hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-17 15:03:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,545 Commits 8 Branches 89 Tags
66ddaebf26a673cc4b0b1574a71ea2ac6409ed1c
Commit Graph

7545 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Sundell
a6c513c1ac Merge pull request #4767 from jupyterhub/pre-commit-ci-update-config 
[pre-commit.ci] pre-commit autoupdate
 2024-04-02 08:45:59 +02:00
pre-commit-ci[bot]
b678236f87 [pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/astral-sh/ruff-pre-commit: v0.3.2 → v0.3.5](https://github.com/astral-sh/ruff-pre-commit/compare/v0.3.2...v0.3.5)
 2024-04-01 22:10:17 +00:00
Simon Li
11f5759fc7 Merge pull request #4763 from jupyterhub/dependabot/npm_and_yarn/jsx/express-4.19.2 
Bump express from 4.18.2 to 4.19.2 in /jsx
 2024-04-01 14:35:57 +02:00
Erik Sundell
95db61e613 Merge pull request #4765 from minrk/414-forward 
forward-port 4.1.4
 2024-03-30 11:10:15 +01:00
Min RK
ab37cd7f24 changelog for 4.1.4 2024-03-30 10:02:43 +01:00
Min RK
26a0be5103 avoid xsrf check on navigate GET requests 
sevices/auth prevents calling check_xsrf_cookie,
but if the Handler itself called it the newly strict check would still be applied

this ensures the check is actually allowed for navigate GET requests
 2024-03-30 10:02:43 +01:00
dependabot[bot]
9009bf2825 Bump express from 4.18.2 to 4.19.2 in /jsx 
Bumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.19.2.
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](https://github.com/expressjs/express/compare/4.18.2...4.19.2)

---
updated-dependencies:
- dependency-name: express
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-29 10:03:51 +00:00
krassowski
6ce1a2dc83 Add more tests, fix two issues found by tests: 
- resting of `description` and `scopes` to defaults
- resetting all users/scopes/groups for roles
 2024-03-26 18:55:37 +00:00
krassowski
b7d68ca255 Implement load_managed_roles, allow to assign scopes 
and update roles (but not assign them to users/groups)
by using `load_roles` when `Authenticator.manage_roles` is on.
 2024-03-26 17:53:32 +00:00
Min RK
f0220c87d8 Merge pull request #4755 from minrk/forward-413 2024-03-26 17:35:46 +01:00
Min RK
7d720371c5 changelog for 4.1.3 2024-03-26 14:04:58 +01:00
Min RK
2262bab442 changelog for 4.1.2 2024-03-26 14:04:58 +01:00
Min RK
c08b582c53 respect jupyter-server disable_check_xsrf setting 
allows global disable of xsrf checks in single-user servers
 2024-03-26 14:04:58 +01:00
Min RK
7e56bf7e2c rework handling of multiple xsrf tokens 
rather than attempting to clear multiple tokens (too complicated, breaks named servers)
look for and accept first valid token

have to do our own cookie parsing because existing cookie implementations only return a single value for each key
and default to selecting the _least_ likely to be correct, according to RFCs.

set updated xsrf cookie on login to avoid needing two requests to get the right cookie

# Conflicts:
#	jupyterhub/tests/test_services_auth.py
 2024-03-26 14:04:58 +01:00
Min RK
1feb3564c1 apply suggestions from code review 
Co-authored-by: Erik Sundell <erik.i.sundell@gmail.com>
 2024-03-26 09:00:57 +01:00
Min RK
7e25dd15e6 clarify externally managed group 
Co-authored-by: Erik Sundell <erik.i.sundell@gmail.com>
 2024-03-26 09:00:01 +01:00
Min RK
f581b1a541 Merge pull request #4743 from minrk/effver 
Officially adopt EffVer
 2024-03-26 08:59:07 +01:00
Min RK
f253cc46ad typo in mock hub 
Co-authored-by: Erik Sundell <erik.i.sundell@gmail.com>
 2024-03-25 22:31:02 +01:00
krassowski
26906cca07 Only fetch the relevant roles 2024-03-25 14:06:19 +00:00
krassowski
baf6e03c46 Clarify the docstring for manage_roles 
This is still subject to change.
 2024-03-25 14:03:54 +00:00
krassowski
0d6778f955 Make the commit argument keyword-only 2024-03-25 13:55:53 +00:00
pre-commit-ci[bot]
1c02c0f2dd [pre-commit.ci] auto fixes from pre-commit.com hooks 
for more information, see https://pre-commit.ci
 2024-03-24 20:20:35 +00:00
krassowski
1799b57e4b Fix tests, passing commit arg in decorator, 
and extracting message from exceptions. Also, lint.
 2024-03-24 20:18:59 +00:00
Min RK
b98af09df8 test: MockHub default allow_all=True 
not unconditional
 2024-03-24 17:24:27 +01:00
Min RK
ca6032381a Merge pull request #4747 from minrk/411-forward 2024-03-24 08:40:56 +01:00
Min RK
f4aa8a4c25 changelog for 4.1.1 2024-03-23 17:17:39 +01:00
Min RK
5831079bf6 allow subclasses to override xsrf check 
need to inject our override into the base class,
rather than at the instance level,
to avoid clobbering any overrides in extensions like jupyter-server-proxy
 2024-03-23 17:17:39 +01:00
krassowski
c685d4bec9 Rewrite sync_roles to always grant/strip the current user 
and to update all role attributes for each rule, and
to re-use `create_role` function which checks rule name etc.
 2024-03-23 16:11:21 +00:00
krassowski
8057323331 Remove print statement 2024-03-23 13:56:04 +00:00
Min RK
c3c69027fa set allow_all=False by default 2024-03-22 15:46:03 +01:00
Min RK
68f359360e Merge pull request #4742 from jupyterhub/dependabot/npm_and_yarn/jsx/webpack-dev-middleware-5.3.4 
Bump webpack-dev-middleware from 5.3.3 to 5.3.4 in /jsx
 2024-03-22 09:24:54 +01:00
Min RK
ca3ac3b08b Officially adopt EffVer 
encodes the policy we already have, but now it has a name
 2024-03-22 09:20:12 +01:00
dependabot[bot]
9b3d55ded0 Bump webpack-dev-middleware from 5.3.3 to 5.3.4 in /jsx 
Bumps [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) from 5.3.3 to 5.3.4.
- [Release notes](https://github.com/webpack/webpack-dev-middleware/releases)
- [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md)
- [Commits](https://github.com/webpack/webpack-dev-middleware/compare/v5.3.3...v5.3.4)

---
updated-dependencies:
- dependency-name: webpack-dev-middleware
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-22 08:07:23 +00:00
Min RK
6a72ad8ca5 Merge pull request #4737 from minrk/rm-double-doc 
avoid duplicate jupyterhub installation for docs
 2024-03-22 09:06:55 +01:00
Min RK
4cf007b515 Merge pull request #4741 from manics/docs-py-min 
Consistently use minimum Python version in docs
 2024-03-22 08:55:05 +01:00
Simon Li
352826a1ec docs: fix unrelated rendering error 2024-03-21 20:08:59 +00:00
Simon Li
acf7d7daaa docs: use sphinx var for min node version 2024-03-21 20:08:56 +00:00
Simon Li
92d59cd12b docs: Consistently use minimum Python 3.8 2024-03-21 20:03:11 +00:00
Min RK
6ade08825b Merge pull request #4739 from minrk/set-login-cookie-user-changed 
set login cookie if user changed
 2024-03-21 11:43:32 +01:00
Min RK
ff693e82af set login cookie if user changed 
not just if unset

allows login _override_ of existing user without needing to log out first
 2024-03-20 14:37:54 +01:00
Min RK
d2a07aaf1b forward-port 4.1.0 2024-03-20 13:21:34 +01:00
Min RK
4a83cddb8e Merge pull request from GHSA-7r3h-4ph8-w38g 
forward-port 4.1.0
 2024-03-20 13:19:30 +01:00
Min RK
c110c25428 Merge pull request #4738 from minrk/browser-subdomain 
run browser tests in subdomain
 2024-03-20 13:05:58 +01:00
Min RK
1cd3bc1860 fix browser tests with subdomains 2024-03-20 12:51:44 +01:00
Min RK
51156a4762 avoid duplicate jupyterhub installation 
almost every time installing docs/requirements.txt happens, JupyterHub is already installed
adding an `--editable` here ensures a full rebuild happens every time, which is very slow
 2024-03-20 12:27:51 +01:00
Min RK
71f6cfa92b fix permission check on /hub/user/ page 
needed for share redirect to work
 2024-03-20 12:24:56 +01:00
Min RK
66c1600f4f run browser tests in subdomain 2024-03-20 12:24:56 +01:00
Min RK
b319b58a2f default=False for allow_token_in_url for 5.0 2024-03-19 18:46:51 +01:00
Min RK
83ce6d3f6b forward-port 4.1.0 2024-03-19 18:45:58 +01:00
krassowski
a76e62dc65 Disallow having both manage_roles and load_roles 2024-03-19 14:31:37 +00:00