hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-11 03:52:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,624 Commits 8 Branches 89 Tags
aa0ce1c88a8e34da1779cb13d3f36f81a6a24df7
Commit Graph

85 Commits

Author SHA1 Message Date
Min RK
a51141810d set httponly on cookies 2017-07-11 11:06:00 +02:00
Min RK
dda3762b48 raise 403 on disallowed user, rather than redirect to login url 
raise UserNotAllowed exception in generic `check_hub_user`
when a user or service is identified and not allowed.

turn it into `HTTPError(403)` in tornado `get_current_user` wrapper,
caching `None` so that subsequent calls don't re-trigger the same error.
 2017-06-07 15:30:12 +02:00
Min RK
c3a90e0804 raise 500 on failure to identify a user in oauth callback 2017-04-21 14:52:23 +02:00
Min RK
ce4b9e8e9f only store token in single-user cookie 
not the user model

preserves cached-response behavior from the Hub
so that the Hub can still revoke tokens.
 2017-04-05 15:53:49 +02:00
Min RK
ef51eb21e0 get OAuth working with subdomains 
needs a lot of host passing around
 2017-04-05 15:53:49 +02:00
Min RK
6d647b5387 use API token for oauth client secret 
rather than a separate single-purpose secret

since we need the token anyway, use it for the secret handshake as well
 2017-04-05 15:53:48 +02:00
Min RK
c6fe145030 s/JupyterHubOAuthCallback/HubOAuthCallback/ 2017-04-04 17:02:34 +02:00
Min RK
39fce0304d support oauth in services 
fix bugs caught by tests
 2017-04-04 17:02:34 +02:00
Min RK
5a5fdc2565 validate oauth client_id/secret 2017-04-04 17:02:33 +02:00
Min RK
bef121dbe3 get default hub_prefix from env 2017-04-04 17:02:33 +02:00
Min RK
198bb875df delay evaluation of oauth environment variables 
only affects mocking in tests
 2017-03-31 17:07:21 +02:00
Min RK
d1822ee939 handle hub prefix in HubAuth 2017-03-31 17:06:51 +02:00
Min RK
4bb8e47f3b implement admin-access with OAuth 2017-03-30 19:15:43 +02:00
Min RK
ff6a68112e put whole user model in cookie 
ensures cached value has all the info needed (group, etc.)
 2017-03-30 16:52:20 +02:00
Min RK
74728e5f42 make HubOAuth a subclass 
instead of implementing both shared-cookie and OAuth on HubAuth
 2017-03-30 15:57:58 +02:00
Min RK
7e55220c3f use OAuth in single-user server 2017-03-30 15:24:35 +02:00
Min RK
aa65266726 support services in HubAuth 2017-01-26 11:52:40 +01:00
Min RK
d93384536f clarify some things 
- cleanup docstrings
- more comments
- rename cookie_cache to cache, since it's not a cache of cookies
 2017-01-25 17:10:14 +01:00
Min RK
69250db70e support token authentication in HubAuth.get_user 
in Authorization header or `?token` parameter

enables token authentication in single-user server based on notebook >= 4.3 as well
 2017-01-25 13:53:36 +01:00
Min RK
ad52398087 add get_login_url to HubAuthenticated 
needed for tornado's default redirect
 2017-01-25 13:52:14 +01:00
Min RK
4f1eec31a1 more code consolidation in HubAuth 
consolidates duplicate code in user_for_cookie and user_for_token
into _check_hub_authorization
 2017-01-25 13:50:20 +01:00
Joshua Milas
4605f74cf9 Fixed missing variable 2017-01-24 11:49:18 -05:00
Joshua Milas
9ab4b35f22 Changed error message to be more generic 2017-01-24 11:47:52 -05:00
Joshua Milas
2821b9a832 Added user_for_token method, moved r check into its own function 2017-01-23 21:12:40 -05:00
Min RK
186107d959 cache HubAuth user per request 2017-01-06 17:19:10 +01:00
Min RK
a9295bc5c2 more debug logging for Hub auth 2017-01-06 13:24:40 +01:00
Min RK
2015c701fa HubAuth services: fix group authentication checking 
If group authentication checking was enabled, any user would be allowed
 2017-01-06 13:24:40 +01:00
Carol Willing
d957c5158f Use warning instead of warn for logs 2016-10-26 04:06:29 -07:00
Min RK
fd4a04e3f3 docs review 2016-10-26 10:22:54 +02:00
Min RK
2bb4cd4739 allow HubAuthenticated to check groups 2016-10-25 13:27:57 +02:00
Min RK
a9e9338ee4 get HubAuth defaults from service env variables 
allows use of HubAuthenticated without any arguments
 2016-09-26 14:13:04 +02:00
Min RK
4c5d6167bd use just path for default hub auth login_url 2016-09-01 15:07:00 +02:00
Min RK
8fbaedf4d7 more informative error if single-user server can't connect to Hub for auth 
error message points to hub_ip setting if Hub doesn't appear to be accessible at 127.0.0.1
 2016-07-22 15:35:24 +02:00
Min RK
84868a6475 add login_url to HubAuth 
needed for tornado redirects. Still not sure the best way to pass it to tornado app settings.
 2016-05-30 13:32:10 +02:00
Min RK
19e8bdacfe Add HubAuth for authenticating tornado-based services with JupyterHub 
- HubAuth implements request to identify users with the Hub
- HubAuthenticated is a mixin for tornado handlers
 2016-05-30 13:32:10 +02:00