hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-18 07:23:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #200 from quantopian/group_auth

Browse Source 
DEV: Allow setting a whitelist_group on LocalAuthenticator.
This commit is contained in:
Min RK
2015-03-22 21:22:49 -07:00
parent 8787335b01 ed94c2d774
commit fad5f5a61d
1 changed files with 42 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
jupyterhub/auth.py
View File

@@ -3,6 +3,7 @@
# Copyright (c) IPython Development Team. # Copyright (c) IPython Development Team.
# Distributed under the terms of the Modified BSD License. # Distributed under the terms of the Modified BSD License.
from grp import getgrnam
import pwd import pwd
from subprocess import check_call, check_output, CalledProcessError from subprocess import check_call, check_output, CalledProcessError
@@ -39,7 +40,14 @@ class Authenticator(LoggingConfigurable):
It must return the username on successful authentication, It must return the username on successful authentication,
and return None on failed authentication. and return None on failed authentication.
""" """
def check_whitelist(self, user):
"""
Return True if the whitelist is empty or user is in the whitelist.
"""
# Parens aren't necessary here, but they make this easier to parse.
return (not self.whitelist) or (user in self.whitelist)
def add_user(self, user): def add_user(self, user):
"""Add a new user """Add a new user
@@ -56,8 +64,7 @@ class Authenticator(LoggingConfigurable):
Removes the user from the whitelist. Removes the user from the whitelist.
""" """
if user.name in self.whitelist: self.whitelist.discard(user.name)
self.whitelist.remove(user.name)
def login_url(self, base_url): def login_url(self, base_url):
"""Override to register a custom login handler""" """Override to register a custom login handler"""
@@ -87,7 +94,37 @@ class LocalAuthenticator(Authenticator):
should I try to create the system user? should I try to create the system user?
""" """
) )
group_whitelist = Set(
config=True,
help="Automatically whitelist anyone in this group.",
)
def _group_whitelist_changed(self, name, old, new):
if self.whitelist:
self.log.warn(
"Ignoring username whitelist because group whitelist supplied!"
)
def check_whitelist(self, username):
if self.group_whitelist:
return self.check_group_whitelist(username)
else:
return super().check_whitelist(username)
def check_group_whitelist(self, username):
if not self.group_whitelist:
return False
for group in self.group_whitelist:
try:
group = getgrnam(self.group_whitelist)
except KeyError:
self.log.error('No such group: [%s]' % self.group_whitelist)
continue
if username in group.gr_mem:
return True
return False
@gen.coroutine @gen.coroutine
def add_user(self, user): def add_user(self, user):
"""Add a new user """Add a new user
@@ -152,7 +189,7 @@ class PAMAuthenticator(LocalAuthenticator):
Return None otherwise. Return None otherwise.
""" """
username = data['username'] username = data['username']
if self.whitelist and username not in self.whitelist: if not self.check_whitelist(username):
return return
# simplepam wants bytes, not unicode # simplepam wants bytes, not unicode
# see simplepam#3 # see simplepam#3