Big thanks to Erik, Tim, and Min for the great comments!
Change names to be more clear, add function doc comments,
change scoping on some functions, add handle_logout to let
people take custom logout actions, extract
render_logout_page from get method, add TODO.
AS A developer of a Logout handler
I WANT to be able to call a function to kill spawners and
do other backend logout stuff and a separate function to
forward the user along the logout chain.
I believe this PR adds (moderately private) methods to the
Logout Handler to do just that.
- `.get_current_user` is called in the `prepare` stage for all handlers
- use `.current_user` to access current user in methods
- adds Authenticator.refresh_user for refreshing user auth (unused at this point)
- ignore spawner state when determining redirect destination
- remove implicit spawn from login handler (rely on redirect to user.url for spawn)
- settings.redirect_to_server determines if login sends users to /user/:name vs /hub/home
- visiting `/hub/` should result in the same destination regardless of login state or spawner state
for easier re-use of login in custom handlers
Further, enable auto_login + no custom login handler to mean that auth info is already present in requests
(e.g. REMOTE_USER)
- remove use of deprecated Hub.server
- add deprecation warning to Hub.server property
- move cookie_name declaration to Hub
It should now be possible to use Hub.from_url('http://1.2.3.4:1234/hub/') without missing information
self.authenticate can return None, in which case you can't subscript.
So move extracting data into the branch checking whether authenticate is
not `None`.
Now that extracting the username is inside the if branch, it can't be
used in the else one, so extract username from the request itself.
This can be easily reproduce with the default PAM login with a wrong
non existing/ wrong username.
Simplifies login URL, handler login
- all login redirects go to `settings['login_url']`
- `login_url` is unconditionally `/hub/login`
- `/hub/login` renders form page or 'login with...' button
- enabling auto_login redirects from /hub/login to Authenticator.login_url()
When you have two JupyterHub windows and log out successfully in one of them. If you try to click the logout button in the other window, you will receive a 500 error.
It happened because there were operations being done in a None user object.
If Spawner.options_form is specified, a form providing input controls is shown to the user prior to launch.
Spawners access the result via the `self.user_options` dict.
The default spawners offer no form.
