mirror of
https://github.com/jupyterhub/jupyterhub.git
synced 2025-10-12 20:43:02 +00:00
Compare commits
60 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
6c89de082f | ||
|
|
6fb31cc613 | ||
|
|
cfb22baf05 | ||
|
|
2d0c1ff0a8 | ||
|
|
7789e13879 | ||
|
|
f7b90e2c09 | ||
|
|
ccb29167dd | ||
|
|
4ef1eca3c9 | ||
|
|
c26ede30b9 | ||
|
|
64c69a3164 | ||
|
|
ad7867ff11 | ||
|
|
14fc1588f8 | ||
|
|
7e5a925f4f | ||
|
|
3c61e422da | ||
|
|
0e2cf37981 | ||
|
|
503d5e389f | ||
|
|
7b1e61ab2c | ||
|
|
4692d6638d | ||
|
|
7829070e1c | ||
|
|
5e4b935322 | ||
|
|
4c445c7a88 | ||
|
|
8e2965df6a | ||
|
|
7a41d24606 | ||
|
|
5f84a006dc | ||
|
|
e19296a230 | ||
|
|
89ba97f413 | ||
|
|
fe2157130b | ||
|
|
e3b17e8176 | ||
|
|
027f2f95c6 | ||
|
|
210975324a | ||
|
|
f9a90d2494 | ||
|
|
932689f2f8 | ||
|
|
f91e911d1a | ||
|
|
b75cce857e | ||
|
|
62f00690f7 | ||
|
|
f700ba4154 | ||
|
|
8b91842eae | ||
|
|
80a9eb93f4 | ||
|
|
e1deecbbfb | ||
|
|
d3142704b7 | ||
|
|
447edd081a | ||
|
|
e1531ec277 | ||
|
|
d12ac4b1f6 | ||
|
|
17851b7586 | ||
|
|
118e2fa610 | ||
|
|
8e3553462c | ||
|
|
37da47d811 | ||
|
|
a640a468fb | ||
|
|
92f034766e | ||
|
|
f7ea451df8 | ||
|
|
1b7f54b462 | ||
|
|
b14b12231a | ||
|
|
2866be9462 | ||
|
|
f8648644bf | ||
|
|
69d4d48db0 | ||
|
|
df309749f2 | ||
|
|
58751067db | ||
|
|
4fd70cf79b | ||
|
|
ff15bad375 | ||
|
|
cba5bb1676 |
@@ -31,6 +31,7 @@ contribution on JupyterHub:
|
||||
- JamiesHQ
|
||||
- jbweston
|
||||
- jdavidheiser
|
||||
- jencabral
|
||||
- jhamrick
|
||||
- josephtate
|
||||
- kinuax
|
||||
|
||||
@@ -49,9 +49,6 @@ c.JupyterHub.cookie_secret_file = pjoin(runtime_dir, 'cookie_secret')
|
||||
c.JupyterHub.db_url = pjoin(runtime_dir, 'jupyterhub.sqlite')
|
||||
# or `--db=/path/to/jupyterhub.sqlite` on the command-line
|
||||
|
||||
# put the log file in /var/log
|
||||
c.JupyterHub.extra_log_file = '/var/log/jupyterhub.log'
|
||||
|
||||
# use GitHub OAuthenticator for local users
|
||||
c.JupyterHub.authenticator_class = 'oauthenticator.LocalGitHubOAuthenticator'
|
||||
c.GitHubOAuthenticator.oauth_callback_url = os.environ['OAUTH_CALLBACK_URL']
|
||||
@@ -79,7 +76,8 @@ export GITHUB_CLIENT_ID=github_id
|
||||
export GITHUB_CLIENT_SECRET=github_secret
|
||||
export OAUTH_CALLBACK_URL=https://example.com/hub/oauth_callback
|
||||
export CONFIGPROXY_AUTH_TOKEN=super-secret
|
||||
jupyterhub -f /etc/jupyterhub/jupyterhub_config.py
|
||||
# append log output to log file /var/log/jupyterhub.log
|
||||
jupyterhub -f /etc/jupyterhub/jupyterhub_config.py &>> /var/log/jupyterhub.log
|
||||
```
|
||||
|
||||
## Using nginx reverse proxy
|
||||
|
||||
@@ -40,8 +40,11 @@ from tornado.options import define, options, parse_command_line
|
||||
|
||||
|
||||
@coroutine
|
||||
def cull_idle(url, api_token, timeout):
|
||||
"""cull idle single-user servers"""
|
||||
def cull_idle(url, api_token, timeout, cull_users=False):
|
||||
"""Shutdown idle single-user servers
|
||||
|
||||
If cull_users, inactive *users* will be deleted as well.
|
||||
"""
|
||||
auth_header = {
|
||||
'Authorization': 'token %s' % api_token
|
||||
}
|
||||
@@ -54,26 +57,50 @@ def cull_idle(url, api_token, timeout):
|
||||
resp = yield client.fetch(req)
|
||||
users = json.loads(resp.body.decode('utf8', 'replace'))
|
||||
futures = []
|
||||
for user in users:
|
||||
last_activity = parse_date(user['last_activity'])
|
||||
if user['server'] and last_activity < cull_limit:
|
||||
app_log.info("Culling %s (inactive since %s)", user['name'], last_activity)
|
||||
|
||||
@coroutine
|
||||
def cull_one(user, last_activity):
|
||||
"""cull one user"""
|
||||
|
||||
# shutdown server first. Hub doesn't allow deleting users with running servers.
|
||||
if user['server']:
|
||||
app_log.info("Culling server for %s (inactive since %s)", user['name'], last_activity)
|
||||
req = HTTPRequest(url=url + '/users/%s/server' % user['name'],
|
||||
method='DELETE',
|
||||
headers=auth_header,
|
||||
)
|
||||
futures.append((user['name'], client.fetch(req)))
|
||||
elif user['server'] and last_activity > cull_limit:
|
||||
yield client.fetch(req)
|
||||
if cull_users:
|
||||
app_log.info("Culling user %s (inactive since %s)", user['name'], last_activity)
|
||||
req = HTTPRequest(url=url + '/users/%s' % user['name'],
|
||||
method='DELETE',
|
||||
headers=auth_header,
|
||||
)
|
||||
yield client.fetch(req)
|
||||
|
||||
for user in users:
|
||||
if not user['server'] and not cull_users:
|
||||
# server not running and not culling users, nothing to do
|
||||
continue
|
||||
last_activity = parse_date(user['last_activity'])
|
||||
if last_activity < cull_limit:
|
||||
futures.append((user['name'], cull_one(user, last_activity)))
|
||||
else:
|
||||
app_log.debug("Not culling %s (active since %s)", user['name'], last_activity)
|
||||
|
||||
for (name, f) in futures:
|
||||
yield f
|
||||
app_log.debug("Finished culling %s", name)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
define('url', default=os.environ.get('JUPYTERHUB_API_URL'), help="The JupyterHub API URL")
|
||||
define('timeout', default=600, help="The idle timeout (in seconds)")
|
||||
define('cull_every', default=0, help="The interval (in seconds) for checking for idle servers to cull")
|
||||
define('cull_users', default=False,
|
||||
help="""Cull users in addition to servers.
|
||||
This is for use in temporary-user cases such as tmpnb.""",
|
||||
)
|
||||
|
||||
parse_command_line()
|
||||
if not options.cull_every:
|
||||
@@ -82,7 +109,7 @@ if __name__ == '__main__':
|
||||
api_token = os.environ['JUPYTERHUB_API_TOKEN']
|
||||
|
||||
loop = IOLoop.current()
|
||||
cull = lambda : cull_idle(options.url, api_token, options.timeout)
|
||||
cull = lambda : cull_idle(options.url, api_token, options.timeout, options.cull_users)
|
||||
# run once before scheduling periodic call
|
||||
loop.run_sync(cull)
|
||||
# schedule periodic cull
|
||||
|
||||
@@ -7,7 +7,7 @@ version_info = (
|
||||
0,
|
||||
8,
|
||||
0,
|
||||
'b2',
|
||||
'b5',
|
||||
)
|
||||
|
||||
__version__ = '.'.join(map(str, version_info))
|
||||
@@ -28,6 +28,7 @@ def _check_version(hub_version, singleuser_version, log):
|
||||
from distutils.version import LooseVersion as V
|
||||
hub_major_minor = V(hub_version).version[:2]
|
||||
singleuser_major_minor = V(singleuser_version).version[:2]
|
||||
extra = ""
|
||||
if singleuser_major_minor == hub_major_minor:
|
||||
# patch-level mismatch or lower, log difference at debug-level
|
||||
# because this should be fine
|
||||
@@ -35,8 +36,11 @@ def _check_version(hub_version, singleuser_version, log):
|
||||
else:
|
||||
# log warning-level for more significant mismatch, such as 0.8 vs 0.9, etc.
|
||||
log_method = log.warning
|
||||
log_method("jupyterhub version %s != jupyterhub-singleuser version %s",
|
||||
hub_version, singleuser_version,
|
||||
extra = " This could cause failure to authenticate and result in redirect loops!"
|
||||
log_method(
|
||||
"jupyterhub version %s != jupyterhub-singleuser version %s." + extra,
|
||||
hub_version,
|
||||
singleuser_version,
|
||||
)
|
||||
else:
|
||||
log.debug("jupyterhub and jupyterhub-singleuser both on version %s" % hub_version)
|
||||
|
||||
@@ -41,15 +41,27 @@ class TokenAPIHandler(APIHandler):
|
||||
# for authenticators where that's possible
|
||||
data = self.get_json_body()
|
||||
try:
|
||||
authenticated = yield self.authenticate(self, data)
|
||||
user = yield self.login_user(data)
|
||||
except Exception as e:
|
||||
self.log.error("Failure trying to authenticate with form data: %s" % e)
|
||||
authenticated = None
|
||||
if authenticated is None:
|
||||
user = None
|
||||
if user is None:
|
||||
raise web.HTTPError(403)
|
||||
user = self.find_user(authenticated['name'])
|
||||
else:
|
||||
data = self.get_json_body()
|
||||
# admin users can request
|
||||
if data and data.get('username') != user.name:
|
||||
if user.admin:
|
||||
user = self.find_user(data['username'])
|
||||
if user is None:
|
||||
raise web.HTTPError(400, "No such user '%s'" % data['username'])
|
||||
else:
|
||||
raise web.HTTPError(403, "Only admins can request tokens for other users.")
|
||||
api_token = user.new_api_token()
|
||||
self.write(json.dumps({'token': api_token}))
|
||||
self.write(json.dumps({
|
||||
'token': api_token,
|
||||
'user': self.user_model(user),
|
||||
}))
|
||||
|
||||
|
||||
class CookieAPIHandler(APIHandler):
|
||||
|
||||
@@ -104,22 +104,17 @@ class APIHandler(BaseHandler):
|
||||
'pending': None,
|
||||
'last_activity': user.last_activity.isoformat(),
|
||||
}
|
||||
if user.spawners['']._spawn_pending:
|
||||
model['pending'] = 'spawn'
|
||||
elif user.spawners['']._stop_pending:
|
||||
model['pending'] = 'stop'
|
||||
model['pending'] = user.spawners[''].pending or None
|
||||
|
||||
if self.allow_named_servers:
|
||||
servers = model['servers'] = {}
|
||||
for name, spawner in user.spawners.items():
|
||||
if spawner.ready:
|
||||
servers[name] = s = {'name': name}
|
||||
if spawner._spawn_pending:
|
||||
s['pending'] = 'spawn'
|
||||
elif spawner._stop_pending:
|
||||
s['pending'] = 'stop'
|
||||
if spawner.pending:
|
||||
s['pending'] = spawner.pending
|
||||
if spawner.server:
|
||||
s['url'] = user.url + name
|
||||
s['url'] = user.url + name + '/'
|
||||
return model
|
||||
|
||||
def group_model(self, group):
|
||||
|
||||
@@ -178,19 +178,34 @@ class UserAPIHandler(APIHandler):
|
||||
|
||||
class UserServerAPIHandler(APIHandler):
|
||||
"""Start and stop single-user servers"""
|
||||
|
||||
@gen.coroutine
|
||||
@admin_or_self
|
||||
def post(self, name, server_name=''):
|
||||
user = self.find_user(name)
|
||||
if server_name:
|
||||
if not self.allow_named_servers:
|
||||
raise web.HTTPError(400, "Named servers are not enabled.")
|
||||
if server_name and not self.allow_named_servers:
|
||||
raise web.HTTPError(400, "Named servers are not enabled.")
|
||||
if self.allow_named_servers and not server_name:
|
||||
server_name = user.default_server_name()
|
||||
spawner = user.spawners[server_name]
|
||||
pending = spawner.pending
|
||||
if pending == 'spawn':
|
||||
self.set_header('Content-Type', 'text/plain')
|
||||
self.set_status(202)
|
||||
return
|
||||
elif pending:
|
||||
raise web.HTTPError(400, "%s is pending %s" % (spawner._log_name, pending))
|
||||
|
||||
if spawner.ready:
|
||||
# include notify, so that a server that died is noticed immediately
|
||||
state = yield spawner.poll_and_notify()
|
||||
# set _spawn_pending flag to prevent races while we wait
|
||||
spawner._spawn_pending = True
|
||||
try:
|
||||
state = yield spawner.poll_and_notify()
|
||||
finally:
|
||||
spawner._spawn_pending = False
|
||||
if state is None:
|
||||
raise web.HTTPError(400, "%s's server %s is already running" % (name, server_name))
|
||||
raise web.HTTPError(400, "%s is already running" % spawner._log_name)
|
||||
|
||||
options = self.get_json_body()
|
||||
yield self.spawn_single_user(user, server_name, options=options)
|
||||
@@ -209,17 +224,21 @@ class UserServerAPIHandler(APIHandler):
|
||||
raise web.HTTPError(404, "%s has no server named '%s'" % (name, server_name))
|
||||
|
||||
spawner = user.spawners[server_name]
|
||||
|
||||
if spawner._stop_pending:
|
||||
if spawner.pending == 'stop':
|
||||
self.log.debug("%s already stopping", spawner._log_name)
|
||||
self.set_header('Content-Type', 'text/plain')
|
||||
self.set_status(202)
|
||||
return
|
||||
|
||||
if not spawner.ready:
|
||||
raise web.HTTPError(400, "%s's server %s is not running" % (name, server_name))
|
||||
raise web.HTTPError(
|
||||
400, "%s is not running %s" %
|
||||
(spawner._log_name, '(pending: %s)' % spawner.pending if spawner.pending else '')
|
||||
)
|
||||
# include notify, so that a server that died is noticed immediately
|
||||
status = yield spawner.poll_and_notify()
|
||||
if status is not None:
|
||||
raise web.HTTPError(400, "%s's server %s is not running" % (name, server_name))
|
||||
raise web.HTTPError(400, "%s is not running" % spawner._log_name)
|
||||
yield self.stop_single_user(user, server_name)
|
||||
status = 202 if spawner._stop_pending else 204
|
||||
self.set_header('Content-Type', 'text/plain')
|
||||
|
||||
@@ -291,13 +291,13 @@ class JupyterHub(Application):
|
||||
ssl_key = Unicode('',
|
||||
help="""Path to SSL key file for the public facing interface of the proxy
|
||||
|
||||
Use with ssl_cert
|
||||
When setting this, you should also set ssl_cert
|
||||
"""
|
||||
).tag(config=True)
|
||||
ssl_cert = Unicode('',
|
||||
help="""Path to SSL certificate file for the public facing interface of the proxy
|
||||
|
||||
Use with ssl_key
|
||||
When setting this, you should also set ssl_key
|
||||
"""
|
||||
).tag(config=True)
|
||||
ip = Unicode('',
|
||||
@@ -360,7 +360,7 @@ class JupyterHub(Application):
|
||||
proxy_cmd = Command([], config=True,
|
||||
help="DEPRECATED since version 0.8. Use ConfigurableHTTPProxy.command",
|
||||
).tag(config=True)
|
||||
|
||||
|
||||
debug_proxy = Bool(False,
|
||||
help="DEPRECATED since version 0.8: Use ConfigurableHTTPProxy.debug",
|
||||
).tag(config=True)
|
||||
@@ -465,7 +465,7 @@ class JupyterHub(Application):
|
||||
help="""The cookie secret to use to encrypt cookies.
|
||||
|
||||
Loaded from the JPY_COOKIE_SECRET env variable by default.
|
||||
|
||||
|
||||
Should be exactly 256 bits (32 bytes).
|
||||
"""
|
||||
).tag(
|
||||
@@ -801,12 +801,10 @@ class JupyterHub(Application):
|
||||
self.handlers = self.add_url_prefix(self.hub_prefix, h)
|
||||
# some extra handlers, outside hub_prefix
|
||||
self.handlers.extend([
|
||||
(r"%s" % self.hub_prefix.rstrip('/'), web.RedirectHandler,
|
||||
{
|
||||
"url": self.hub_prefix,
|
||||
"permanent": False,
|
||||
}
|
||||
),
|
||||
# add trailing / to `/hub`
|
||||
(self.hub_prefix.rstrip('/'), handlers.AddSlashHandler),
|
||||
# add trailing / to ``/user|services/:name`
|
||||
(r"%s(user|services)/([^/]+)" % self.base_url, handlers.AddSlashHandler),
|
||||
(r"(?!%s).*" % self.hub_prefix, handlers.PrefixRedirectHandler),
|
||||
(r'(.*)', handlers.Template404),
|
||||
])
|
||||
@@ -1568,7 +1566,7 @@ class JupyterHub(Application):
|
||||
break
|
||||
else:
|
||||
self.log.error("Cannot connect to %s service %s at %s. Is it running?", service.kind, service_name, service.url)
|
||||
|
||||
|
||||
yield self.proxy.check_routes(self.users, self._service_map)
|
||||
|
||||
|
||||
|
||||
@@ -20,7 +20,7 @@ from .. import __version__
|
||||
from .. import orm
|
||||
from ..objects import Server
|
||||
from ..spawner import LocalProcessSpawner
|
||||
from ..utils import url_path_join, exponential_backoff
|
||||
from ..utils import default_server_name, url_path_join
|
||||
|
||||
# pattern for the authentication token header
|
||||
auth_header_pat = re.compile(r'^(?:token|bearer)\s+([^\s]+)$', flags=re.IGNORECASE)
|
||||
@@ -347,7 +347,7 @@ class BaseHandler(RequestHandler):
|
||||
else:
|
||||
self.statsd.incr('login.failure')
|
||||
self.statsd.timing('login.authenticate.failure', auth_timer.ms)
|
||||
self.log.warning("Failed login for %s", data.get('username', 'unknown user'))
|
||||
self.log.warning("Failed login for %s", (data or {}).get('username', 'unknown user'))
|
||||
|
||||
|
||||
#---------------------------------------------------------------
|
||||
@@ -376,8 +376,19 @@ class BaseHandler(RequestHandler):
|
||||
|
||||
@gen.coroutine
|
||||
def spawn_single_user(self, user, server_name='', options=None):
|
||||
if server_name in user.spawners and user.spawners[server_name].pending == 'spawn':
|
||||
raise RuntimeError("Spawn already pending for: %s" % user.name)
|
||||
# in case of error, include 'try again from /hub/home' message
|
||||
self.extra_error_html = self.spawn_home_error
|
||||
|
||||
user_server_name = user.name
|
||||
if self.allow_named_servers and not server_name:
|
||||
server_name = default_server_name(user)
|
||||
|
||||
if server_name:
|
||||
user_server_name = '%s:%s' % (user.name, server_name)
|
||||
|
||||
if server_name in user.spawners and user.spawners[server_name].pending:
|
||||
pending = user.spawners[server_name].pending
|
||||
raise RuntimeError("%s pending %s" % (user_server_name, pending))
|
||||
|
||||
# count active servers and pending spawns
|
||||
# we could do careful bookkeeping to avoid
|
||||
@@ -391,32 +402,26 @@ class BaseHandler(RequestHandler):
|
||||
active_server_limit = self.active_server_limit
|
||||
|
||||
if concurrent_spawn_limit and spawn_pending_count >= concurrent_spawn_limit:
|
||||
self.log.info(
|
||||
'%s pending spawns, throttling',
|
||||
spawn_pending_count,
|
||||
)
|
||||
raise web.HTTPError(
|
||||
429,
|
||||
"User startup rate limit exceeded. Try again in a few minutes.")
|
||||
self.log.info(
|
||||
'%s pending spawns, throttling',
|
||||
spawn_pending_count,
|
||||
)
|
||||
raise web.HTTPError(
|
||||
429,
|
||||
"User startup rate limit exceeded. Try again in a few minutes.",
|
||||
)
|
||||
if active_server_limit and active_count >= active_server_limit:
|
||||
self.log.info(
|
||||
'%s servers active, no space available',
|
||||
active_count,
|
||||
)
|
||||
raise web.HTTPError(
|
||||
429,
|
||||
"Active user limit exceeded. Try again in a few minutes.")
|
||||
self.log.info(
|
||||
'%s servers active, no space available',
|
||||
active_count,
|
||||
)
|
||||
raise web.HTTPError(429, "Active user limit exceeded. Try again in a few minutes.")
|
||||
|
||||
tic = IOLoop.current().time()
|
||||
user_server_name = user.name
|
||||
if server_name:
|
||||
user_server_name = '%s:%s' % (user.name, server_name)
|
||||
else:
|
||||
user_server_name = user.name
|
||||
|
||||
self.log.debug("Initiating spawn for %s", user_server_name)
|
||||
|
||||
f = user.spawn(server_name, options)
|
||||
spawn_future = user.spawn(server_name, options)
|
||||
|
||||
self.log.debug("%i%s concurrent spawns",
|
||||
spawn_pending_count,
|
||||
@@ -426,22 +431,24 @@ class BaseHandler(RequestHandler):
|
||||
'/%i' % active_server_limit if active_server_limit else '')
|
||||
|
||||
spawner = user.spawners[server_name]
|
||||
# set spawn_pending now, so there's no gap where _spawn_pending is False
|
||||
# while we are waiting for _proxy_pending to be set
|
||||
spawner._spawn_pending = True
|
||||
|
||||
@gen.coroutine
|
||||
def finish_user_spawn(f=None):
|
||||
def finish_user_spawn():
|
||||
"""Finish the user spawn by registering listeners and notifying the proxy.
|
||||
|
||||
If the spawner is slow to start, this is passed as an async callback,
|
||||
otherwise it is called immediately.
|
||||
"""
|
||||
if f and f.exception() is not None:
|
||||
# failed, don't add to the proxy
|
||||
return
|
||||
# wait for spawn Future
|
||||
yield spawn_future
|
||||
toc = IOLoop.current().time()
|
||||
self.log.info("User %s took %.3f seconds to start", user_server_name, toc-tic)
|
||||
self.statsd.timing('spawner.success', (toc - tic) * 1000)
|
||||
spawner._proxy_pending = True
|
||||
try:
|
||||
spawner._proxy_pending = True
|
||||
yield self.proxy.add_user(user, server_name)
|
||||
except Exception:
|
||||
self.log.exception("Failed to add %s to proxy!", user_server_name)
|
||||
@@ -452,36 +459,53 @@ class BaseHandler(RequestHandler):
|
||||
finally:
|
||||
spawner._proxy_pending = False
|
||||
|
||||
# hook up spawner._spawn_future so that other requests can await
|
||||
# this result
|
||||
finish_spawn_future = spawner._spawn_future = finish_user_spawn()
|
||||
def _clear_spawn_future(f):
|
||||
# clear spawner._spawn_future when it's done
|
||||
# keep an exception around, though, to prevent repeated implicit spawns
|
||||
# if spawn is failing
|
||||
if f.exception() is None:
|
||||
spawner._spawn_future = None
|
||||
# Now we're all done. clear _spawn_pending flag
|
||||
spawner._spawn_pending = False
|
||||
finish_spawn_future.add_done_callback(_clear_spawn_future)
|
||||
|
||||
try:
|
||||
yield gen.with_timeout(timedelta(seconds=self.slow_spawn_timeout), f)
|
||||
yield gen.with_timeout(timedelta(seconds=self.slow_spawn_timeout), finish_spawn_future)
|
||||
except gen.TimeoutError:
|
||||
# waiting_for_response indicates server process has started,
|
||||
# but is yet to become responsive.
|
||||
if not spawner._waiting_for_response:
|
||||
if spawner._spawn_pending and not spawner._waiting_for_response:
|
||||
# still in Spawner.start, which is taking a long time
|
||||
# we shouldn't poll while spawn is incomplete.
|
||||
self.log.warning("User %s is slow to start (timeout=%s)",
|
||||
user_server_name, self.slow_spawn_timeout)
|
||||
# schedule finish for when the user finishes spawning
|
||||
IOLoop.current().add_future(f, finish_user_spawn)
|
||||
else:
|
||||
# start has finished, but the server hasn't come up
|
||||
# check if the server died while we were waiting
|
||||
status = yield user.spawner.poll()
|
||||
if status is None:
|
||||
# hit timeout, but server's running. Hope that it'll show up soon enough,
|
||||
# though it's possible that it started at the wrong URL
|
||||
self.log.warning("User %s is slow to become responsive (timeout=%s)",
|
||||
user_server_name, self.slow_spawn_timeout)
|
||||
self.log.debug("Expecting server for %s at: %s", user_server_name, spawner.server.url)
|
||||
# schedule finish for when the user finishes spawning
|
||||
IOLoop.current().add_future(f, finish_user_spawn)
|
||||
else:
|
||||
toc = IOLoop.current().time()
|
||||
self.statsd.timing('spawner.failure', (toc - tic) * 1000)
|
||||
raise web.HTTPError(500, "Spawner failed to start [status=%s]" % status)
|
||||
else:
|
||||
yield finish_user_spawn()
|
||||
user_server_name, self.slow_spawn_timeout)
|
||||
return
|
||||
|
||||
# start has finished, but the server hasn't come up
|
||||
# check if the server died while we were waiting
|
||||
status = yield spawner.poll()
|
||||
if status is not None:
|
||||
toc = IOLoop.current().time()
|
||||
self.statsd.timing('spawner.failure', (toc - tic) * 1000)
|
||||
raise web.HTTPError(500, "Spawner failed to start [status=%s]. The logs for %s may contain details." % (
|
||||
status, spawner._log_name))
|
||||
|
||||
if spawner._waiting_for_response:
|
||||
# hit timeout waiting for response, but server's running.
|
||||
# Hope that it'll show up soon enough,
|
||||
# though it's possible that it started at the wrong URL
|
||||
self.log.warning("User %s is slow to become responsive (timeout=%s)",
|
||||
user_server_name, self.slow_spawn_timeout)
|
||||
self.log.debug("Expecting server for %s at: %s",
|
||||
user_server_name, spawner.server.url)
|
||||
if spawner._proxy_pending:
|
||||
# User.spawn finished, but it hasn't been added to the proxy
|
||||
# Could be due to load or a slow proxy
|
||||
self.log.warning("User %s is slow to be added to the proxy (timeout=%s)",
|
||||
user_server_name, self.slow_spawn_timeout)
|
||||
|
||||
@gen.coroutine
|
||||
def user_stopped(self, user, server_name):
|
||||
@@ -501,41 +525,55 @@ class BaseHandler(RequestHandler):
|
||||
if name not in user.spawners:
|
||||
raise KeyError("User %s has no such spawner %r", user.name, name)
|
||||
spawner = user.spawners[name]
|
||||
if spawner._stop_pending:
|
||||
raise RuntimeError("Stop already pending for: %s:%s" % (user.name, name))
|
||||
tic = IOLoop.current().time()
|
||||
yield self.proxy.delete_user(user, name)
|
||||
f = user.stop()
|
||||
@gen.coroutine
|
||||
def finish_stop(f=None):
|
||||
"""Finish the stop action by noticing that the user is stopped.
|
||||
if spawner.pending:
|
||||
raise RuntimeError("%s pending %s" % (spawner._log_name, spawner.pending))
|
||||
# set user._stop_pending before doing anything async
|
||||
# to avoid races
|
||||
spawner._stop_pending = True
|
||||
|
||||
If the spawner is slow to stop, this is passed as an async callback,
|
||||
otherwise it is called immediately.
|
||||
@gen.coroutine
|
||||
def stop():
|
||||
"""Stop the server
|
||||
|
||||
1. remove it from the proxy
|
||||
2. stop the server
|
||||
3. notice that it stopped
|
||||
"""
|
||||
if f and f.exception() is not None:
|
||||
# failed, don't do anything
|
||||
return
|
||||
tic = IOLoop.current().time()
|
||||
try:
|
||||
yield self.proxy.delete_user(user, name)
|
||||
yield user.stop(name)
|
||||
finally:
|
||||
spawner._stop_pending = False
|
||||
toc = IOLoop.current().time()
|
||||
self.log.info("User %s server took %.3f seconds to stop", user.name, toc-tic)
|
||||
self.log.info("User %s server took %.3f seconds to stop", user.name, toc - tic)
|
||||
|
||||
try:
|
||||
yield gen.with_timeout(timedelta(seconds=self.slow_stop_timeout), f)
|
||||
yield gen.with_timeout(timedelta(seconds=self.slow_stop_timeout), stop())
|
||||
except gen.TimeoutError:
|
||||
if spawner._stop_pending:
|
||||
# hit timeout, but stop is still pending
|
||||
self.log.warning("User %s:%s server is slow to stop", user.name, name)
|
||||
# schedule finish for when the server finishes stopping
|
||||
IOLoop.current().add_future(f, finish_stop)
|
||||
else:
|
||||
raise
|
||||
else:
|
||||
yield finish_stop()
|
||||
|
||||
#---------------------------------------------------------------
|
||||
# template rendering
|
||||
#---------------------------------------------------------------
|
||||
|
||||
@property
|
||||
def spawn_home_error(self):
|
||||
"""Extra message pointing users to try spawning again from /hub/home.
|
||||
|
||||
Should be added to `self.extra_error_html` for any handler
|
||||
that could serve a failed spawn message.
|
||||
"""
|
||||
home = url_path_join(self.hub.base_url, 'home')
|
||||
return (
|
||||
"You can try restarting your server from the "
|
||||
"<a href='{home}'>home page</a>.".format(home=home)
|
||||
)
|
||||
|
||||
def get_template(self, name):
|
||||
"""Return the jinja template object for a given name"""
|
||||
return self.settings['jinja2_env'].get_template(name)
|
||||
@@ -583,6 +621,7 @@ class BaseHandler(RequestHandler):
|
||||
status_code=status_code,
|
||||
status_message=status_message,
|
||||
message=message,
|
||||
extra_error_html=getattr(self, 'extra_error_html', ''),
|
||||
exception=exception,
|
||||
)
|
||||
|
||||
@@ -636,10 +675,13 @@ class UserSpawnHandler(BaseHandler):
|
||||
current_user = self.get_current_user()
|
||||
|
||||
if current_user and current_user.name == name:
|
||||
# if spawning fails for any reason, point users to /hub/home to retry
|
||||
self.extra_error_html = self.spawn_home_error
|
||||
|
||||
# If people visit /user/:name directly on the Hub,
|
||||
# the redirects will just loop, because the proxy is bypassed.
|
||||
# Try to check for that and warn,
|
||||
# though the user-facing behavior is unchainged
|
||||
# though the user-facing behavior is unchanged
|
||||
host_info = urlparse(self.request.full_url())
|
||||
port = host_info.port
|
||||
if not port:
|
||||
@@ -651,9 +693,36 @@ class UserSpawnHandler(BaseHandler):
|
||||
Make sure to connect to the proxied public URL %s
|
||||
""", self.request.full_url(), self.proxy.public_url)
|
||||
|
||||
# logged in as correct user, spawn the server
|
||||
# logged in as correct user, check for pending spawn
|
||||
spawner = current_user.spawner
|
||||
if spawner._spawn_pending or spawner._proxy_pending:
|
||||
|
||||
# First, check for previous failure.
|
||||
if (
|
||||
not spawner.active
|
||||
and spawner._spawn_future
|
||||
and spawner._spawn_future.done()
|
||||
and spawner._spawn_future.exception()
|
||||
):
|
||||
# Condition: spawner not active and _spawn_future exists and contains an Exception
|
||||
# Implicit spawn on /user/:name is not allowed if the user's last spawn failed.
|
||||
# We should point the user to Home if the most recent spawn failed.
|
||||
self.log.error("Preventing implicit spawn for %s because last spawn failed: %s",
|
||||
spawner._log_name, spawner._spawn_future.exception())
|
||||
raise spawner._spawn_future.exception()
|
||||
|
||||
# check for pending spawn
|
||||
if spawner.pending and spawner._spawn_future:
|
||||
# wait on the pending spawn
|
||||
self.log.debug("Waiting for %s pending %s", spawner._log_name, spawner.pending)
|
||||
try:
|
||||
yield gen.with_timeout(timedelta(seconds=self.slow_spawn_timeout), spawner._spawn_future)
|
||||
except gen.TimeoutError:
|
||||
self.log.info("Pending spawn for %s didn't finish in %.1f seconds", spawner._log_name, self.slow_spawn_timeout)
|
||||
pass
|
||||
|
||||
# we may have waited above, check pending again:
|
||||
if spawner.pending:
|
||||
self.log.info("%s is pending %s", spawner._log_name, spawner.pending)
|
||||
# spawn has started, but not finished
|
||||
self.statsd.incr('redirects.user_spawn_pending', 1)
|
||||
html = self.render_template("spawn_pending.html", user=current_user)
|
||||
@@ -661,7 +730,12 @@ class UserSpawnHandler(BaseHandler):
|
||||
return
|
||||
|
||||
# spawn has supposedly finished, check on the status
|
||||
status = yield spawner.poll()
|
||||
if spawner.ready:
|
||||
status = yield spawner.poll()
|
||||
else:
|
||||
status = 0
|
||||
|
||||
# server is not running, trigger spawn
|
||||
if status is not None:
|
||||
if spawner.options_form:
|
||||
self.redirect(url_concat(url_path_join(self.hub.base_url, 'spawn'),
|
||||
@@ -670,6 +744,15 @@ class UserSpawnHandler(BaseHandler):
|
||||
else:
|
||||
yield self.spawn_single_user(current_user)
|
||||
|
||||
# spawn didn't finish, show pending page
|
||||
if spawner.pending:
|
||||
self.log.info("%s is pending %s", spawner._log_name, spawner.pending)
|
||||
# spawn has started, but not finished
|
||||
self.statsd.incr('redirects.user_spawn_pending', 1)
|
||||
html = self.render_template("spawn_pending.html", user=current_user)
|
||||
self.finish(html)
|
||||
return
|
||||
|
||||
# We do exponential backoff here - since otherwise we can get stuck in a redirect loop!
|
||||
# This is important in many distributed proxy implementations - those are often eventually
|
||||
# consistent and can take upto a couple of seconds to actually apply throughout the cluster.
|
||||
@@ -679,9 +762,23 @@ class UserSpawnHandler(BaseHandler):
|
||||
self.log.warning("Invalid redirects argument %r", self.get_argument('redirects'))
|
||||
redirects = 0
|
||||
|
||||
if redirects >= self.settings.get('user_redirect_limit', 5):
|
||||
# check redirect limit to prevent browser-enforced limits.
|
||||
# In case of version mismatch, raise on only two redirects.
|
||||
if redirects >= self.settings.get(
|
||||
'user_redirect_limit', 4
|
||||
) or (redirects >= 2 and spawner._jupyterhub_version != __version__):
|
||||
# We stop if we've been redirected too many times.
|
||||
raise web.HTTPError(500, "Redirect loop detected.")
|
||||
msg = "Redirect loop detected."
|
||||
if spawner._jupyterhub_version != __version__:
|
||||
msg += (
|
||||
" Notebook has jupyterhub version {singleuser}, but the Hub expects {hub}."
|
||||
" Try installing jupyterhub=={hub} in the user environment"
|
||||
" if you continue to have problems."
|
||||
).format(
|
||||
singleuser=spawner._jupyterhub_version or 'unknown (likely < 0.8)',
|
||||
hub=__version__,
|
||||
)
|
||||
raise web.HTTPError(500, msg)
|
||||
|
||||
# set login cookie anew
|
||||
self.set_login_cookie(current_user)
|
||||
@@ -755,6 +852,13 @@ class CSPReportHandler(BaseHandler):
|
||||
self.statsd.incr('csp_report')
|
||||
|
||||
|
||||
class AddSlashHandler(BaseHandler):
|
||||
"""Handler for adding trailing slash to URLs that need them"""
|
||||
def get(self, *args):
|
||||
src = urlparse(self.request.uri)
|
||||
dest = src._replace(path=src.path + '/')
|
||||
self.redirect(urlunparse(dest))
|
||||
|
||||
default_handlers = [
|
||||
(r'/user/([^/]+)(/.*)?', UserSpawnHandler),
|
||||
(r'/user-redirect/(.*)?', UserRedirectHandler),
|
||||
|
||||
@@ -84,10 +84,11 @@ class LoginHandler(BaseHandler):
|
||||
|
||||
if user:
|
||||
already_running = False
|
||||
if user.spawner:
|
||||
if user.spawner.ready:
|
||||
status = yield user.spawner.poll()
|
||||
already_running = (status is None)
|
||||
if not already_running and not user.spawner.options_form:
|
||||
if not already_running and not user.spawner.options_form \
|
||||
and not user.spawner.pending:
|
||||
# logging in triggers spawn
|
||||
yield self.spawn_single_user(user)
|
||||
self.redirect(self.get_next_url())
|
||||
|
||||
@@ -67,9 +67,13 @@ class HomeHandler(BaseHandler):
|
||||
if user.running:
|
||||
# trigger poll_and_notify event in case of a server that died
|
||||
yield user.spawner.poll_and_notify()
|
||||
# send the user to /spawn if they aren't running,
|
||||
# to establish that this is an explicit spawn request rather
|
||||
# than an implicit one, which can be caused by any link to `/user/:name`
|
||||
url = user.url if user.running else url_path_join(self.hub.base_url, 'spawn')
|
||||
html = self.render_template('home.html',
|
||||
user=user,
|
||||
url=user.url,
|
||||
url=url,
|
||||
)
|
||||
self.finish(html)
|
||||
|
||||
@@ -92,7 +96,10 @@ class SpawnHandler(BaseHandler):
|
||||
|
||||
@web.authenticated
|
||||
def get(self):
|
||||
"""GET renders form for spawning with user-specified options"""
|
||||
"""GET renders form for spawning with user-specified options
|
||||
|
||||
or triggers spawn via redirect if there is no form.
|
||||
"""
|
||||
user = self.get_current_user()
|
||||
if not self.allow_named_servers and user.running:
|
||||
url = user.url
|
||||
@@ -102,7 +109,12 @@ class SpawnHandler(BaseHandler):
|
||||
if user.spawner.options_form:
|
||||
self.finish(self._render_form())
|
||||
else:
|
||||
# not running, no form. Trigger spawn.
|
||||
# Explicit spawn request: clear _spawn_future
|
||||
# which may have been saved to prevent implicit spawns
|
||||
# after a failure.
|
||||
if user.spawner._spawn_future and user.spawner._spawn_future.done():
|
||||
user.spawner._spawn_future = None
|
||||
# not running, no form. Trigger spawn by redirecting to /user/:name
|
||||
self.redirect(user.url)
|
||||
|
||||
@web.authenticated
|
||||
@@ -115,6 +127,10 @@ class SpawnHandler(BaseHandler):
|
||||
self.log.warning("User is already running: %s", url)
|
||||
self.redirect(url)
|
||||
return
|
||||
if user.spawner.pending:
|
||||
raise web.HTTPError(
|
||||
400, "%s is pending %s" % (user.spawner._log_name, user.spawner.pending)
|
||||
)
|
||||
form_options = {}
|
||||
for key, byte_list in self.request.body_arguments.items():
|
||||
form_options[key] = [ bs.decode('utf8') for bs in byte_list ]
|
||||
|
||||
@@ -231,9 +231,10 @@ class Proxy(LoggingConfigurable):
|
||||
user.name, spawner.proxy_spec, spawner.server.host,
|
||||
)
|
||||
|
||||
if spawner._spawn_pending:
|
||||
if spawner.pending and spawner.pending != 'spawn':
|
||||
raise RuntimeError(
|
||||
"User %s's spawn is pending, shouldn't be added to the proxy yet!", user.name)
|
||||
"%s is pending %s, shouldn't be added to the proxy yet!" % (spawner._log_name, spawner.pending)
|
||||
)
|
||||
|
||||
yield self.add_route(
|
||||
spawner.proxy_spec,
|
||||
@@ -326,7 +327,7 @@ class Proxy(LoggingConfigurable):
|
||||
spec, route['target'], spawner.server,
|
||||
)
|
||||
futures.append(self.add_user(user, name))
|
||||
elif spawner._proxy_pending:
|
||||
elif spawner._spawn_pending:
|
||||
good_routes.add(spawner.proxy_spec)
|
||||
|
||||
# check service routes
|
||||
@@ -374,7 +375,7 @@ class Proxy(LoggingConfigurable):
|
||||
self.log.info("Setting up routes on new proxy")
|
||||
yield self.add_hub_route(self.app.hub)
|
||||
yield self.add_all_users(self.app.users)
|
||||
yield self.add_all_services(self.app.services)
|
||||
yield self.add_all_services(self.app._service_map)
|
||||
self.log.info("New proxy back up and good to go")
|
||||
|
||||
|
||||
|
||||
@@ -243,7 +243,8 @@ class HubAuth(Configurable):
|
||||
headers.setdefault('Authorization', 'token %s' % self.api_token)
|
||||
try:
|
||||
r = requests.request(method, url, **kwargs)
|
||||
except requests.ConnectionError:
|
||||
except requests.ConnectionError as e:
|
||||
app_log.error("Error connecting to %s: %s", self.api_url, e)
|
||||
msg = "Failed to connect to Hub API at %r." % self.api_url
|
||||
msg += " Is the Hub accessible at this URL (from host: %s)?" % socket.gethostname()
|
||||
if '127.0.0.1' in self.api_url:
|
||||
@@ -730,6 +731,19 @@ class HubAuthenticated(object):
|
||||
except Exception:
|
||||
self._hub_auth_user_cache = None
|
||||
raise
|
||||
|
||||
# store ?token=... tokens passed via url in a cookie for future requests
|
||||
url_token = self.get_argument('token', '')
|
||||
if (
|
||||
user_model
|
||||
and url_token
|
||||
and getattr(self, '_token_authenticated', False)
|
||||
and hasattr(self.hub_auth, 'set_cookie')
|
||||
):
|
||||
# authenticated via `?token=`
|
||||
# set a cookie for future requests
|
||||
# hub_auth.set_cookie is only available on HubOAuth
|
||||
self.hub_auth.set_cookie(self, url_token)
|
||||
return self._hub_auth_user_cache
|
||||
|
||||
|
||||
|
||||
@@ -18,7 +18,7 @@ from tempfile import mkdtemp
|
||||
from sqlalchemy import inspect
|
||||
|
||||
from tornado import gen
|
||||
from tornado.ioloop import PeriodicCallback, IOLoop
|
||||
from tornado.ioloop import PeriodicCallback
|
||||
|
||||
from traitlets.config import LoggingConfigurable
|
||||
from traitlets import (
|
||||
@@ -49,9 +49,23 @@ class Spawner(LoggingConfigurable):
|
||||
|
||||
# private attributes for tracking status
|
||||
_spawn_pending = False
|
||||
_start_pending = False
|
||||
_stop_pending = False
|
||||
_proxy_pending = False
|
||||
_waiting_for_response = False
|
||||
_jupyterhub_version = None
|
||||
_spawn_future = None
|
||||
|
||||
@property
|
||||
def _log_name(self):
|
||||
"""Return username:servername or username
|
||||
|
||||
Used in logging for consistency with named servers.
|
||||
"""
|
||||
if self.name:
|
||||
return '%s:%s' % (self.user.name, self.name)
|
||||
else:
|
||||
return self.user.name
|
||||
|
||||
@property
|
||||
def pending(self):
|
||||
@@ -59,7 +73,7 @@ class Spawner(LoggingConfigurable):
|
||||
|
||||
Return False if nothing is pending.
|
||||
"""
|
||||
if self._spawn_pending or self._proxy_pending:
|
||||
if self._spawn_pending:
|
||||
return 'spawn'
|
||||
elif self._stop_pending:
|
||||
return 'stop'
|
||||
@@ -89,6 +103,7 @@ class Spawner(LoggingConfigurable):
|
||||
authenticator = Any()
|
||||
hub = Any()
|
||||
orm_spawner = Any()
|
||||
db = Any()
|
||||
|
||||
@observe('orm_spawner')
|
||||
def _orm_spawner_changed(self, change):
|
||||
|
||||
@@ -89,7 +89,7 @@ def api_request(app, *api_path, **kwargs):
|
||||
base_url = app.hub.url
|
||||
headers = kwargs.setdefault('headers', {})
|
||||
|
||||
if 'Authorization' not in headers:
|
||||
if 'Authorization' not in headers and not kwargs.pop('noauth', False):
|
||||
headers.update(auth_header(app.db, 'admin'))
|
||||
|
||||
url = ujoin(base_url, 'api', *api_path)
|
||||
@@ -654,6 +654,50 @@ def test_active_server_limit(app, request):
|
||||
assert counts['pending'] == 0
|
||||
|
||||
|
||||
@mark.gen_test
|
||||
def test_start_stop_race(app, no_patience, slow_spawn):
|
||||
user = add_user(app.db, app, name='panda')
|
||||
spawner = user.spawner
|
||||
# start the server
|
||||
r = yield api_request(app, 'users', user.name, 'server', method='post')
|
||||
assert r.status_code == 202
|
||||
assert spawner.pending == 'spawn'
|
||||
# additional spawns while spawning shouldn't trigger a new spawn
|
||||
with mock.patch.object(spawner, 'start') as m:
|
||||
r = yield api_request(app, 'users', user.name, 'server', method='post')
|
||||
assert r.status_code == 202
|
||||
assert m.call_count == 0
|
||||
|
||||
# stop while spawning is not okay
|
||||
r = yield api_request(app, 'users', user.name, 'server', method='delete')
|
||||
assert r.status_code == 400
|
||||
while not spawner.ready:
|
||||
yield gen.sleep(0.1)
|
||||
|
||||
spawner.delay = 3
|
||||
# stop the spawner
|
||||
r = yield api_request(app, 'users', user.name, 'server', method='delete')
|
||||
assert r.status_code == 202
|
||||
assert spawner.pending == 'stop'
|
||||
# make sure we get past deleting from the proxy
|
||||
yield gen.sleep(1)
|
||||
# additional stops while stopping shouldn't trigger a new stop
|
||||
with mock.patch.object(spawner, 'stop') as m:
|
||||
r = yield api_request(app, 'users', user.name, 'server', method='delete')
|
||||
assert r.status_code == 202
|
||||
assert m.call_count == 0
|
||||
# start while stopping is not allowed
|
||||
with mock.patch.object(spawner, 'start') as m:
|
||||
r = yield api_request(app, 'users', user.name, 'server', method='post')
|
||||
assert r.status_code == 400
|
||||
|
||||
while spawner.active:
|
||||
yield gen.sleep(0.1)
|
||||
# start after stop is okay
|
||||
r = yield api_request(app, 'users', user.name, 'server', method='post')
|
||||
assert r.status_code == 202
|
||||
|
||||
|
||||
@mark.gen_test
|
||||
def test_get_proxy(app):
|
||||
r = yield api_request(app, 'proxy')
|
||||
@@ -711,16 +755,16 @@ def test_token(app):
|
||||
|
||||
|
||||
@mark.gen_test
|
||||
@mark.parametrize("headers, data, status", [
|
||||
({}, None, 200),
|
||||
({'Authorization': ''}, None, 403),
|
||||
({}, {'username': 'fake', 'password': 'fake'}, 200),
|
||||
@mark.parametrize("headers, status", [
|
||||
({}, 200),
|
||||
({'Authorization': 'token bad'}, 403),
|
||||
])
|
||||
def test_get_new_token(app, headers, data, status):
|
||||
if data:
|
||||
data = json.dumps(data)
|
||||
def test_get_new_token(app, headers, status):
|
||||
# request a new token
|
||||
r = yield api_request(app, 'authorizations', 'token', method='post', data=data, headers=headers)
|
||||
r = yield api_request(app, 'authorizations', 'token',
|
||||
method='post',
|
||||
headers=headers,
|
||||
)
|
||||
assert r.status_code == status
|
||||
if status != 200:
|
||||
return
|
||||
@@ -728,7 +772,61 @@ def test_get_new_token(app, headers, data, status):
|
||||
assert 'token' in reply
|
||||
r = yield api_request(app, 'authorizations', 'token', reply['token'])
|
||||
r.raise_for_status()
|
||||
assert 'name' in r.json()
|
||||
reply = r.json()
|
||||
assert reply['name'] == 'admin'
|
||||
|
||||
|
||||
@mark.gen_test
|
||||
def test_token_formdata(app):
|
||||
"""Create a token for a user with formdata and no auth header"""
|
||||
data = {
|
||||
'username': 'fake',
|
||||
'password': 'fake',
|
||||
}
|
||||
r = yield api_request(app, 'authorizations', 'token',
|
||||
method='post',
|
||||
data=json.dumps(data) if data else None,
|
||||
noauth=True,
|
||||
)
|
||||
assert r.status_code == 200
|
||||
reply = r.json()
|
||||
assert 'token' in reply
|
||||
r = yield api_request(app, 'authorizations', 'token', reply['token'])
|
||||
r.raise_for_status()
|
||||
reply = r.json()
|
||||
assert reply['name'] == data['username']
|
||||
|
||||
|
||||
@mark.gen_test
|
||||
@mark.parametrize("as_user, for_user, status", [
|
||||
('admin', 'other', 200),
|
||||
('admin', 'missing', 400),
|
||||
('user', 'other', 403),
|
||||
('user', 'user', 200),
|
||||
])
|
||||
def test_token_as_user(app, as_user, for_user, status):
|
||||
# ensure both users exist
|
||||
u = add_user(app.db, app, name=as_user)
|
||||
if for_user != 'missing':
|
||||
add_user(app.db, app, name=for_user)
|
||||
data = {'username': for_user}
|
||||
headers = {
|
||||
'Authorization': 'token %s' % u.new_api_token(),
|
||||
}
|
||||
r = yield api_request(app, 'authorizations', 'token',
|
||||
method='post',
|
||||
data=json.dumps(data),
|
||||
headers=headers,
|
||||
)
|
||||
assert r.status_code == status
|
||||
reply = r.json()
|
||||
if status != 200:
|
||||
return
|
||||
assert 'token' in reply
|
||||
r = yield api_request(app, 'authorizations', 'token', reply['token'])
|
||||
r.raise_for_status()
|
||||
reply = r.json()
|
||||
assert reply['name'] == data['username']
|
||||
|
||||
|
||||
# ---------------
|
||||
|
||||
@@ -38,6 +38,27 @@ def test_create_named_server(app, named_servers):
|
||||
assert prefix == user.spawners[servername].server.base_url
|
||||
assert prefix.endswith('/user/%s/%s/' % (username, servername))
|
||||
|
||||
r = yield api_request(app, 'users', username)
|
||||
r.raise_for_status()
|
||||
|
||||
user_model = r.json()
|
||||
user_model.pop('last_activity')
|
||||
assert user_model == {
|
||||
'name': username,
|
||||
'groups': [],
|
||||
'kind': 'user',
|
||||
'admin': False,
|
||||
'pending': None,
|
||||
'server': None,
|
||||
'servers': {
|
||||
name: {
|
||||
'name': name,
|
||||
'url': url_path_join(user.url, name, '/'),
|
||||
}
|
||||
for name in ['1', servername]
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
@pytest.mark.gen_test
|
||||
def test_delete_named_server(app, named_servers):
|
||||
@@ -69,9 +90,9 @@ def test_delete_named_server(app, named_servers):
|
||||
'servers': {
|
||||
name: {
|
||||
'name': name,
|
||||
'url': url_path_join(user.url, name),
|
||||
'url': url_path_join(user.url, name, '/'),
|
||||
}
|
||||
for name in ['1', servername]
|
||||
for name in ['1']
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
@@ -126,7 +126,7 @@ def test_spawn_redirect(app):
|
||||
# should have started server
|
||||
status = yield u.spawner.poll()
|
||||
assert status is None
|
||||
|
||||
|
||||
# test spawn page when server is already running (just redirect)
|
||||
r = yield get_page('spawn', app, cookies=cookies)
|
||||
r.raise_for_status()
|
||||
@@ -134,6 +134,12 @@ def test_spawn_redirect(app):
|
||||
path = urlparse(r.url).path
|
||||
assert path == ujoin(app.base_url, '/user/%s/' % name)
|
||||
|
||||
# test handing of trailing slash on `/user/name`
|
||||
r = yield get_page('user/' + name, app, cookies=cookies)
|
||||
r.raise_for_status()
|
||||
path = urlparse(r.url).path
|
||||
assert path == ujoin(app.base_url, '/user/%s/' % name)
|
||||
|
||||
|
||||
@pytest.mark.gen_test
|
||||
def test_spawn_page(app):
|
||||
|
||||
@@ -279,7 +279,7 @@ def test_hubauth_service_token(app, mockservice_url):
|
||||
name = 'test-api-service'
|
||||
app.service_tokens[token] = name
|
||||
yield app.init_api_tokens()
|
||||
|
||||
|
||||
# token in Authorization header
|
||||
r = yield async_requests.get(public_url(app, mockservice_url) + '/whoami/',
|
||||
headers={
|
||||
@@ -292,6 +292,7 @@ def test_hubauth_service_token(app, mockservice_url):
|
||||
'name': name,
|
||||
'admin': False,
|
||||
}
|
||||
assert not r.cookies
|
||||
|
||||
# token in ?token parameter
|
||||
r = yield async_requests.get(public_url(app, mockservice_url) + '/whoami/?token=%s' % token)
|
||||
@@ -319,7 +320,8 @@ def test_oauth_service(app, mockservice_url):
|
||||
# first request is only going to set login cookie
|
||||
# FIXME: redirect to originating URL (OAuth loses this info)
|
||||
s = requests.Session()
|
||||
s.cookies = yield app.login_user('link')
|
||||
name = 'link'
|
||||
s.cookies = yield app.login_user(name)
|
||||
# run session.get in async_requests thread
|
||||
s_get = lambda *args, **kwargs: async_requests.executor.submit(s.get, *args, **kwargs)
|
||||
r = yield s_get(url)
|
||||
@@ -335,3 +337,23 @@ def test_oauth_service(app, mockservice_url):
|
||||
'kind': 'user',
|
||||
}
|
||||
|
||||
# token-authenticated request to HubOAuth
|
||||
token = app.users[name].new_api_token()
|
||||
# token in ?token parameter
|
||||
r = yield async_requests.get(public_url(app, mockservice_url) + 'owhoami/?token=%s' % token)
|
||||
r.raise_for_status()
|
||||
reply = r.json()
|
||||
assert reply['name'] == name
|
||||
|
||||
# verify that ?token= requests set a cookie
|
||||
assert len(r.cookies) != 0
|
||||
# ensure cookie works in future requests
|
||||
r = yield async_requests.get(
|
||||
public_url(app, mockservice_url) + 'owhoami/',
|
||||
cookies=r.cookies,
|
||||
allow_redirects=False,
|
||||
)
|
||||
r.raise_for_status()
|
||||
reply = r.json()
|
||||
assert reply['name'] == name
|
||||
|
||||
|
||||
@@ -201,6 +201,7 @@ class User(HasTraits):
|
||||
authenticator=self.authenticator,
|
||||
config=self.settings.get('config'),
|
||||
proxy_spec=url_path_join(self.proxy_spec, name, '/'),
|
||||
db=self.db,
|
||||
)
|
||||
# update with kwargs. Mainly for testing.
|
||||
spawn_kwargs.update(kwargs)
|
||||
@@ -237,7 +238,7 @@ class User(HasTraits):
|
||||
def running(self):
|
||||
"""property for whether the user's default server is running"""
|
||||
return self.spawner.ready
|
||||
|
||||
|
||||
@property
|
||||
def active(self):
|
||||
"""True if any server is active"""
|
||||
@@ -317,8 +318,6 @@ class User(HasTraits):
|
||||
url of the server will be /user/:name/:server_name
|
||||
"""
|
||||
db = self.db
|
||||
if self.allow_named_servers and not server_name:
|
||||
server_name = default_server_name(self)
|
||||
|
||||
base_url = url_path_join(self.base_url, server_name) + '/'
|
||||
|
||||
@@ -356,12 +355,11 @@ class User(HasTraits):
|
||||
oauth_client = client_store.fetch_by_client_id(client_id)
|
||||
except ClientNotFoundError:
|
||||
oauth_client = None
|
||||
# create a new OAuth client + secret on every launch,
|
||||
# except for resuming containers.
|
||||
if oauth_client is None or not spawner.will_resume:
|
||||
client_store.add_client(client_id, api_token,
|
||||
url_path_join(self.url, 'oauth_callback'),
|
||||
)
|
||||
# create a new OAuth client + secret on every launch
|
||||
# containers that resume will be updated below
|
||||
client_store.add_client(client_id, api_token,
|
||||
url_path_join(self.url, server_name, 'oauth_callback'),
|
||||
)
|
||||
db.commit()
|
||||
|
||||
# trigger pre-spawn hook on authenticator
|
||||
@@ -369,7 +367,7 @@ class User(HasTraits):
|
||||
if (authenticator):
|
||||
yield gen.maybe_future(authenticator.pre_spawn_start(self, spawner))
|
||||
|
||||
spawner._spawn_pending = True
|
||||
spawner._start_pending = True
|
||||
# wait for spawner.start to return
|
||||
try:
|
||||
# run optional preparation work to bootstrap the notebook
|
||||
@@ -409,6 +407,13 @@ class User(HasTraits):
|
||||
# use generated=False because we don't trust this token
|
||||
# to have been generated properly
|
||||
self.new_api_token(spawner.api_token, generated=False)
|
||||
# update OAuth client secret with updated API token
|
||||
if oauth_provider:
|
||||
client_store = oauth_provider.client_authenticator.client_store
|
||||
client_store.add_client(client_id, spawner.api_token,
|
||||
url_path_join(self.url, server_name, 'oauth_callback'),
|
||||
)
|
||||
db.commit()
|
||||
|
||||
except Exception as e:
|
||||
if isinstance(e, gen.TimeoutError):
|
||||
@@ -428,6 +433,7 @@ class User(HasTraits):
|
||||
user=self.name,
|
||||
), exc_info=True)
|
||||
# raise original exception
|
||||
spawner._start_pending = False
|
||||
raise e
|
||||
spawner.start_polling()
|
||||
|
||||
@@ -467,9 +473,12 @@ class User(HasTraits):
|
||||
else:
|
||||
server_version = resp.headers.get('X-JupyterHub-Version')
|
||||
_check_version(__version__, server_version, self.log)
|
||||
# record the Spawner version for better error messages
|
||||
# if it doesn't work
|
||||
spawner._jupyterhub_version = server_version
|
||||
finally:
|
||||
spawner._waiting_for_response = False
|
||||
spawner._spawn_pending = False
|
||||
spawner._start_pending = False
|
||||
return self
|
||||
|
||||
@gen.coroutine
|
||||
@@ -480,6 +489,7 @@ class User(HasTraits):
|
||||
"""
|
||||
spawner = self.spawners[server_name]
|
||||
spawner._spawn_pending = False
|
||||
spawner._start_pending = False
|
||||
spawner.stop_polling()
|
||||
spawner._stop_pending = True
|
||||
try:
|
||||
|
||||
@@ -142,7 +142,8 @@ def wait_for_server(ip, port, timeout=10):
|
||||
ip = '127.0.0.1'
|
||||
yield exponential_backoff(
|
||||
lambda: can_connect(ip, port),
|
||||
"Server at {ip}:{port} didn't respond in {timeout} seconds".format(ip=ip, port=port, timeout=timeout)
|
||||
"Server at {ip}:{port} didn't respond in {timeout} seconds".format(ip=ip, port=port, timeout=timeout),
|
||||
timeout=timeout
|
||||
)
|
||||
|
||||
|
||||
@@ -175,7 +176,8 @@ def wait_for_http_server(url, timeout=10):
|
||||
return False
|
||||
re = yield exponential_backoff(
|
||||
is_reachable,
|
||||
"Server at {url} didn't respond in {timeout} seconds".format(url=url, timeout=timeout)
|
||||
"Server at {url} didn't respond in {timeout} seconds".format(url=url, timeout=timeout),
|
||||
timeout=timeout
|
||||
)
|
||||
return re
|
||||
|
||||
|
||||
@@ -4,5 +4,5 @@ tornado>=4.1
|
||||
jinja2
|
||||
pamela
|
||||
python-oauth2>=1.0
|
||||
SQLAlchemy>=1.0
|
||||
SQLAlchemy>=1.1
|
||||
requests
|
||||
|
||||
@@ -32,9 +32,9 @@
|
||||
<tbody>
|
||||
<tr class="user-row add-user-row">
|
||||
<td colspan="12">
|
||||
<a id="add-users" class="col-xs-2 btn btn-default">Add Users</a>
|
||||
<a id="stop-all-servers" class="col-xs-2 col-xs-offset-5 btn btn-danger">Stop All</a>
|
||||
<a id="shutdown-hub" class="col-xs-2 col-xs-offset-1 btn btn-danger">Shutdown Hub</a>
|
||||
<a id="add-users" role="button" class="col-xs-2 btn btn-default">Add Users</a>
|
||||
<a id="stop-all-servers" role="button" class="col-xs-2 col-xs-offset-5 btn btn-danger">Stop All</a>
|
||||
<a id="shutdown-hub" role="button" class="col-xs-2 col-xs-offset-1 btn btn-danger">Shutdown Hub</a>
|
||||
</td>
|
||||
</tr>
|
||||
{% for u in users %}
|
||||
@@ -44,20 +44,20 @@
|
||||
<td class="admin-col col-sm-2">{% if u.admin %}admin{% endif %}</td>
|
||||
<td class="time-col col-sm-3">{{u.last_activity.isoformat() + 'Z'}}</td>
|
||||
<td class="server-col col-sm-2 text-center">
|
||||
<span class="stop-server btn btn-xs btn-danger {% if not u.running %}hidden{% endif %}">stop server</span>
|
||||
<span class="start-server btn btn-xs btn-success {% if u.running %}hidden{% endif %}">start server</span>
|
||||
<span role="button" class="stop-server btn btn-xs btn-danger {% if not u.running %}hidden{% endif %}">stop server</span>
|
||||
<span role="button" class="start-server btn btn-xs btn-success {% if u.running %}hidden{% endif %}">start server</span>
|
||||
</td>
|
||||
<td class="server-col col-sm-1 text-center">
|
||||
{% if admin_access %}
|
||||
<span class="access-server btn btn-xs btn-success {% if not u.running %}hidden{% endif %}">access server</span>
|
||||
<span role="button" class="access-server btn btn-xs btn-success {% if not u.running %}hidden{% endif %}">access server</span>
|
||||
{% endif %}
|
||||
</td>
|
||||
<td class="edit-col col-sm-1 text-center">
|
||||
<span class="edit-user btn btn-xs btn-primary">edit</span>
|
||||
<span role="button" class="edit-user btn btn-xs btn-primary">edit</span>
|
||||
</td>
|
||||
<td class="edit-col col-sm-1 text-center">
|
||||
{% if u.name != user.name %}
|
||||
<span class="delete-user btn btn-xs btn-danger">delete</span>
|
||||
<span role="button" class="delete-user btn btn-xs btn-danger">delete</span>
|
||||
{% endif %}
|
||||
</td>
|
||||
{% endblock user_row %}
|
||||
|
||||
@@ -22,6 +22,11 @@
|
||||
{{message_html | safe}}
|
||||
</p>
|
||||
{% endif %}
|
||||
{% if extra_error_html %}
|
||||
<p>
|
||||
{{extra_error_html | safe}}
|
||||
</p>
|
||||
{% endif %}
|
||||
{% endblock error_detail %}
|
||||
</div>
|
||||
|
||||
|
||||
@@ -6,9 +6,9 @@
|
||||
<div class="row">
|
||||
<div class="text-center">
|
||||
{% if user.running %}
|
||||
<a id="stop" class="btn btn-lg btn-danger">Stop My Server</a>
|
||||
<a id="stop" role="button" class="btn btn-lg btn-danger">Stop My Server</a>
|
||||
{% endif %}
|
||||
<a id="start" class="btn btn-lg btn-success" href="{{ url }}">
|
||||
<a id="start"role="button" class="btn btn-lg btn-success" href="{{ url }}">
|
||||
{% if not user.running %}
|
||||
Start
|
||||
{% endif %}
|
||||
@@ -24,4 +24,4 @@
|
||||
<script type="text/javascript">
|
||||
require(["home"]);
|
||||
</script>
|
||||
{% endblock %}
|
||||
{% endblock %}
|
||||
|
||||
@@ -8,10 +8,10 @@
|
||||
{% block login %}
|
||||
<div id="login-main" class="container">
|
||||
{% if custom_html %}
|
||||
{{ custom_html }}
|
||||
{{ custom_html | safe }}
|
||||
{% elif login_service %}
|
||||
<div class="service-login">
|
||||
<a class='btn btn-jupyter btn-lg' href='{{authenticator_login_url}}'>
|
||||
<a role="button" class='btn btn-jupyter btn-lg' href='{{authenticator_login_url}}'>
|
||||
Sign in with {{login_service}}
|
||||
</a>
|
||||
</div>
|
||||
|
||||
@@ -99,9 +99,9 @@
|
||||
<ul class="nav navbar-nav">
|
||||
<li><a href="{{base_url}}home">Home</a></li>
|
||||
<li><a href="{{base_url}}token">Token</a></li>
|
||||
{% endif %}
|
||||
{% if user.admin %}
|
||||
<li><a href="{{base_url}}admin">Admin</a></li>
|
||||
{% endif %}
|
||||
</ul>
|
||||
{% endif %}
|
||||
<ul class="nav navbar-nav navbar-right">
|
||||
@@ -109,9 +109,9 @@
|
||||
{% block login_widget %}
|
||||
<span id="login_widget">
|
||||
{% if user %}
|
||||
<a id="logout" class="navbar-btn btn-sm btn btn-default" href="{{logout_url}}"> <i aria-hidden="true" class="fa fa-sign-out"></i> Logout</a>
|
||||
<a id="logout" role="button" class="navbar-btn btn-sm btn btn-default" href="{{logout_url}}"> <i aria-hidden="true" class="fa fa-sign-out"></i> Logout</a>
|
||||
{% else %}
|
||||
<a id="login" class="btn-sm btn navbar-btn btn-default" href="{{login_url}}">Login</a>
|
||||
<a id="login" role="button" class="btn-sm btn navbar-btn btn-default" href="{{login_url}}">Login</a>
|
||||
{% endif %}
|
||||
</span>
|
||||
{% endblock %}
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
<p>Your server is starting up.</p>
|
||||
<p>You will be redirected automatically when it's ready for you.</p>
|
||||
<p><i class="fa fa-spinner fa-pulse fa-fw fa-3x" aria-hidden="true"></i></p>
|
||||
<a id="refresh" class="btn btn-lg btn-primary" href="#">refresh</a>
|
||||
<a role="button" id="refresh" class="btn btn-lg btn-primary" href="#">refresh</a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="text-center">
|
||||
<a id="request-token" class="btn btn-lg btn-jupyter" href="#">
|
||||
<a id="request-token" role="button" class="btn btn-lg btn-jupyter" href="#">
|
||||
Request new API token
|
||||
</a>
|
||||
</div>
|
||||
|
||||
Reference in New Issue
Block a user