hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-12 12:33:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,053 Commits 8 Branches 89 Tags
ac33ba6ff4ee42f265e40dabbceb718003a6622e
Commit Graph

2053 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Min RK
4b51d67d35 match alembic log formatting to default hub log format 2017-07-31 15:12:39 +02:00
Min RK
88268bd76f test spawn_pending_count 
make sure to cover various cases of spawn failure
so that failed spawns don't leak pending-spawn counts
 2017-07-31 12:39:06 +02:00
Min RK
744d96330e use properties for spawn_pending 2017-07-31 11:45:01 +02:00
Min RK
55c3164a7d Make default concurrent spawn limit 100 
it's a conservative default, and deployments can turn it up if need be
 2017-07-31 11:24:21 +02:00
Min RK
c78e31b136 Merge pull request #1290 from yuvipanda/concurrent_spawn_limit 
Add support for limiting the number of concurrent spawns
 2017-07-31 10:28:37 +02:00
Min RK
ecfd0a6796 Merge pull request #1285 from Carreau/spawner-import 
Try enforcing methods overwrite at import time.
 2017-07-31 10:27:28 +02:00
Yuvi Panda
162ce2a9c5 Merge pull request #1178 from yuvipanda/auth-state 
Encrypt auth_state at rest
 2017-07-30 10:31:32 -07:00
Min RK
1f2125a097 Add Authenticator.enable_auth_state 
Allows authenticators to optionally enable this flag

and signal that auth_state will be used,
enabling early check and exit if encryption is not available.
 2017-07-28 22:36:49 +02:00
Matthias Bussonnier
feae3eacb1 Try enforcing methods overwrite at import time. 
Currently Spawners need to overwrite start, stop, poll. When this is not
done, it will fail at runtime.

This replicate this check at class definition time, meaning that
potential errors will be caught way earlier. It also have not runtime
cost as the check is a class definition time (ie often import time).

This takes only effect on Python 3.6+ which introduce __init_subclass__,
we could do it with metaclasses, but that's might be too complicated.

If one want to create a class the avoid these restriction they can
overwrite __init_subclass__ and not call the super() method.
 2017-07-28 12:05:18 -07:00
yuvipanda
a1a706cb31 More cleanup 2017-07-28 11:58:58 -07:00
Min RK
8a1da297d9 CryptKeeper is configurable 2017-07-28 17:20:57 +02:00
Min RK
1987221026 Python 3.4 doesn't allow bytestring formatting 
can't do  until Python 3.5. When do we get to drop py34 support :)
 2017-07-28 17:08:18 +02:00
Min RK
4b7b34064b alembic revision for encrypted_auth_state 2017-07-28 16:52:18 +02:00
Min RK
5abb4618bd test auth_state on login handler 2017-07-28 16:51:46 +02:00
Min RK
75c1d36237 trade privy for raw Fernet 
only benefit of privy was KDF, but if users provide good 32B keys, this doesn't help.

Fernet already adds randomness, etc. to tokens, so is good enough on its own if keys are good.
 2017-07-28 16:08:12 +02:00
Min RK
90e8e1a8aa move auth_state encryption outside the ORM 
privy is used for encryption

- db only has blob column, no knowledge of encryption
- add CryptKeeper for handling encryption
- use privy for encryption, so we have fewer choices to make
- storing/loading encrypted auth_state runs in a ThreadPool
 2017-07-28 16:08:12 +02:00
Min RK
32a9b38d26 use HKDF on auth keys 
if the given tokens aren't already the right shape, pass through a proper KDF
 2017-07-28 16:08:12 +02:00
Min RK
5714f56083 encrypt auth_state with MultiFernet 
- MultFernet allows key rotation via `AUTH_STATE_KEY=secret2;secret1;secret0`
- Failure to decrypt results in cleared state
- Attempting to set auth_state without encryption is a hard failure
- Absent encryption, auth_state will always be None
 2017-07-28 16:08:12 +02:00
Min RK
3d635816c9 add cryptography to dev requirements 2017-07-28 16:08:12 +02:00
yuvipanda
1aa5ce2f35 Add sqlalchemy-utils to requirements.txt 2017-07-28 16:08:12 +02:00
yuvipanda
f765fde6c1 Add OptionalEncrypted type 2017-07-28 16:08:12 +02:00
Min RK
523cbf641c Merge pull request #1288 from Carreau/fix-port-number 
Default port is 8081 not 8080
 2017-07-28 15:36:01 +02:00
yuvipanda
112834bbaa Cleanup code a little 2017-07-28 01:10:19 -07:00
Matthias Bussonnier
f0ab1ae907 Merge pull request #1286 from willingc/authenticator-edits 
Refresh docs on Authenticators
 2017-07-27 22:16:32 -07:00
yuvipanda
d6827a2794 Error if we hit pending spawn limit 
The backlog actually doesn't help - almost all of them fail,
and the exponential backoff just adds more work for our ticks
 2017-07-27 20:36:59 -07:00
Carol Willing
a1591185c1 Flesh out auth in swagger spec 2017-07-27 19:44:59 -07:00
Carol Willing
b77c8a8717 Update the API index section 2017-07-27 19:44:59 -07:00
Carol Willing
831b7d2a86 WIP 2017-07-27 19:44:59 -07:00
Carol Willing
057a52dd32 Add oauth to swagger api doc 2017-07-27 19:44:59 -07:00
Matthias Bussonnier
8f88fae530 Default port is 8081 not 8080 2017-07-27 19:21:16 -07:00
Carol Willing
85cc8eb6f3 Fix typo 2017-07-27 17:42:49 -07:00
Carol Willing
349f1b115e Reorganize content 2017-07-27 17:33:37 -07:00
yuvipanda
27de44b0ec Add support for limiting the number of concurrent spawns 2017-07-27 16:32:45 -07:00
Carol Willing
9847408d77 Edit auth docs 2017-07-27 08:59:57 -07:00
Carol Willing
cc24f36e80 Merge pull request #1281 from minrk/no-test-threads 
eliminate test application thread
 2017-07-27 08:43:45 -07:00
Min RK
e7fe6d25b6 set ASYNC_TEST_TIMEOUT=15 on Travis 
Travis is super slow and default timeout is 5 seconds, which is too low sometimes.
 2017-07-27 12:48:46 +02:00
Min RK
afc968146d fix race in test_proxy 
prevent `.check_routes` from firing while we wait for a new proxy to come up

We check explicitly that it comes up with no routes, so makes sure check_routes hasn't restored its state, which is causing intermittent failures
 2017-07-27 12:48:25 +02:00
Min RK
471decdbb6 Merge pull request #1280 from yuvipanda/hub_connect_port 
Add hub_connect_port
 2017-07-27 12:07:12 +02:00
Min RK
638f980281 fix race waiting for slow spawners 
wait for `.running` instead of `._spawn_pending`,
since we now have `._proxy_pending` as well to wait for.
 2017-07-27 11:46:33 +02:00
Min RK
8f1115a257 remove handling of changing db sessions 
this was purely for accessing the db from multiple threads in tests
 2017-07-27 11:37:19 +02:00
Min RK
9e8b6503a0 use gen_test in place of IOLoop.run_sync 
even where not strictly required

for consistency, now that we are using gen_test on the main app tests
 2017-07-27 11:29:58 +02:00
Min RK
91d042f6f3 get the rest of tests running without threads 
all tests pass!
 2017-07-27 11:29:58 +02:00
Min RK
d559cad042 test_pages without threads 2017-07-27 11:29:56 +02:00
Min RK
f05aecf5f9 test_api passes without threads 
just put requests in a thread via `utils.async_requests`

eliminates db threads issue
 2017-07-27 11:29:16 +02:00
Min RK
58f072e5af start MockHub without threads 
everything's going to run with gen_test

need our own io_loop fixture that's module_scoped to go with our app fixture
 2017-07-27 11:28:32 +02:00
yuvipanda
afc3bcbc75 Fix more references to port that should be connect_port 2017-07-26 18:12:01 -07:00
yuvipanda
8ee2fd2cf8 Fix possible redirect loop 2017-07-26 18:05:50 -07:00
yuvipanda
be7faacd07 Add ability to set hub_connect_port 2017-07-26 17:53:40 -07:00
Yuvi Panda
dc97433d9b Merge pull request #1272 from yuvipanda/exponential-function 
Move exponential backoff into a function
 2017-07-26 15:38:01 -07:00
Carol Willing
da10a8e7dd Edit docstring and comments 2017-07-26 13:00:16 -07:00