenticator(LoggingConfigurable): def __init__(self, **kwargs): super().__init__(**kwargs) + # TODO: properly handle deprecated signature *and* name + # with correct subclass override priority! for method_name in ( 'check_whitelist', 'check_blacklist', @@ -326,39 +362,45 @@ class Authenticator(LoggingConfigurable): username = self.username_map.get(username, username) return username - def check_whitelist(self, username, authentication=None): - """Check if a username is allowed to authenticate based on whitelist configuration + def check_allowed(self, username, authentication=None): + """Check if a username is allowed to authenticate based on configuration Return True if username is allowed, False otherwise. - No whitelist means any username is allowed. + No allowed set means any username is allowed. - Names are normalized *before* being checked against the whitelist. + Names are normalized *before* being checked against the allowed set. .. versionchanged:: 1.0 Signature updated to accept authentication data and any future changes - """ - if not self.whitelist: - # No whitelist means any name is allowed - return True - return username in self.whitelist - def check_blacklist(self, username, authentication=None): - """Check if a username is blocked to authenticate based on blacklist configuration + .. versionchanged:: 1.2 + Renamed check_whitelist to check_allowed + """ + if not self.allowed: + # No allowed set means any name is allowed + return True + return username in self.allowed + + def check_blocked(self, username, authentication=None): + """Check if a username is blocked to authenticate based on Authenticator.blocked configuration Return True if username is allowed, False otherwise. - No blacklist means any username is allowed. + No block list means any username is allowed. - Names are normalized *before* being checked against the blacklist. + Names are normalized *before* being checked against the block list. .. versionadded: 0.9 .. versionchanged:: 1.0 Signature updated to accept authentication data as second argument + + .. versionchanged:: 1.2 + Renamed check_blacklist to check_blocked """ - if not self.blacklist: - # No blacklist means any name is allowed + if not self.blocked: + # No block list means any name is allowed return True - return username not in self.blacklist + return username not in self.blocked async def get_authenticated_user(self, handler, data): """Authenticate the user who is attempting to log in @@ -367,7 +409,7 @@ class Authenticator(LoggingConfigurable): This calls `authenticate`, which should be overridden in subclasses, normalizes the username if any normalization should be done, - and then validates the name in the whitelist. + and then validates the name in the allowed set. This is the outer API for authenticating a user. Subclasses should not override this method. @@ -375,7 +417,7 @@ class Authenticator(LoggingConfigurable): The various stages can be overridden separately: - `authenticate` turns formdata into a username - `normalize_username` normalizes the username - - `check_whitelist` checks against the user whitelist + - `check_allowed` checks against the user allowed .. versionchanged:: 0.8 return dict instead of username @@ -389,7 +431,7 @@ class Authenticator(LoggingConfigurable): else: authenticated = {'name': authenticated} authenticated.setdefault('auth_state', None) - # Leave the default as None, but reevaluate later post-whitelist + # Leave the default as None, but reevaluate later post-allowed-check authenticated.setdefault('admin', None) # normalize the username @@ -400,20 +442,16 @@ class Authenticator(LoggingConfigurable): self.log.warning("Disallowing invalid username %r.", username) return - blacklist_pass = await maybe_future( - self.check_blacklist(username, authenticated) - ) - whitelist_pass = await maybe_future( - self.check_whitelist(username, authenticated) - ) + blocked_pass = await maybe_future(self.check_blocked(username, authenticated)) + allowed_pass = await maybe_future(self.check_allowed(username, authenticated)) - if blacklist_pass: + if blocked_pass: pass else: - self.log.warning("User %r in blacklist. Stop authentication", username) + self.log.warning("User %r blocked. Stop authentication", username) return - if whitelist_pass: + if allowed_pass: if authenticated['admin'] is None: authenticated['admin'] = await maybe_future( self.is_admin(handler, authenticated) @@ -423,7 +461,7 @@ class Authenticator(LoggingConfigurable): return authenticated else: - self.log.warning("User %r not in whitelist.", username) + self.log.warning("User %r not allowed.", username) return async def refresh_user(self, user, handler=None): @@ -479,7 +517,7 @@ class Authenticator(LoggingConfigurable): It must return the username on successful authentication, and return None on failed authentication. - Checking the whitelist is handled separately by the caller. + Checking allowed/blocked is handled separately by the caller. .. versionchanged:: 0.8 Allow `authenticate` to return a dict containing auth_state. @@ -520,10 +558,10 @@ class Authenticator(LoggingConfigurable): This method may be a coroutine. - By default, this just adds the user to the whitelist. + By default, this just adds the user to the allowed set. Subclasses may do more extensive things, such as adding actual unix users, - but they should call super to ensure the whitelist is updated. + but they should call super to ensure the allowed set is updated. Note that this should be idempotent, since it is called whenever the hub restarts for all users. @@ -533,19 +571,19 @@ class Authenticator(LoggingConfigurable): """ if not self.validate_username(user.name): raise ValueError("Invalid username: %s" % user.name) - if self.whitelist: - self.whitelist.add(user.name) + if self.allowed: + self.allowed.add(user.name) def delete_user(self, user): """Hook called when a user is deleted - Removes the user from the whitelist. - Subclasses should call super to ensure the whitelist is updated. + Removes the user from the allowed set. + Subclasses should call super to ensure the allowed set is updated. Args: user (User): The User wrapper object """ - self.whitelist.discard(user.name) + self.allowed.discard(user.name) auto_login = Bool( False, @@ -610,6 +648,38 @@ class Authenticator(LoggingConfigurable): return [('/login', LoginHandler)] +def _deprecated_method(old_name, new_name, version, self, *args, **kwargs): + """Method wrapper for a deprecated method name""" + + warnings.warn( + ( + "{cls}.{old_name} is deprecated in JupyterHub {version}." + " Please use {cls}.{new_name} instead." + ).format( + cls=self.__class__.__name__, + old_name=old_name, + new_name=new_name, + version=version, + ), + DeprecationWarning, + stacklevel=2, + ) + old_method = getattr(self, new_name) + return old_method(*args, **kwargs) + + +# deprecate white/blacklist method names +for _old_name, _new_name, _version in [ + ("check_whitelist", "check_allowed", "1.2"), + ("check_blacklist", "check_blocked", "1.2"), +]: + setattr( + Authenticator, + _old_name, + partial(_deprecated_method, _old_name, _new_name, _version), + ) + + class LocalAuthenticator(Authenticator): """Base class for Authenticators that work with local Linux/UNIX users @@ -669,37 +739,37 @@ class LocalAuthenticator(Authenticator): """ ).tag(config=True) - group_whitelist = Set( - help=""" - Whitelist all users from this UNIX group. + group_whitelist = Set(help="""DEPRECATED: use allowed_groups""",).tag(config=True) - This makes the username whitelist ineffective. + allowed_groups = Set( + help=""" + Allow login from all users in these UNIX groups. + + If set, allowed username set is ignored. """ ).tag(config=True) - @observe('group_whitelist') - def _group_whitelist_changed(self, change): - """ - Log a warning if both group_whitelist and user whitelist are set. - """ - if self.whitelist: + @observe('allowed_groups') + def _allowed_groups_changed(self, change): + """Log a warning if mutually exclusive user and group allowed sets are specified.""" + if self.allowed: self.log.warning( - "Ignoring username whitelist because group whitelist supplied!" + "Ignoring Authenticator.allowed set because Authenticator.allowed_groups supplied!" ) - def check_whitelist(self, username, authentication=None): - if self.group_whitelist: - return self.check_group_whitelist(username, authentication) + def check_allowed(self, username, authentication=None): + if self.allowed_groups: + return self.check_allowed_groups(username, authentication) else: - return super().check_whitelist(username, authentication) + return super().check_allowed(username, authentication) - def check_group_whitelist(self, username, authentication=None): + def check_allowed_groups(self, username, authentication=None): """ - If group_whitelist is configured, check if authenticating user is part of group. + If allowed_groups is configured, check if authenticating user is part of group. """ - if not self.group_whitelist: + if not self.allowed_groups: return False - for grnam in self.group_whitelist: + for grnam in self.allowed_groups: try: group = self._getgrnam(grnam) except KeyError: @@ -843,7 +913,7 @@ class PAMAuthenticator(LocalAuthenticator): Authoritative list of user groups that determine admin access. Users not in these groups can still be granted admin status through admin_users. - White/blacklisting rules still apply. + allowed/blocked rules still apply. """ ).tag(config=True) @@ -986,6 +1056,16 @@ class PAMAuthenticator(LocalAuthenticator): return super().normalize_username(username) +for _old_name, _new_name, _version in [ + ("check_group_whitelist", "check_group_allowed", "1.2"), +]: + setattr( + LocalAuthenticator, + _old_name, + partial(_deprecated_method, _old_name, _new_name, _version), + ) + + class DummyAuthenticator(Authenticator): """Dummy Authenticator for testing diff --git a/jupyterhub/services/auth.py b/jupyterhub/services/auth.py index 518fd7e8..5ad6d163 100644 --- a/jupyterhub/services/auth.py +++ b/jupyterhub/services/auth.py @@ -860,15 +860,15 @@ class HubAuthenticated(object): if kind == 'service': # it's a service, check hub_services if self.hub_services and name in self.hub_services: - app_log.debug("Allowing whitelisted Hub service %s", name) + app_log.debug("Allowing Hub service %s", name) return model else: app_log.warning("Not allowing Hub service %s", name) raise UserNotAllowed(model) if self.hub_users and name in self.hub_users: - # user in whitelist - app_log.debug("Allowing whitelisted Hub user %s", name) + # user in allowed list + app_log.debug("Allowing Hub user %s", name) return model elif self.hub_groups and set(model['groups']).intersection(self.hub_groups): allowed_groups = set(model['groups']).intersection(self.hub_groups) @@ -877,7 +877,7 @@ class HubAuthenticated(object): name, ','.join(sorted(allowed_groups)), ) - # group in whitelist + # group in allowed list return model else: app_log.warning("Not allowing Hub user %s", name) diff --git a/jupyterhub/spawner.py b/jupyterhub/spawner.py index 7c0bf9c4..cdca3c74 100644 --- a/jupyterhub/spawner.py +++ b/jupyterhub/spawner.py @@ -435,9 +435,9 @@ class Spawner(LoggingConfigurable): 'LC_ALL', ], help=""" - Whitelist of environment variables for the single-user server to inherit from the JupyterHub process. + List of environment variables for the single-user server to inherit from the JupyterHub process. - This whitelist is used to ensure that sensitive information in the JupyterHub process's environment + This list is used to ensure that sensitive information in the JupyterHub process's environment (such as `CONFIGPROXY_AUTH_TOKEN`) is not passed to the single-user server's process. """, ).tag(config=True) @@ -456,7 +456,7 @@ class Spawner(LoggingConfigurable): Environment variables that end up in the single-user server's process come from 3 sources: - This `environment` configurable - - The JupyterHub process' environment variables that are whitelisted in `env_keep` + - The JupyterHub process' environment variables that are listed in `env_keep` - Variables to establish contact between the single-user notebook and the hub (such as JUPYTERHUB_API_TOKEN) The `environment` configurable should be set by JupyterHub administrators to add diff --git a/jupyterhub/tests/test_app.py b/jupyterhub/tests/test_app.py index bc59176b..55000bc7 100644 --- a/jupyterhub/tests/test_app.py +++ b/jupyterhub/tests/test_app.py @@ -93,7 +93,7 @@ def test_generate_config(): os.remove(cfg_file) assert cfg_file in out assert 'Spawner.cmd' in cfg_text - assert 'Authenticator.whitelist' in cfg_text + assert 'Authenticator.allowed' in cfg_text async def test_init_tokens(request): diff --git a/jupyterhub/tests/test_auth.py b/jupyterhub/tests/test_auth.py index 10ae0b1a..3c9b79ec 100644 --- a/jupyterhub/tests/test_auth.py +++ b/jupyterhub/tests/test_auth.py @@ -6,6 +6,7 @@ from unittest import mock import pytest from requests import HTTPError +from traitlets.config import Config from .mocking import MockPAMAuthenticator from .mocking import MockStructGroup @@ -137,8 +138,8 @@ async def test_pam_auth_admin_groups(): assert authorized['admin'] is False -async def test_pam_auth_whitelist(): - authenticator = MockPAMAuthenticator(whitelist={'wash', 'kaylee'}) +async def test_pam_auth_allowed(): + authenticator = MockPAMAuthenticator(allowed={'wash', 'kaylee'}) authorized = await authenticator.get_authenticated_user( None, {'username': 'kaylee', 'password': 'kaylee'} ) @@ -155,11 +156,11 @@ async def test_pam_auth_whitelist(): assert authorized is None -async def test_pam_auth_group_whitelist(): +async def test_pam_auth_allowed_groups(): def getgrnam(name): return MockStructGroup('grp', ['kaylee']) - authenticator = MockPAMAuthenticator(group_whitelist={'group'}) + authenticator = MockPAMAuthenticator(allowed_groups={'group'}) with mock.patch.object(authenticator, '_getgrnam', getgrnam): authorized = await authenticator.get_authenticated_user( @@ -174,7 +175,7 @@ async def test_pam_auth_group_whitelist(): assert authorized is None -async def test_pam_auth_blacklist(): +async def test_pam_auth_blocked(): # Null case compared to next case authenticator = MockPAMAuthenticator() authorized = await authenticator.get_authenticated_user( @@ -183,50 +184,41 @@ async def test_pam_auth_blacklist(): assert authorized['name'] == 'wash' # Blacklist basics - authenticator = MockPAMAuthenticator(blacklist={'wash'}) + authenticator = MockPAMAuthenticator(blocked={'wash'}) authorized = await authenticator.get_authenticated_user( None, {'username': 'wash', 'password': 'wash'} ) assert authorized is None - # User in both white and blacklists: default deny. Make error someday? - authenticator = MockPAMAuthenticator( - blacklist={'wash'}, whitelist={'wash', 'kaylee'} - ) + # User in both allowed and blocked: default deny. Make error someday? + authenticator = MockPAMAuthenticator(blocked={'wash'}, allowed={'wash', 'kaylee'}) authorized = await authenticator.get_authenticated_user( None, {'username': 'wash', 'password': 'wash'} ) assert authorized is None - # User not in blacklist can log in - authenticator = MockPAMAuthenticator( - blacklist={'wash'}, whitelist={'wash', 'kaylee'} - ) + # User not in blocked set can log in + authenticator = MockPAMAuthenticator(blocked={'wash'}, allowed={'wash', 'kaylee'}) authorized = await authenticator.get_authenticated_user( None, {'username': 'kaylee', 'password': 'kaylee'} ) assert authorized['name'] == 'kaylee' - # User in whitelist, blacklist irrelevent - authenticator = MockPAMAuthenticator( - blacklist={'mal'}, whitelist={'wash', 'kaylee'} - ) + # User in allowed, blocked irrelevent + authenticator = MockPAMAuthenticator(blocked={'mal'}, allowed={'wash', 'kaylee'}) authorized = await authenticator.get_authenticated_user( None, {'username': 'wash', 'password': 'wash'} ) assert authorized['name'] == 'wash' # User in neither list - authenticator = MockPAMAuthenticator( - blacklist={'mal'}, whitelist={'wash', 'kaylee'} - ) + authenticator = MockPAMAuthenticator(blocked={'mal'}, allowed={'wash', 'kaylee'}) authorized = await authenticator.get_authenticated_user( None, {'username': 'simon', 'password': 'simon'} ) assert authorized is None - # blacklist == {} - authenticator = MockPAMAuthenticator(blacklist=set(), whitelist={'wash', 'kaylee'}) + authenticator = MockPAMAuthenticator(blocked=set(), allowed={'wash', 'kaylee'}) authorized = await authenticator.get_authenticated_user( None, {'username': 'kaylee', 'password': 'kaylee'} ) @@ -253,7 +245,7 @@ async def test_deprecated_signatures(): async def test_pam_auth_no_such_group(): - authenticator = MockPAMAuthenticator(group_whitelist={'nosuchcrazygroup'}) + authenticator = MockPAMAuthenticator(allowed_groups={'nosuchcrazygroup'}) authorized = await authenticator.get_authenticated_user( None, {'username': 'kaylee', 'password': 'kaylee'} ) @@ -262,7 +254,7 @@ async def test_pam_auth_no_such_group(): async def test_wont_add_system_user(): user = orm.User(name='lioness4321') - authenticator = auth.PAMAuthenticator(whitelist={'mal'}) + authenticator = auth.PAMAuthenticator(allowed={'mal'}) authenticator.create_system_users = False with pytest.raises(KeyError): await authenticator.add_user(user) @@ -270,7 +262,7 @@ async def test_wont_add_system_user(): async def test_cant_add_system_user(): user = orm.User(name='lioness4321') - authenticator = auth.PAMAuthenticator(whitelist={'mal'}) + authenticator = auth.PAMAuthenticator(allowed={'mal'}) authenticator.add_user_cmd = ['jupyterhub-fake-command'] authenticator.create_system_users = True @@ -296,7 +288,7 @@ async def test_cant_add_system_user(): async def test_add_system_user(): user = orm.User(name='lioness4321') - authenticator = auth.PAMAuthenticator(whitelist={'mal'}) + authenticator = auth.PAMAuthenticator(allowed={'mal'}) authenticator.create_system_users = True authenticator.add_user_cmd = ['echo', '/home/USERNAME'] @@ -317,13 +309,13 @@ async def test_add_system_user(): async def test_delete_user(): user = orm.User(name='zoe') - a = MockPAMAuthenticator(whitelist={'mal'}) + a = MockPAMAuthenticator(allowed={'mal'}) - assert 'zoe' not in a.whitelist + assert 'zoe' not in a.allowed await a.add_user(user) - assert 'zoe' in a.whitelist + assert 'zoe' in a.allowed a.delete_user(user) - assert 'zoe' not in a.whitelist + assert 'zoe' not in a.allowed def test_urls(): @@ -461,3 +453,10 @@ async def test_post_auth_hook(): ) assert authorized['testkey'] == 'testvalue' + + +async def test_deprecations(): + cfg = Config() + cfg.Authenticator.whitelist = {'user'} + authenticator = auth.Authenticator(config=cfg) + assert authenticator.allowed == {'user'} diff --git a/jupyterhub/tests/test_pages.py b/jupyterhub/tests/test_pages.py index a1825d43..44e67332 100644 --- a/jupyterhub/tests/test_pages.py +++ b/jupyterhub/tests/test_pages.py @@ -686,7 +686,7 @@ async def test_shutdown_on_logout(app, shutdown_on_logout): assert spawner.ready == (not shutdown_on_logout) -async def test_login_no_whitelist_adds_user(app): +async def test_login_no_allowed_adds_user(app): auth = app.authenticator mock_add_user = mock.Mock() with mock.patch.object(auth, 'add_user', mock_add_user): diff --git a/jupyterhub/tests/test_services_auth.py b/jupyterhub/tests/test_services_auth.py index de4d73e9..752091d2 100644 --- a/jupyterhub/tests/test_services_auth.py +++ b/jupyterhub/tests/test_services_auth.py @@ -185,7 +185,7 @@ def test_hub_authenticated(request): m.get(good_url, text=json.dumps(mock_model)) - # no whitelist + # no specific allowed user r = requests.get( 'http://127.0.0.1:%i' % port, cookies={'jubal': 'early'}, @@ -194,7 +194,7 @@ def test_hub_authenticated(request): r.raise_for_status() assert r.status_code == 200 - # pass whitelist + # pass allowed user TestHandler.hub_users = {'jubalearly'} r = requests.get( 'http://127.0.0.1:%i' % port, @@ -204,7 +204,7 @@ def test_hub_authenticated(request): r.raise_for_status() assert r.status_code == 200 - # no pass whitelist + # no pass allowed ser TestHandler.hub_users = {'kaylee'} r = requests.get( 'http://127.0.0.1:%i' % port, @@ -213,7 +213,7 @@ def test_hub_authenticated(request): ) assert r.status_code == 403 - # pass group whitelist + # pass allowed group TestHandler.hub_groups = {'lions'} r = requests.get( 'http://127.0.0.1:%i' % port, @@ -223,7 +223,7 @@ def test_hub_authenticated(request): r.raise_for_status() assert r.status_code == 200 - # no pass group whitelist + # no pass allowed group TestHandler.hub_groups = {'tigers'} r = requests.get( 'http://127.0.0.1:%i' % port, From 14378f4cc2da8ced635841547d396d07027f56d7 Mon Sep 17 00:00:00 2001 From: "Bruno P. Kinoshita" Date: Mon, 15 Jun 2020 21:45:33 +1200 Subject: [PATCH 387/541] Include the query string parameters when redirecting to a new URL --- jupyterhub/handlers/base.py | 28 +++++++++++++++++++++++++++ jupyterhub/handlers/login.py | 11 +++++++++-- jupyterhub/handlers/pages.py | 2 ++ share/jupyterhub/templates/login.html | 2 +- 4 files changed, 40 insertions(+), 3 deletions(-) diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index 9606fa61..f2d21e89 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -654,8 +654,36 @@ class BaseHandler(RequestHandler): next_url = url_path_join(self.hub.base_url, 'spawn') else: next_url = url_path_join(self.hub.base_url, 'home') + + next_url = self.append_query_parameters(next_url, exclude=['next']) return next_url + def append_query_parameters(self, url, exclude=None): + """Append the current request's query parameters to the given URL. + + Supports an extra optional parameter ``exclude`` that when provided must + contain a list of parameters to be ignored, i.e. these parameters will + not be added to the URL. + + This is important to avoid infinite loops with the next parameter being + added over and over, for instance. + + :param str url: a URL + :param list exclude: optional list of parameters to be ignored + :rtype (str) + """ + if not exclude: + exclude = [] + if self.request.query: + query_string = [ + param + for param in parse_qsl(self.request.query) + if param[0] not in exclude + ] + if query_string: + url = url_concat(url, query_string) + return url + async def auth_to_user(self, authenticated, user=None): """Persist data from .authenticate() or .refresh_user() to the User database diff --git a/jupyterhub/handlers/login.py b/jupyterhub/handlers/login.py index f1bd7c45..85654564 100644 --- a/jupyterhub/handlers/login.py +++ b/jupyterhub/handlers/login.py @@ -90,13 +90,20 @@ class LoginHandler(BaseHandler): """Render the login page.""" def _render(self, login_error=None, username=None): + # login url with any parameters specified by the user/application + login_url = self.append_query_parameters( + self.settings['login_url'], exclude=['next'] + ) + # the next url for after the login + next_url = url_escape(self.get_argument('next', default='')) + # now concat the login_url with the next_url + login_url = url_concat(login_url, {'next': next_url}) return self.render_template( 'login.html', - next=url_escape(self.get_argument('next', default='')), username=username, login_error=login_error, custom_html=self.authenticator.custom_html, - login_url=self.settings['login_url'], + login_url=login_url, authenticator_login_url=url_concat( self.authenticator.login_url(self.hub.base_url), {'next': self.get_argument('next', '')}, diff --git a/jupyterhub/handlers/pages.py b/jupyterhub/handlers/pages.py index ffc44bb5..ea0c1d34 100644 --- a/jupyterhub/handlers/pages.py +++ b/jupyterhub/handlers/pages.py @@ -285,6 +285,8 @@ class SpawnHandler(BaseHandler): self.hub.base_url, "spawn-pending", user.escaped_name, server_name ) + pending_url = self.append_query_parameters(pending_url, exclude=['next']) + if self.get_argument('next', None): # preserve `?next=...` through spawn-pending pending_url = url_concat(pending_url, {'next': self.get_argument('next')}) diff --git a/share/jupyterhub/templates/login.html b/share/jupyterhub/templates/login.html index 130339c9..6242ab71 100644 --- a/share/jupyterhub/templates/login.html +++ b/share/jupyterhub/templates/login.html @@ -19,7 +19,7 @@
    {% else %} -
    +
    Sign in
    From ec710f4d901f39001363b45fe0608cb409abe0a9 Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 18 Jun 2020 11:50:44 +0200 Subject: [PATCH 388/541] test subclass priority when overriding old methods --- jupyterhub/auth.py | 104 +++++++++++++++++++++++----------- jupyterhub/tests/test_auth.py | 49 +++++++++++++++- 2 files changed, 118 insertions(+), 35 deletions(-) diff --git a/jupyterhub/auth.py b/jupyterhub/auth.py index 476e7441..cfc82541 100644 --- a/jupyterhub/auth.py +++ b/jupyterhub/auth.py @@ -294,41 +294,74 @@ class Authenticator(LoggingConfigurable): def __init__(self, **kwargs): super().__init__(**kwargs) + self._init_deprecated_methods() + + def _init_deprecated_methods(self): # TODO: properly handle deprecated signature *and* name # with correct subclass override priority! - for method_name in ( - 'check_whitelist', - 'check_blacklist', - 'check_group_whitelist', + for old_name, new_name in ( + ('check_whitelist', 'check_allowed'), + ('check_blacklist', 'check_blocked'), + ('check_group_whitelist', 'check_allowed_groups'), ): - original_method = getattr(self, method_name, None) - if original_method is None: + old_method = getattr(self, old_name, None) + if old_method is None: # no such method (check_group_whitelist is optional) continue - signature = inspect.signature(original_method) - if 'authentication' not in signature.parameters: + + # allow old name to have higher priority + # if and only if it's defined in a later subclass + # than the new name + for cls in self.__class__.mro(): + has_old_name = old_name in cls.__dict__ + has_new_name = new_name in cls.__dict__ + if has_new_name: + break + if has_old_name and not has_new_name: + warnings.warn( + "{0}.{1} should be renamed to {0}.{2} for JupyterHub >= 1.2".format( + cls.__name__, old_name, new_name + ), + DeprecationWarning, + ) + # use old name instead of new + # if old name is overridden in subclass + def _new_calls_old(old_name, *args, **kwargs): + return getattr(self, old_name)(*args, **kwargs) + + setattr(self, new_name, partial(_new_calls_old, old_name)) + break + + # deprecate pre-1.0 method signatures + signature = inspect.signature(old_method) + if 'authentication' not in signature.parameters and not any( + param.kind == inspect.Parameter.VAR_KEYWORD + for param in signature.parameters.values() + ): # adapt to pre-1.0 signature for compatibility warnings.warn( """ {0}.{1} does not support the authentication argument, - added in JupyterHub 1.0. + added in JupyterHub 1.0. and is renamed to {2} in JupyterHub 1.2. It should have the signature: - def {1}(self, username, authentication=None): + def {2}(self, username, authentication=None): ... Adapting for compatibility. """.format( - self.__class__.__name__, method_name + self.__class__.__name__, old_name, new_name ), DeprecationWarning, ) - def wrapped_method(username, authentication=None, **kwargs): + def wrapped_method( + original_method, username, authentication=None, **kwargs + ): return original_method(username, **kwargs) - setattr(self, method_name, wrapped_method) + setattr(self, old_name, partial(wrapped_method, old_method)) async def run_post_auth_hook(self, handler, authentication): """ @@ -648,25 +681,30 @@ class Authenticator(LoggingConfigurable): return [('/login', LoginHandler)] -def _deprecated_method(old_name, new_name, version, self, *args, **kwargs): - """Method wrapper for a deprecated method name""" +def _deprecated_method(old_name, new_name, version): + """Create a deprecated method wrapper for a deprecated method name""" - warnings.warn( - ( - "{cls}.{old_name} is deprecated in JupyterHub {version}." - " Please use {cls}.{new_name} instead." - ).format( - cls=self.__class__.__name__, - old_name=old_name, - new_name=new_name, - version=version, - ), - DeprecationWarning, - stacklevel=2, - ) - old_method = getattr(self, new_name) - return old_method(*args, **kwargs) + def deprecated(self, *args, **kwargs): + warnings.warn( + ( + "{cls}.{old_name} is deprecated in JupyterHub {version}." + " Please use {cls}.{new_name} instead." + ).format( + cls=self.__class__.__name__, + old_name=old_name, + new_name=new_name, + version=version, + ), + DeprecationWarning, + stacklevel=2, + ) + old_method = getattr(self, new_name) + return old_method(*args, **kwargs) + return deprecated + + +import types # deprecate white/blacklist method names for _old_name, _new_name, _version in [ @@ -674,9 +712,7 @@ for _old_name, _new_name, _version in [ ("check_blacklist", "check_blocked", "1.2"), ]: setattr( - Authenticator, - _old_name, - partial(_deprecated_method, _old_name, _new_name, _version), + Authenticator, _old_name, _deprecated_method(_old_name, _new_name, _version), ) @@ -1062,7 +1098,7 @@ for _old_name, _new_name, _version in [ setattr( LocalAuthenticator, _old_name, - partial(_deprecated_method, _old_name, _new_name, _version), + _deprecated_method(_old_name, _new_name, _version), ) diff --git a/jupyterhub/tests/test_auth.py b/jupyterhub/tests/test_auth.py index 3c9b79ec..0021b1da 100644 --- a/jupyterhub/tests/test_auth.py +++ b/jupyterhub/tests/test_auth.py @@ -1,7 +1,9 @@ """Tests for PAM authentication""" # Copyright (c) Jupyter Development Team. # Distributed under the terms of the Modified BSD License. +import logging import os +import warnings from unittest import mock import pytest @@ -455,8 +457,53 @@ async def test_post_auth_hook(): assert authorized['testkey'] == 'testvalue' -async def test_deprecations(): +class MyAuthenticator(auth.Authenticator): + def check_whitelist(self, username, authentication=None): + return username == "subclass-allowed" + + +def test_deprecated_config(caplog): + cfg = Config() + cfg.Authenticator.whitelist = {'user'} + log = logging.getLogger("testlog") + authenticator = auth.Authenticator(config=cfg, log=log) + assert caplog.record_tuples == [ + ( + log.name, + logging.WARNING, + 'Authenticator.whitelist is deprecated in JupyterHub 1.2, use ' + 'Authenticator.allowed instead', + ) + ] + assert authenticator.allowed == {'user'} + + +def test_deprecated_methods(): cfg = Config() cfg.Authenticator.whitelist = {'user'} authenticator = auth.Authenticator(config=cfg) + + assert authenticator.check_allowed("user") + with pytest.deprecated_call(): + assert authenticator.check_whitelist("user") + assert not authenticator.check_allowed("otheruser") + with pytest.deprecated_call(): + assert not authenticator.check_whitelist("otheruser") + + +def test_deprecated_config_subclass(): + cfg = Config() + cfg.MyAuthenticator.whitelist = {'user'} + with pytest.deprecated_call(): + authenticator = MyAuthenticator(config=cfg) assert authenticator.allowed == {'user'} + + +def test_deprecated_methods_subclass(): + with pytest.deprecated_call(): + authenticator = MyAuthenticator() + + assert authenticator.check_allowed("subclass-allowed") + assert authenticator.check_whitelist("subclass-allowed") + assert not authenticator.check_allowed("otheruser") + assert not authenticator.check_whitelist("otheruser") From d4ce3aa731511aec60dcb5767b4b47715d319a33 Mon Sep 17 00:00:00 2001 From: "Bruno P. Kinoshita" Date: Sat, 20 Jun 2020 22:19:54 +1200 Subject: [PATCH 389/541] Add unit tests --- jupyterhub/tests/test_pages.py | 46 +++++++++++++++++++++++----------- 1 file changed, 32 insertions(+), 14 deletions(-) diff --git a/jupyterhub/tests/test_pages.py b/jupyterhub/tests/test_pages.py index a1825d43..544b54c9 100644 --- a/jupyterhub/tests/test_pages.py +++ b/jupyterhub/tests/test_pages.py @@ -516,6 +516,19 @@ async def test_user_redirect_deprecated(app, username): ) +async def test_login_page(app): + url = url_concat('login', dict(next='foo', param1='test')) + r = await get_page(url, app) + assert r.url.endswith('/hub/login?next=foo¶m1=test') + # now the login.html rendered template must include the given parameters in the form + # action URL, including the next URL + page = BeautifulSoup(r.text, "html.parser") + form = page.find("form", method="post") + action = form.attrs['action'] + assert 'next=foo' in action + assert 'param1=test' in action + + async def test_login_fail(app): name = 'wash' base_url = public_url(app) @@ -546,26 +559,29 @@ async def test_login_strip(app): @pytest.mark.parametrize( - 'running, next_url, location', + 'running, next_url, location, params', [ # default URL if next not specified, for both running and not - (True, '', ''), - (False, '', ''), + (True, '', '', None), + (False, '', '', None), # next_url is respected - (False, '/hub/admin', '/hub/admin'), - (False, '/user/other', '/hub/user/other'), - (False, '/absolute', '/absolute'), - (False, '/has?query#andhash', '/has?query#andhash'), + (False, '/hub/admin', '/hub/admin', None), + (False, '/user/other', '/hub/user/other', None), + (False, '/absolute', '/absolute', None), + (False, '/has?query#andhash', '/has?query#andhash', None), # next_url outside is not allowed - (False, 'relative/path', ''), - (False, 'https://other.domain', ''), - (False, 'ftp://other.domain', ''), - (False, '//other.domain', ''), - (False, '///other.domain/triple', ''), - (False, '\\\\other.domain/backslashes', ''), + (False, 'relative/path', '', None), + (False, 'https://other.domain', '', None), + (False, 'ftp://other.domain', '', None), + (False, '//other.domain', '', None), + (False, '///other.domain/triple', '', None), + (False, '\\\\other.domain/backslashes', '', None), + # params are handled correctly + (True, '/hub/admin', 'hub/admin?left=1&right=2', dict(left=1, right=2)), + (False, '/hub/admin', 'hub/admin?left=1&right=2', dict(left=1, right=2)), ], ) -async def test_login_redirect(app, running, next_url, location): +async def test_login_redirect(app, running, next_url, location, params): cookies = await app.login_user('river') user = app.users['river'] if location: @@ -577,6 +593,8 @@ async def test_login_redirect(app, running, next_url, location): location = ujoin(app.base_url, 'hub/spawn') url = 'login' + if params: + url = url_concat(url, params) if next_url: if '//' not in next_url and next_url.startswith('/'): next_url = ujoin(app.base_url, next_url, '') From 8528684dc42ef4ca9ee633bf6ac26ed2599afb55 Mon Sep 17 00:00:00 2001 From: Matt Riedemann Date: Mon, 22 Jun 2020 15:35:15 -0500 Subject: [PATCH 390/541] Remove old context-less print statement This was added in PR #2721 and by default results in just printing out "10" without any context when starting the hub service. This simply removes the orphan print statement. I'm open to changing this to a debug log statement with context if someone finds that useful, e.g.: `self.log.debug('Effective init_spawners_timeout: %s', init_spawners_timeout)` --- jupyterhub/app.py | 1 - 1 file changed, 1 deletion(-) diff --git a/jupyterhub/app.py b/jupyterhub/app.py index 8b2119ed..dd8f6db2 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -2360,7 +2360,6 @@ class JupyterHub(Application): if init_spawners_timeout < 0: # negative timeout means forever (previous, most stable behavior) init_spawners_timeout = 86400 - print(init_spawners_timeout) init_start_time = time.perf_counter() init_spawners_future = asyncio.ensure_future(self.init_spawners()) From 7ad4b0c7cb1a71c2fc39f064a8e73a04ed75ddb2 Mon Sep 17 00:00:00 2001 From: Min RK Date: Tue, 23 Jun 2020 10:10:07 +0200 Subject: [PATCH 391/541] update allowed/blocked language in docs our words matter, let's be more mindful --- docs/source/changelog.md | 10 ++++++---- .../authenticators-users-basics.md | 20 +++++++++---------- docs/source/reference/config-ghoauth.md | 2 +- docs/source/reference/config-sudo.md | 2 +- docs/source/reference/services.md | 2 +- docs/source/troubleshooting.md | 15 +++++++------- 6 files changed, 26 insertions(+), 25 deletions(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 5589b968..6eb740e7 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -7,6 +7,8 @@ command line for details. ## [Unreleased] + + ## 1.1 ### [1.1.0] 2020-01-17 @@ -116,7 +118,7 @@ Thanks to everyone who has contributed to this release! - Log JupyterHub version on startup [#2752](https://github.com/jupyterhub/jupyterhub/pull/2752) ([@consideRatio](https://github.com/consideRatio)) - Reduce verbosity for "Failing suspected API request to not-running server" (new) [#2751](https://github.com/jupyterhub/jupyterhub/pull/2751) ([@rkdarst](https://github.com/rkdarst)) - Add missing package for json schema doc build [#2744](https://github.com/jupyterhub/jupyterhub/pull/2744) ([@willingc](https://github.com/willingc)) -- blacklist urllib3 versions with encoding bug [#2743](https://github.com/jupyterhub/jupyterhub/pull/2743) ([@minrk](https://github.com/minrk)) +- block urllib3 versions with encoding bug [#2743](https://github.com/jupyterhub/jupyterhub/pull/2743) ([@minrk](https://github.com/minrk)) - Remove tornado deprecated/unnecessary AsyncIOMainLoop().install() call [#2740](https://github.com/jupyterhub/jupyterhub/pull/2740) ([@kinow](https://github.com/kinow)) - Fix deprecated call [#2739](https://github.com/jupyterhub/jupyterhub/pull/2739) ([@kinow](https://github.com/kinow)) - Remove duplicate hub and authenticator traitlets from Spawner [#2736](https://github.com/jupyterhub/jupyterhub/pull/2736) ([@eslavich](https://github.com/eslavich)) @@ -231,8 +233,8 @@ whether it was through discussion, testing, documentation, or development. This hook may transform the return value of `Authenticator.authenticate()` and return a new authentication dictionary, e.g. specifying admin privileges, group membership, - or custom white/blacklisting logic. - This hook is called *after* existing normalization and whitelist checking. + or custom allowed/blocked logic. + This hook is called *after* existing normalization and allowed-username checking. - `Spawner.options_from_form` may now be async - Added `JupyterHub.shutdown_on_logout` option to trigger shutdown of a user's servers when they log out. @@ -418,7 +420,7 @@ and tornado < 5.0. launching an IPython session connected to your JupyterHub database. - Include `User.auth_state` in user model on single-user REST endpoints for admins only. - Include `Server.state` in server model on REST endpoints for admins only. -- Add `Authenticator.blacklist` for blacklisting users instead of whitelisting. +- Add `Authenticator.blacklist` for blocking users instead of allowing. - Pass `c.JupyterHub.tornado_settings['cookie_options']` down to Spawners so that cookie options (e.g. `expires_days`) can be set globally for the whole application. - SIGINFO (`ctrl-t`) handler showing the current status of all running threads, diff --git a/docs/source/getting-started/authenticators-users-basics.md b/docs/source/getting-started/authenticators-users-basics.md index b954f88d..a2647976 100644 --- a/docs/source/getting-started/authenticators-users-basics.md +++ b/docs/source/getting-started/authenticators-users-basics.md @@ -4,23 +4,23 @@ The default Authenticator uses [PAM][] to authenticate system users with their username and password. With the default Authenticator, any user with an account and password on the system will be allowed to login. -## Create a whitelist of users +## Create a set of allowed users -You can restrict which users are allowed to login with a whitelist, -`Authenticator.whitelist`: +You can restrict which users are allowed to login with a set, +`Authenticator.allowed`: ```python -c.Authenticator.whitelist = {'mal', 'zoe', 'inara', 'kaylee'} +c.Authenticator.allowed = {'mal', 'zoe', 'inara', 'kaylee'} ``` -Users in the whitelist are added to the Hub database when the Hub is +Users in the allowed set are added to the Hub database when the Hub is started. ## Configure admins (`admin_users`) Admin users of JupyterHub, `admin_users`, can add and remove users from -the user `whitelist`. `admin_users` can take actions on other users' +the user `allowed` set. `admin_users` can take actions on other users' behalf, such as stopping and restarting their servers. A set of initial admin users, `admin_users` can configured be as follows: @@ -28,7 +28,7 @@ A set of initial admin users, `admin_users` can configured be as follows: ```python c.Authenticator.admin_users = {'mal', 'zoe'} ``` -Users in the admin list are automatically added to the user `whitelist`, +Users in the admin set are automatically added to the user `allowed` set, if they are not already present. Each authenticator may have different ways of determining whether a user is an @@ -53,12 +53,12 @@ sure your users know if admin_access is enabled.** Users can be added to and removed from the Hub via either the admin panel or the REST API. When a user is **added**, the user will be -automatically added to the whitelist and database. Restarting the Hub -will not require manually updating the whitelist in your config file, +automatically added to the allowed set and database. Restarting the Hub +will not require manually updating the allowed set in your config file, as the users will be loaded from the database. After starting the Hub once, it is not sufficient to **remove** a user -from the whitelist in your config file. You must also remove the user +from the allowed set in your config file. You must also remove the user from the Hub's database, either by deleting the user from JupyterHub's admin page, or you can clear the `jupyterhub.sqlite` database and start fresh. diff --git a/docs/source/reference/config-ghoauth.md b/docs/source/reference/config-ghoauth.md index b120b3b2..4183ddec 100644 --- a/docs/source/reference/config-ghoauth.md +++ b/docs/source/reference/config-ghoauth.md @@ -52,7 +52,7 @@ c.GitHubOAuthenticator.oauth_callback_url = os.environ['OAUTH_CALLBACK_URL'] c.LocalAuthenticator.create_system_users = True # specify users and admin -c.Authenticator.whitelist = {'rgbkrk', 'minrk', 'jhamrick'} +c.Authenticator.allowed = {'rgbkrk', 'minrk', 'jhamrick'} c.Authenticator.admin_users = {'jhamrick', 'rgbkrk'} # uses the default spawner diff --git a/docs/source/reference/config-sudo.md b/docs/source/reference/config-sudo.md index fc0d4865..310f1a93 100644 --- a/docs/source/reference/config-sudo.md +++ b/docs/source/reference/config-sudo.md @@ -57,7 +57,7 @@ To do this we add to `/etc/sudoers` (use `visudo` for safe editing of sudoers): For example: ```bash -# comma-separated whitelist of users that can spawn single-user servers +# comma-separated list of users that can spawn single-user servers # this should include all of your Hub users Runas_Alias JUPYTER_USERS = rhea, zoe, wash diff --git a/docs/source/reference/services.md b/docs/source/reference/services.md index ec446c8e..d940034b 100644 --- a/docs/source/reference/services.md +++ b/docs/source/reference/services.md @@ -313,7 +313,7 @@ class MyHandler(HubAuthenticated, web.RequestHandler): The HubAuth will automatically load the desired configuration from the Service environment variables. -If you want to limit user access, you can whitelist users through either the +If you want to limit user access, you can specify allowed users through either the `.hub_users` attribute or `.hub_groups`. These are sets that check against the username and user group list, respectively. If a user matches neither the user list nor the group list, they will not be allowed access. If both are left diff --git a/docs/source/troubleshooting.md b/docs/source/troubleshooting.md index d92c594b..3958e590 100644 --- a/docs/source/troubleshooting.md +++ b/docs/source/troubleshooting.md @@ -7,8 +7,8 @@ problem and how to resolve it. [*Behavior*](#behavior) - JupyterHub proxy fails to start - sudospawner fails to run -- What is the default behavior when none of the lists (admin, whitelist, - group whitelist) are set? +- What is the default behavior when none of the lists (admin, allowed, + allowed groups) are set? - JupyterHub Docker container not accessible at localhost [*Errors*](#errors) @@ -55,14 +55,14 @@ or add: to the config file, `jupyterhub_config.py`. -### What is the default behavior when none of the lists (admin, whitelist, group whitelist) are set? +### What is the default behavior when none of the lists (admin, allowed, allowed groups) are set? When nothing is given for these lists, there will be no admins, and all users who can authenticate on the system (i.e. all the unix users on the server with -a password) will be allowed to start a server. The whitelist lets you limit -this to a particular set of users, and the admin_users lets you specify who +a password) will be allowed to start a server. The allowed username set lets you limit +this to a particular set of users, and admin_users lets you specify who among them may use the admin interface (not necessary, unless you need to do -things like inspect other users' servers, or modify the userlist at runtime). +things like inspect other users' servers, or modify the user list at runtime). ### JupyterHub Docker container not accessible at localhost @@ -332,8 +332,7 @@ notebook servers to default to JupyterLab: ### How do I set up JupyterHub for a workshop (when users are not known ahead of time)? 1. Set up JupyterHub using OAuthenticator for GitHub authentication -2. Configure whitelist to be an empty list in` jupyterhub_config.py` -3. Configure admin list to have workshop leaders be listed with administrator privileges. +2. Configure admin list to have workshop leaders be listed with administrator privileges. Users will need a GitHub account to login and be authenticated by the Hub. From 3fece09dda032a67b6d33636c66b92e3ee09222b Mon Sep 17 00:00:00 2001 From: Min RK Date: Tue, 23 Jun 2020 10:13:31 +0200 Subject: [PATCH 392/541] loosen jupyter-telemetry pin we don't want strict pinning in package dependencies --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 07cc96e8..a74d1d16 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,7 +3,7 @@ async_generator>=1.8 certipy>=0.1.2 entrypoints jinja2 -jupyter_telemetry==0.1.0 +jupyter_telemetry>=0.1.0 oauthlib>=3.0 pamela prometheus_client>=0.0.21 From 73f1211286668c13350fbbb51e2c88a986ddd3d0 Mon Sep 17 00:00:00 2001 From: "Bruno P. Kinoshita" Date: Tue, 23 Jun 2020 20:11:49 +1200 Subject: [PATCH 393/541] Update append_query_parameters to have exclude=["none"] by default, and avoid using dicts with url_concat, to have consistent tests as otherwise in Python 3.5 the generated URL's could have parameters in random order. --- jupyterhub/handlers/base.py | 10 ++++++++-- jupyterhub/tests/test_pages.py | 6 +++--- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index f2d21e89..b08a6ac7 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -668,12 +668,18 @@ class BaseHandler(RequestHandler): This is important to avoid infinite loops with the next parameter being added over and over, for instance. + The default value for ``exclude`` is an array with "next". This is useful + as most use cases in JupyterHub (all?) won't want to include the next + parameter twice (the next parameter is added elsewhere to the query + parameters). + :param str url: a URL - :param list exclude: optional list of parameters to be ignored + :param list exclude: optional list of parameters to be ignored, defaults to + a list with "next" (to avoid redirect-loops) :rtype (str) """ if not exclude: - exclude = [] + exclude = ['next'] if self.request.query: query_string = [ param diff --git a/jupyterhub/tests/test_pages.py b/jupyterhub/tests/test_pages.py index 544b54c9..3dc478ef 100644 --- a/jupyterhub/tests/test_pages.py +++ b/jupyterhub/tests/test_pages.py @@ -517,7 +517,7 @@ async def test_user_redirect_deprecated(app, username): async def test_login_page(app): - url = url_concat('login', dict(next='foo', param1='test')) + url = url_concat('login', [('next', 'foo'), ('param1', 'test')]) r = await get_page(url, app) assert r.url.endswith('/hub/login?next=foo¶m1=test') # now the login.html rendered template must include the given parameters in the form @@ -577,8 +577,8 @@ async def test_login_strip(app): (False, '///other.domain/triple', '', None), (False, '\\\\other.domain/backslashes', '', None), # params are handled correctly - (True, '/hub/admin', 'hub/admin?left=1&right=2', dict(left=1, right=2)), - (False, '/hub/admin', 'hub/admin?left=1&right=2', dict(left=1, right=2)), + (True, '/hub/admin', 'hub/admin?left=1&right=2', [('left', 1), ('right', 2)]), + (False, '/hub/admin', 'hub/admin?left=1&right=2', [('left', 1), ('right', 2)]), ], ) async def test_login_redirect(app, running, next_url, location, params): From 1bdc9aa29794d5fcb69c05990204ae06d5b5c7da Mon Sep 17 00:00:00 2001 From: "Bruno P. Kinoshita" Date: Wed, 24 Jun 2020 00:18:55 +1200 Subject: [PATCH 394/541] Escape/encode parameters with the next URL, add more tests --- jupyterhub/handlers/login.py | 11 ++---- jupyterhub/tests/test_pages.py | 50 ++++++++++++++++++++++++--- share/jupyterhub/templates/login.html | 2 +- 3 files changed, 48 insertions(+), 15 deletions(-) diff --git a/jupyterhub/handlers/login.py b/jupyterhub/handlers/login.py index 85654564..f1bd7c45 100644 --- a/jupyterhub/handlers/login.py +++ b/jupyterhub/handlers/login.py @@ -90,20 +90,13 @@ class LoginHandler(BaseHandler): """Render the login page.""" def _render(self, login_error=None, username=None): - # login url with any parameters specified by the user/application - login_url = self.append_query_parameters( - self.settings['login_url'], exclude=['next'] - ) - # the next url for after the login - next_url = url_escape(self.get_argument('next', default='')) - # now concat the login_url with the next_url - login_url = url_concat(login_url, {'next': next_url}) return self.render_template( 'login.html', + next=url_escape(self.get_argument('next', default='')), username=username, login_error=login_error, custom_html=self.authenticator.custom_html, - login_url=login_url, + login_url=self.settings['login_url'], authenticator_login_url=url_concat( self.authenticator.login_url(self.hub.base_url), {'next': self.get_argument('next', '')}, diff --git a/jupyterhub/tests/test_pages.py b/jupyterhub/tests/test_pages.py index 3dc478ef..74de03a5 100644 --- a/jupyterhub/tests/test_pages.py +++ b/jupyterhub/tests/test_pages.py @@ -9,6 +9,7 @@ from urllib.parse import urlparse import pytest from bs4 import BeautifulSoup from tornado import gen +from tornado.escape import url_escape from tornado.httputil import url_concat from .. import orm @@ -516,17 +517,56 @@ async def test_user_redirect_deprecated(app, username): ) -async def test_login_page(app): - url = url_concat('login', [('next', 'foo'), ('param1', 'test')]) +@pytest.mark.parametrize( + 'url, params, redirected_url, form_action', + [ + ( + # spawn?param=value + # will encode given parameters for an unauthenticated URL in the next url + # the next parameter will contain the app base URL (replaces BASE_URL in tests) + 'spawn', + [('param', 'value')], + '/hub/login?next={{BASE_URL}}hub%2Fspawn%3Fparam%3Dvalue', + '/hub/login?next={{BASE_URL}}hub%2Fspawn%3Fparam%3Dvalue', + ), + ( + # login?param=fromlogin&next=encoded(/hub/spawn?param=value) + # will drop parameters given to the login page, passing only the next url + 'login', + [('param', 'fromlogin'), ('next', '/hub/spawn?param=value')], + '/hub/login?param=fromlogin&next=%2Fhub%2Fspawn%3Fparam%3Dvalue', + '/hub/login?next=%2Fhub%2Fspawn%3Fparam%3Dvalue', + ), + ( + # login?param=value&anotherparam=anothervalue + # will drop parameters given to the login page, and use an empty next url + 'login', + [('param', 'value'), ('anotherparam', 'anothervalue')], + '/hub/login?param=value&anotherparam=anothervalue', + '/hub/login?next=', + ), + ( + # login + # simplest case, accessing the login URL, gives an empty next url + 'login', + [], + '/hub/login', + '/hub/login?next=', + ), + ], +) +async def test_login_page(app, url, params, redirected_url, form_action): + url = url_concat(url, params) r = await get_page(url, app) - assert r.url.endswith('/hub/login?next=foo¶m1=test') + redirected_url = redirected_url.replace('{{BASE_URL}}', url_escape(app.base_url)) + assert r.url.endswith(redirected_url) # now the login.html rendered template must include the given parameters in the form # action URL, including the next URL page = BeautifulSoup(r.text, "html.parser") form = page.find("form", method="post") action = form.attrs['action'] - assert 'next=foo' in action - assert 'param1=test' in action + form_action = form_action.replace('{{BASE_URL}}', url_escape(app.base_url)) + assert action.endswith(form_action) async def test_login_fail(app): diff --git a/share/jupyterhub/templates/login.html b/share/jupyterhub/templates/login.html index 6242ab71..130339c9 100644 --- a/share/jupyterhub/templates/login.html +++ b/share/jupyterhub/templates/login.html @@ -19,7 +19,7 @@
    {% else %} - +
    Sign in
    From 6e988bf58781c65f559d32393cdf66633b71a1b1 Mon Sep 17 00:00:00 2001 From: Min RK Date: Wed, 24 Jun 2020 13:29:42 +0200 Subject: [PATCH 395/541] call it allowed_users be clearer since it's users vs groups, etc. --- .../authenticators-users-basics.md | 16 ++--- docs/source/reference/config-ghoauth.md | 2 +- jupyterhub/app.py | 29 +++++---- jupyterhub/auth.py | 64 ++++++++++--------- jupyterhub/tests/test_app.py | 2 +- jupyterhub/tests/test_auth.py | 44 ++++++++----- 6 files changed, 85 insertions(+), 72 deletions(-) diff --git a/docs/source/getting-started/authenticators-users-basics.md b/docs/source/getting-started/authenticators-users-basics.md index a2647976..ec078fed 100644 --- a/docs/source/getting-started/authenticators-users-basics.md +++ b/docs/source/getting-started/authenticators-users-basics.md @@ -7,20 +7,20 @@ with an account and password on the system will be allowed to login. ## Create a set of allowed users You can restrict which users are allowed to login with a set, -`Authenticator.allowed`: +`Authenticator.allowed_users`: ```python -c.Authenticator.allowed = {'mal', 'zoe', 'inara', 'kaylee'} +c.Authenticator.allowed_users = {'mal', 'zoe', 'inara', 'kaylee'} ``` -Users in the allowed set are added to the Hub database when the Hub is +Users in the `allowed_users` set are added to the Hub database when the Hub is started. ## Configure admins (`admin_users`) Admin users of JupyterHub, `admin_users`, can add and remove users from -the user `allowed` set. `admin_users` can take actions on other users' +the user `allowed_users` set. `admin_users` can take actions on other users' behalf, such as stopping and restarting their servers. A set of initial admin users, `admin_users` can configured be as follows: @@ -28,7 +28,7 @@ A set of initial admin users, `admin_users` can configured be as follows: ```python c.Authenticator.admin_users = {'mal', 'zoe'} ``` -Users in the admin set are automatically added to the user `allowed` set, +Users in the admin set are automatically added to the user `allowed_users` set, if they are not already present. Each authenticator may have different ways of determining whether a user is an @@ -53,12 +53,12 @@ sure your users know if admin_access is enabled.** Users can be added to and removed from the Hub via either the admin panel or the REST API. When a user is **added**, the user will be -automatically added to the allowed set and database. Restarting the Hub -will not require manually updating the allowed set in your config file, +automatically added to the allowed users set and database. Restarting the Hub +will not require manually updating the allowed users set in your config file, as the users will be loaded from the database. After starting the Hub once, it is not sufficient to **remove** a user -from the allowed set in your config file. You must also remove the user +from the allowed users set in your config file. You must also remove the user from the Hub's database, either by deleting the user from JupyterHub's admin page, or you can clear the `jupyterhub.sqlite` database and start fresh. diff --git a/docs/source/reference/config-ghoauth.md b/docs/source/reference/config-ghoauth.md index 4183ddec..6ec46e1c 100644 --- a/docs/source/reference/config-ghoauth.md +++ b/docs/source/reference/config-ghoauth.md @@ -52,7 +52,7 @@ c.GitHubOAuthenticator.oauth_callback_url = os.environ['OAUTH_CALLBACK_URL'] c.LocalAuthenticator.create_system_users = True # specify users and admin -c.Authenticator.allowed = {'rgbkrk', 'minrk', 'jhamrick'} +c.Authenticator.allowed_users = {'rgbkrk', 'minrk', 'jhamrick'} c.Authenticator.admin_users = {'jhamrick', 'rgbkrk'} # uses the default spawner diff --git a/jupyterhub/app.py b/jupyterhub/app.py index ba549aa4..4135f8f0 100644 --- a/jupyterhub/app.py +++ b/jupyterhub/app.py @@ -1689,22 +1689,22 @@ class JupyterHub(Application): # the admin_users config variable will never be used after this point. # only the database values will be referenced. - allowed = [ + allowed_users = [ self.authenticator.normalize_username(name) - for name in self.authenticator.allowed + for name in self.authenticator.allowed_users ] - self.authenticator.allowed = set(allowed) # force normalization - for username in allowed: + self.authenticator.allowed_users = set(allowed_users) # force normalization + for username in allowed_users: if not self.authenticator.validate_username(username): raise ValueError("username %r is not valid" % username) - if not allowed: + if not allowed_users: self.log.info( - "Not using allowed user list. Any authenticated user will be allowed." + "Not using allowed_users. Any authenticated user will be allowed." ) # add allowed users to the db - for name in allowed: + for name in allowed_users: user = orm.User.find(db, name) if user is None: user = orm.User(name=name) @@ -1714,9 +1714,9 @@ class JupyterHub(Application): db.commit() # Notify authenticator of all users. - # This ensures Authenticator.allowed is up-to-date with the database. - # This lets .allowed be used to set up initial list, - # but changes to the allowed list can occur in the database, + # This ensures Authenticator.allowed_users is up-to-date with the database. + # This lets .allowed_users be used to set up initial list, + # but changes to the allowed_users set can occur in the database, # and persist across sessions. total_users = 0 for user in db.query(orm.User): @@ -1753,9 +1753,9 @@ class JupyterHub(Application): user.created = user.last_activity or datetime.utcnow() db.commit() - # The allowed set and the users in the db are now the same. + # The allowed_users set and the users in the db are now the same. # From this point on, any user changes should be done simultaneously - # to the allowed set and user db, unless the allowed set is empty (all users allowed). + # to the allowed_users set and user db, unless the allowed set is empty (all users allowed). TOTAL_USERS.set(total_users) @@ -1773,7 +1773,7 @@ class JupyterHub(Application): await maybe_future(self.authenticator.check_allowed(username, None)) ): raise ValueError( - "Username %r is not in Authenticator.allowed" % username + "Username %r is not in Authenticator.allowed_users" % username ) user = orm.User.find(db, name=username) if user is None: @@ -1801,7 +1801,8 @@ class JupyterHub(Application): await maybe_future(self.authenticator.check_allowed(name, None)) ): raise ValueError( - "Token user name %r is not in Authenticator.allowed" % name + "Token user name %r is not in Authenticator.allowed_users" + % name ) if not self.authenticator.validate_username(name): raise ValueError("Token user name %r is not valid" % name) diff --git a/jupyterhub/auth.py b/jupyterhub/auth.py index cfc82541..dfbfab79 100644 --- a/jupyterhub/auth.py +++ b/jupyterhub/auth.py @@ -101,9 +101,9 @@ class Authenticator(LoggingConfigurable): """ ).tag(config=True) - whitelist = Set(help="Deprecated, use `Authenticator.allowed`", config=True,) + whitelist = Set(help="Deprecated, use `Authenticator.allowed_users`", config=True,) - allowed = Set( + allowed_users = Set( help=""" Set of usernames that are allowed to log in. @@ -114,11 +114,11 @@ class Authenticator(LoggingConfigurable): If empty, does not perform any additional restriction. .. versionchanged:: 1.2 - `Authenticator.whitelist` renamed to `allowed` + `Authenticator.whitelist` renamed to `allowed_users` """ ).tag(config=True) - blocked = Set( + blocked_users = Set( help=""" Set of usernames that are not allowed to log in. @@ -131,13 +131,13 @@ class Authenticator(LoggingConfigurable): .. versionadded: 0.9 .. versionchanged:: 1.2 - `Authenticator.blacklist` renamed to `blocked` + `Authenticator.blacklist` renamed to `blocked_users` """ ).tag(config=True) _deprecated_aliases = { - "whitelist": ("allowed", "1.2"), - "blacklist": ("blocked", "1.2"), + "whitelist": ("allowed_users", "1.2"), + "blacklist": ("blocked_users", "1.2"), } @observe(*list(_deprecated_aliases)) @@ -160,15 +160,15 @@ class Authenticator(LoggingConfigurable): ) setattr(self, new_attr, change.new) - @observe('allowed') - def _check_allowed(self, change): + @observe('allowed_users') + def _check_allowed_users(self, change): short_names = [name for name in change['new'] if len(name) <= 1] if short_names: sorted_names = sorted(short_names) single = ''.join(sorted_names) string_set_typo = "set('%s')" % single self.log.warning( - "Allowed list contains single-character names: %s; did you mean set([%r]) instead of %s?", + "Allowed set contains single-character names: %s; did you mean set([%r]) instead of %s?", sorted_names[:8], single, string_set_typo, @@ -301,7 +301,7 @@ class Authenticator(LoggingConfigurable): # with correct subclass override priority! for old_name, new_name in ( ('check_whitelist', 'check_allowed'), - ('check_blacklist', 'check_blocked'), + ('check_blacklist', 'check_blocked_users'), ('check_group_whitelist', 'check_allowed_groups'), ): old_method = getattr(self, old_name, None) @@ -399,7 +399,7 @@ class Authenticator(LoggingConfigurable): """Check if a username is allowed to authenticate based on configuration Return True if username is allowed, False otherwise. - No allowed set means any username is allowed. + No allowed_users set means any username is allowed. Names are normalized *before* being checked against the allowed set. @@ -409,12 +409,12 @@ class Authenticator(LoggingConfigurable): .. versionchanged:: 1.2 Renamed check_whitelist to check_allowed """ - if not self.allowed: + if not self.allowed_users: # No allowed set means any name is allowed return True - return username in self.allowed + return username in self.allowed_users - def check_blocked(self, username, authentication=None): + def check_blocked_users(self, username, authentication=None): """Check if a username is blocked to authenticate based on Authenticator.blocked configuration Return True if username is allowed, False otherwise. @@ -428,12 +428,12 @@ class Authenticator(LoggingConfigurable): Signature updated to accept authentication data as second argument .. versionchanged:: 1.2 - Renamed check_blacklist to check_blocked + Renamed check_blacklist to check_blocked_users """ - if not self.blocked: + if not self.blocked_users: # No block list means any name is allowed return True - return username not in self.blocked + return username not in self.blocked_users async def get_authenticated_user(self, handler, data): """Authenticate the user who is attempting to log in @@ -450,7 +450,7 @@ class Authenticator(LoggingConfigurable): The various stages can be overridden separately: - `authenticate` turns formdata into a username - `normalize_username` normalizes the username - - `check_allowed` checks against the user allowed + - `check_allowed` checks against the allowed usernames .. versionchanged:: 0.8 return dict instead of username @@ -475,7 +475,9 @@ class Authenticator(LoggingConfigurable): self.log.warning("Disallowing invalid username %r.", username) return - blocked_pass = await maybe_future(self.check_blocked(username, authenticated)) + blocked_pass = await maybe_future( + self.check_blocked_users(username, authenticated) + ) allowed_pass = await maybe_future(self.check_allowed(username, authenticated)) if blocked_pass: @@ -550,7 +552,7 @@ class Authenticator(LoggingConfigurable): It must return the username on successful authentication, and return None on failed authentication. - Checking allowed/blocked is handled separately by the caller. + Checking allowed_users/blocked_users is handled separately by the caller. .. versionchanged:: 0.8 Allow `authenticate` to return a dict containing auth_state. @@ -591,10 +593,10 @@ class Authenticator(LoggingConfigurable): This method may be a coroutine. - By default, this just adds the user to the allowed set. + By default, this just adds the user to the allowed_users set. Subclasses may do more extensive things, such as adding actual unix users, - but they should call super to ensure the allowed set is updated. + but they should call super to ensure the allowed_users set is updated. Note that this should be idempotent, since it is called whenever the hub restarts for all users. @@ -604,19 +606,19 @@ class Authenticator(LoggingConfigurable): """ if not self.validate_username(user.name): raise ValueError("Invalid username: %s" % user.name) - if self.allowed: - self.allowed.add(user.name) + if self.allowed_users: + self.allowed_users.add(user.name) def delete_user(self, user): """Hook called when a user is deleted - Removes the user from the allowed set. - Subclasses should call super to ensure the allowed set is updated. + Removes the user from the allowed_users set. + Subclasses should call super to ensure the allowed_users set is updated. Args: user (User): The User wrapper object """ - self.allowed.discard(user.name) + self.allowed_users.discard(user.name) auto_login = Bool( False, @@ -709,7 +711,7 @@ import types # deprecate white/blacklist method names for _old_name, _new_name, _version in [ ("check_whitelist", "check_allowed", "1.2"), - ("check_blacklist", "check_blocked", "1.2"), + ("check_blacklist", "check_blocked_users", "1.2"), ]: setattr( Authenticator, _old_name, _deprecated_method(_old_name, _new_name, _version), @@ -788,9 +790,9 @@ class LocalAuthenticator(Authenticator): @observe('allowed_groups') def _allowed_groups_changed(self, change): """Log a warning if mutually exclusive user and group allowed sets are specified.""" - if self.allowed: + if self.allowed_users: self.log.warning( - "Ignoring Authenticator.allowed set because Authenticator.allowed_groups supplied!" + "Ignoring Authenticator.allowed_users set because Authenticator.allowed_groups supplied!" ) def check_allowed(self, username, authentication=None): diff --git a/jupyterhub/tests/test_app.py b/jupyterhub/tests/test_app.py index 55000bc7..e00c699e 100644 --- a/jupyterhub/tests/test_app.py +++ b/jupyterhub/tests/test_app.py @@ -93,7 +93,7 @@ def test_generate_config(): os.remove(cfg_file) assert cfg_file in out assert 'Spawner.cmd' in cfg_text - assert 'Authenticator.allowed' in cfg_text + assert 'Authenticator.allowed_users' in cfg_text async def test_init_tokens(request): diff --git a/jupyterhub/tests/test_auth.py b/jupyterhub/tests/test_auth.py index 0021b1da..51cd4c2a 100644 --- a/jupyterhub/tests/test_auth.py +++ b/jupyterhub/tests/test_auth.py @@ -141,7 +141,7 @@ async def test_pam_auth_admin_groups(): async def test_pam_auth_allowed(): - authenticator = MockPAMAuthenticator(allowed={'wash', 'kaylee'}) + authenticator = MockPAMAuthenticator(allowed_users={'wash', 'kaylee'}) authorized = await authenticator.get_authenticated_user( None, {'username': 'kaylee', 'password': 'kaylee'} ) @@ -186,41 +186,51 @@ async def test_pam_auth_blocked(): assert authorized['name'] == 'wash' # Blacklist basics - authenticator = MockPAMAuthenticator(blocked={'wash'}) + authenticator = MockPAMAuthenticator(blocked_users={'wash'}) authorized = await authenticator.get_authenticated_user( None, {'username': 'wash', 'password': 'wash'} ) assert authorized is None # User in both allowed and blocked: default deny. Make error someday? - authenticator = MockPAMAuthenticator(blocked={'wash'}, allowed={'wash', 'kaylee'}) + authenticator = MockPAMAuthenticator( + blocked_users={'wash'}, allowed_users={'wash', 'kaylee'} + ) authorized = await authenticator.get_authenticated_user( None, {'username': 'wash', 'password': 'wash'} ) assert authorized is None # User not in blocked set can log in - authenticator = MockPAMAuthenticator(blocked={'wash'}, allowed={'wash', 'kaylee'}) + authenticator = MockPAMAuthenticator( + blocked_users={'wash'}, allowed_users={'wash', 'kaylee'} + ) authorized = await authenticator.get_authenticated_user( None, {'username': 'kaylee', 'password': 'kaylee'} ) assert authorized['name'] == 'kaylee' # User in allowed, blocked irrelevent - authenticator = MockPAMAuthenticator(blocked={'mal'}, allowed={'wash', 'kaylee'}) + authenticator = MockPAMAuthenticator( + blocked_users={'mal'}, allowed_users={'wash', 'kaylee'} + ) authorized = await authenticator.get_authenticated_user( None, {'username': 'wash', 'password': 'wash'} ) assert authorized['name'] == 'wash' # User in neither list - authenticator = MockPAMAuthenticator(blocked={'mal'}, allowed={'wash', 'kaylee'}) + authenticator = MockPAMAuthenticator( + blocked_users={'mal'}, allowed_users={'wash', 'kaylee'} + ) authorized = await authenticator.get_authenticated_user( None, {'username': 'simon', 'password': 'simon'} ) assert authorized is None - authenticator = MockPAMAuthenticator(blocked=set(), allowed={'wash', 'kaylee'}) + authenticator = MockPAMAuthenticator( + blocked_users=set(), allowed_users={'wash', 'kaylee'} + ) authorized = await authenticator.get_authenticated_user( None, {'username': 'kaylee', 'password': 'kaylee'} ) @@ -256,7 +266,7 @@ async def test_pam_auth_no_such_group(): async def test_wont_add_system_user(): user = orm.User(name='lioness4321') - authenticator = auth.PAMAuthenticator(allowed={'mal'}) + authenticator = auth.PAMAuthenticator(allowed_users={'mal'}) authenticator.create_system_users = False with pytest.raises(KeyError): await authenticator.add_user(user) @@ -264,7 +274,7 @@ async def test_wont_add_system_user(): async def test_cant_add_system_user(): user = orm.User(name='lioness4321') - authenticator = auth.PAMAuthenticator(allowed={'mal'}) + authenticator = auth.PAMAuthenticator(allowed_users={'mal'}) authenticator.add_user_cmd = ['jupyterhub-fake-command'] authenticator.create_system_users = True @@ -290,7 +300,7 @@ async def test_cant_add_system_user(): async def test_add_system_user(): user = orm.User(name='lioness4321') - authenticator = auth.PAMAuthenticator(allowed={'mal'}) + authenticator = auth.PAMAuthenticator(allowed_users={'mal'}) authenticator.create_system_users = True authenticator.add_user_cmd = ['echo', '/home/USERNAME'] @@ -311,13 +321,13 @@ async def test_add_system_user(): async def test_delete_user(): user = orm.User(name='zoe') - a = MockPAMAuthenticator(allowed={'mal'}) + a = MockPAMAuthenticator(allowed_users={'mal'}) - assert 'zoe' not in a.allowed + assert 'zoe' not in a.allowed_users await a.add_user(user) - assert 'zoe' in a.allowed + assert 'zoe' in a.allowed_users a.delete_user(user) - assert 'zoe' not in a.allowed + assert 'zoe' not in a.allowed_users def test_urls(): @@ -472,10 +482,10 @@ def test_deprecated_config(caplog): log.name, logging.WARNING, 'Authenticator.whitelist is deprecated in JupyterHub 1.2, use ' - 'Authenticator.allowed instead', + 'Authenticator.allowed_users instead', ) ] - assert authenticator.allowed == {'user'} + assert authenticator.allowed_users == {'user'} def test_deprecated_methods(): @@ -496,7 +506,7 @@ def test_deprecated_config_subclass(): cfg.MyAuthenticator.whitelist = {'user'} with pytest.deprecated_call(): authenticator = MyAuthenticator(config=cfg) - assert authenticator.allowed == {'user'} + assert authenticator.allowed_users == {'user'} def test_deprecated_methods_subclass(): From cceb65203973126b9d0168bd13e6f8700e554164 Mon Sep 17 00:00:00 2001 From: Min RK Date: Wed, 24 Jun 2020 20:19:44 +0200 Subject: [PATCH 396/541] TODO is TODONE Co-authored-by: Georgiana Elena --- jupyterhub/auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/auth.py b/jupyterhub/auth.py index dfbfab79..48e02bda 100644 --- a/jupyterhub/auth.py +++ b/jupyterhub/auth.py @@ -297,7 +297,7 @@ class Authenticator(LoggingConfigurable): self._init_deprecated_methods() def _init_deprecated_methods(self): - # TODO: properly handle deprecated signature *and* name + # handles deprecated signature *and* name # with correct subclass override priority! for old_name, new_name in ( ('check_whitelist', 'check_allowed'), From 946ed844c5be53f03dbab741318537ffca5bcbfc Mon Sep 17 00:00:00 2001 From: "Bruno P. Kinoshita" Date: Thu, 25 Jun 2020 19:41:46 +1200 Subject: [PATCH 397/541] Update jupyterhub/handlers/base.py Co-authored-by: Min RK --- jupyterhub/handlers/base.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py index b08a6ac7..75d0697d 100644 --- a/jupyterhub/handlers/base.py +++ b/jupyterhub/handlers/base.py @@ -678,7 +678,7 @@ class BaseHandler(RequestHandler): a list with "next" (to avoid redirect-loops) :rtype (str) """ - if not exclude: + if exclude is None: exclude = ['next'] if self.request.query: query_string = [ From ef4455bb677de153695b687e0dab5d4424c58742 Mon Sep 17 00:00:00 2001 From: "Bruno P. Kinoshita" Date: Wed, 24 Jun 2020 16:01:08 +1200 Subject: [PATCH 398/541] Closes #2182 display hamburger menu only if user variable is present (in responsive mode) --- share/jupyterhub/templates/page.html | 2 ++ 1 file changed, 2 insertions(+) diff --git a/share/jupyterhub/templates/page.html b/share/jupyterhub/templates/page.html index bc701ce4..5953ac1c 100644 --- a/share/jupyterhub/templates/page.html +++ b/share/jupyterhub/templates/page.html @@ -106,12 +106,14 @@ {% endblock %} + {% if user %} + {% endif %}
    -
    -
    - JupyterHub {{ server_version }} -
    -
    {% call modal('Delete User', btn_class='btn-danger delete-button') %} Are you sure you want to delete user USER? @@ -175,6 +170,14 @@ {% endblock %} +{% block footer %} +
    +
    + JupyterHub {{ server_version }} +
    +
    +{% endblock %} + {% block script %} {{ super() }}