hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-18 23:42:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #200 from quantopian/group_auth

Browse Source 
DEV: Allow setting a whitelist_group on LocalAuthenticator.
This commit is contained in:
Min RK
2015-03-22 21:22:49 -07:00
parent 8787335b01 ed94c2d774
commit fad5f5a61d
1 changed files with 42 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
jupyterhub/auth.py
View File

@@ -3,6 +3,7 @@
# Copyright (c) IPython Development Team. # Copyright (c) IPython Development Team.
# Distributed under the terms of the Modified BSD License. # Distributed under the terms of the Modified BSD License.
from grp import getgrnam
import pwd import pwd
from subprocess import check_call, check_output, CalledProcessError from subprocess import check_call, check_output, CalledProcessError
@@ -40,6 +41,13 @@ class Authenticator(LoggingConfigurable):
and return None on failed authentication. and return None on failed authentication.
""" """
def check_whitelist(self, user):
"""
Return True if the whitelist is empty or user is in the whitelist.
"""
# Parens aren't necessary here, but they make this easier to parse.
return (not self.whitelist) or (user in self.whitelist)
def add_user(self, user): def add_user(self, user):
"""Add a new user """Add a new user
@@ -56,8 +64,7 @@ class Authenticator(LoggingConfigurable):
Removes the user from the whitelist. Removes the user from the whitelist.
""" """
if user.name in self.whitelist: self.whitelist.discard(user.name)
self.whitelist.remove(user.name)
def login_url(self, base_url): def login_url(self, base_url):
"""Override to register a custom login handler""" """Override to register a custom login handler"""
@@ -88,6 +95,36 @@ class LocalAuthenticator(Authenticator):
""" """
) )
group_whitelist = Set(
config=True,
help="Automatically whitelist anyone in this group.",
)
def _group_whitelist_changed(self, name, old, new):
if self.whitelist:
self.log.warn(
"Ignoring username whitelist because group whitelist supplied!"
)
def check_whitelist(self, username):
if self.group_whitelist:
return self.check_group_whitelist(username)
else:
return super().check_whitelist(username)
def check_group_whitelist(self, username):
if not self.group_whitelist:
return False
for group in self.group_whitelist:
try:
group = getgrnam(self.group_whitelist)
except KeyError:
self.log.error('No such group: [%s]' % self.group_whitelist)
continue
if username in group.gr_mem:
return True
return False
@gen.coroutine @gen.coroutine
def add_user(self, user): def add_user(self, user):
"""Add a new user """Add a new user
@@ -152,7 +189,7 @@ class PAMAuthenticator(LocalAuthenticator):
Return None otherwise. Return None otherwise.
""" """
username = data['username'] username = data['username']
if self.whitelist and username not in self.whitelist: if not self.check_whitelist(username):
return return
# simplepam wants bytes, not unicode # simplepam wants bytes, not unicode
# see simplepam#3 # see simplepam#3