hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-18 07:23:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

better errors when cookie auth check fails

Browse Source 
treat it as an error, rather than failed login

when the server can't even make the request to the upstream server to check the cookie,
it is turned into various 500 errors, as appropriate

avoid raising the error more than once per get_user call,
since get_user is called during template rendering of the error page
This commit is contained in:
Min RK
2015-01-09 15:02:22 -08:00
parent 7268c079bb
commit f994ecdacb
1 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
jupyterhub/singleuser.py
View File

@@ -9,6 +9,7 @@ import os
import requests import requests
from tornado import ioloop from tornado import ioloop
from tornado.web import HTTPError
from IPython.utils.traitlets import Unicode from IPython.utils.traitlets import Unicode
@@ -35,7 +36,7 @@ class JupyterHubLoginHandler(LoginHandler):
@staticmethod @staticmethod
def verify_token(self, cookie_name, encrypted_cookie): def verify_token(self, cookie_name, encrypted_cookie):
"""monkeypatch method for token verification""" """method for token verification"""
cookie_cache = self.settings['cookie_cache'] cookie_cache = self.settings['cookie_cache']
if encrypted_cookie in cookie_cache: if encrypted_cookie in cookie_cache:
# we've seen this token before, don't ask upstream again # we've seen this token before, don't ask upstream again
@@ -51,9 +52,15 @@ class JupyterHubLoginHandler(LoginHandler):
) )
if r.status_code == 404: if r.status_code == 404:
data = {'user' : ''} data = {'user' : ''}
if r.status_code == 403:
self.log.error("I don't have permission to verify cookies, my auth token may have expired: [%i] %s", r.status_code, r.reason)
raise HTTPError(500, "Permission failure checking authorization, I may need to be restarted")
elif r.status_code >= 500:
self.log.error("Upstream failure verifying auth token: [%i] %s", r.status_code, r.reason)
raise HTTPError(502, "Failed to check authorization (upstream problem)")
elif r.status_code >= 400: elif r.status_code >= 400:
self.log.warn("Failed to check authorization: [%i] %s", r.status_code, r.reason) self.log.warn("Failed to check authorization: [%i] %s", r.status_code, r.reason)
data = None raise HTTPError(500, "Failed to check authorization")
else: else:
data = r.json() data = r.json()
cookie_cache[encrypted_cookie] = data cookie_cache[encrypted_cookie] = data
@@ -62,6 +69,13 @@ class JupyterHubLoginHandler(LoginHandler):
@staticmethod @staticmethod
def get_user(self): def get_user(self):
"""alternative get_current_user to query the central server""" """alternative get_current_user to query the central server"""
# only allow this to be called once per handler
# avoids issues if an error is raised,
# since this may be called again when trying to render the error page
if hasattr(self, '_cached_user'):
return self._cached_user
self._cached_user = None
my_user = self.settings['user'] my_user = self.settings['user']
encrypted_cookie = self.get_cookie(self.cookie_name) encrypted_cookie = self.get_cookie(self.cookie_name)
if encrypted_cookie: if encrypted_cookie:
@@ -71,6 +85,7 @@ class JupyterHubLoginHandler(LoginHandler):
return None return None
user = auth_data['user'] user = auth_data['user']
if user == my_user: if user == my_user:
self._cached_user = user
return user return user
else: else:
return None return None