hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-17 15:03:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,454 Commits 8 Branches 89 Tags
5e60582ef319c17591f51ba78cd78719dd8fb179
Commit Graph

59 Commits

Author SHA1 Message Date
Min RK
5e60582ef3 run autoformat 
apologies to anyone finding this commit via git blame or log

run the autoformatting by

    pre-commit run --all-files
 2019-02-19 17:00:10 +01:00
chang-zhijie
53c3201c17 store tokens passed via url or header, not only url. 2018-12-11 17:00:16 +08:00
Min RK
7f1c91d8f4 Clear the auth cache when testing the same url twice with different results 2018-11-12 14:35:47 +01:00
Min RK
3a0bacde3a HubAuth: allow caching None responses 
when a token doesn't identify a user, the response is None.
These results are cached, but the cache checked for `is None`,
causing failed-auth responses to effectively not be cached.
 2018-11-12 12:56:41 +01:00
Min RK
f29354e0f4 Merge branch 'master' into end-to-end-ssl 2018-10-02 11:15:53 +02:00
Min RK
df74ff68ab better error messages on oauth errors 2018-09-10 17:12:08 +02:00
Thomas Mendoza
c50cd1ba7f Propagate certs to everything that needs them 2018-07-18 16:02:57 -07:00
Min RK
e374e93cfb expose cookie options and pass them down to spawners 
enables forcing all-session cookies with:

```python
c.JupyterHub.tornado_settings['cookie_options'] = {
    'expires_days': None,
}
```
 2018-03-23 10:38:50 +01:00
Min RK
9866a0fadc avoid raising HTTPError in get_current_user 
it can cause issues, e.g. with upcoming notebook releases .get_current_user may be called in set_default_headers,
which doesn't catch HTTPErrors.
 2018-01-03 14:58:42 +01:00
Min RK
e9123f55e0 make HubAuth a singleton 
allows cache re-use in default case

otherwise, default behavior is to instantiate anew on each request, eliminating cache
 2017-12-11 14:20:25 +01:00
Min RK
ee004486bd include session id in cache key 
if session id is defined, clearing the session id clears the cache,
allowing immediate revocation of tokens by the Hub.
 2017-12-11 14:20:25 +01:00
Min RK
498e234c37 add cache repr for debugging 2017-12-11 14:20:25 +01:00
Min RK
24ff91eef5 avoid oauth state cookie collisions 
in case of multiple simultaneous

- state arg is strictly required now
- default cookie name in case of no collision is unchanged
- in case of collision, randomize cookie name with a suffix and store cookie_name in state
- expire state cookies after 10 minutes, not 1 day
 2017-09-21 14:32:47 +02:00
Min RK
f84a88da21 fix oauth state redirect 
check for HubOAuth, not HubOAuthenticated
 2017-09-14 16:06:36 +02:00
Min RK
eecec7183e fix clearing of oauth state cookie 
missing path arg
 2017-09-14 16:01:34 +02:00
Min RK
5e4b935322 only HubOAuth can set token cookie 2017-08-31 16:04:54 +02:00
Min RK
7a41d24606 set cookie on singleuser when authenticated with ?token=... 
Allows `/user/name?token=...` URL to login users for more than one request.

matches token behavior of regular notebook server.
 2017-08-31 13:53:48 +02:00
Min RK
4fd70cf79b app_log typo 2017-08-20 15:48:55 +02:00
Min RK
cba5bb1676 log error when failing to connect to Hub 
for better diagnosis
 2017-08-20 10:03:52 +02:00
Min RK
2d50cef098 implement state handling in HubOAuth 2017-08-17 17:29:45 +02:00
Min RK
dfef7c2b52 Merge pull request #1321 from willingc/doc-services 
Add autodoc of services and update services.auth for OAuth
 2017-08-09 11:37:16 +02:00
Carol Willing
fae2d9414a Remove heading in docstring 2017-08-08 23:06:50 -07:00
Carol Willing
95175155d4 Update autodoc of services.auth and add services 2017-08-08 22:51:35 -07:00
Carol Willing
15b78307fb Correct broken links in docs 2017-08-07 14:35:17 -07:00
Min RK
a51141810d set httponly on cookies 2017-07-11 11:06:00 +02:00
Min RK
dda3762b48 raise 403 on disallowed user, rather than redirect to login url 
raise UserNotAllowed exception in generic `check_hub_user`
when a user or service is identified and not allowed.

turn it into `HTTPError(403)` in tornado `get_current_user` wrapper,
caching `None` so that subsequent calls don't re-trigger the same error.
 2017-06-07 15:30:12 +02:00
Min RK
c3a90e0804 raise 500 on failure to identify a user in oauth callback 2017-04-21 14:52:23 +02:00
Min RK
ce4b9e8e9f only store token in single-user cookie 
not the user model

preserves cached-response behavior from the Hub
so that the Hub can still revoke tokens.
 2017-04-05 15:53:49 +02:00
Min RK
ef51eb21e0 get OAuth working with subdomains 
needs a lot of host passing around
 2017-04-05 15:53:49 +02:00
Min RK
6d647b5387 use API token for oauth client secret 
rather than a separate single-purpose secret

since we need the token anyway, use it for the secret handshake as well
 2017-04-05 15:53:48 +02:00
Min RK
c6fe145030 s/JupyterHubOAuthCallback/HubOAuthCallback/ 2017-04-04 17:02:34 +02:00
Min RK
39fce0304d support oauth in services 
fix bugs caught by tests
 2017-04-04 17:02:34 +02:00
Min RK
5a5fdc2565 validate oauth client_id/secret 2017-04-04 17:02:33 +02:00
Min RK
bef121dbe3 get default hub_prefix from env 2017-04-04 17:02:33 +02:00
Min RK
198bb875df delay evaluation of oauth environment variables 
only affects mocking in tests
 2017-03-31 17:07:21 +02:00
Min RK
d1822ee939 handle hub prefix in HubAuth 2017-03-31 17:06:51 +02:00
Min RK
4bb8e47f3b implement admin-access with OAuth 2017-03-30 19:15:43 +02:00
Min RK
ff6a68112e put whole user model in cookie 
ensures cached value has all the info needed (group, etc.)
 2017-03-30 16:52:20 +02:00
Min RK
74728e5f42 make HubOAuth a subclass 
instead of implementing both shared-cookie and OAuth on HubAuth
 2017-03-30 15:57:58 +02:00
Min RK
7e55220c3f use OAuth in single-user server 2017-03-30 15:24:35 +02:00
Min RK
aa65266726 support services in HubAuth 2017-01-26 11:52:40 +01:00
Min RK
d93384536f clarify some things 
- cleanup docstrings
- more comments
- rename cookie_cache to cache, since it's not a cache of cookies
 2017-01-25 17:10:14 +01:00
Min RK
69250db70e support token authentication in HubAuth.get_user 
in Authorization header or `?token` parameter

enables token authentication in single-user server based on notebook >= 4.3 as well
 2017-01-25 13:53:36 +01:00
Min RK
ad52398087 add get_login_url to HubAuthenticated 
needed for tornado's default redirect
 2017-01-25 13:52:14 +01:00
Min RK
4f1eec31a1 more code consolidation in HubAuth 
consolidates duplicate code in user_for_cookie and user_for_token
into _check_hub_authorization
 2017-01-25 13:50:20 +01:00
Joshua Milas
4605f74cf9 Fixed missing variable 2017-01-24 11:49:18 -05:00
Joshua Milas
9ab4b35f22 Changed error message to be more generic 2017-01-24 11:47:52 -05:00
Joshua Milas
2821b9a832 Added user_for_token method, moved r check into its own function 2017-01-23 21:12:40 -05:00
Min RK
186107d959 cache HubAuth user per request 2017-01-06 17:19:10 +01:00
Min RK
a9295bc5c2 more debug logging for Hub auth 2017-01-06 13:24:40 +01:00