When login-in via token, let a chance for user to set the password

When token is enabled, the login page will present a form to the user asking them if they want to set a password at the same time. This is almost equivalent to running `jupyter notebook password` on the command line. The experience can likely be better, but just submitting that as a POC for feedback
8 years ago · 709fdd637a
parent 15f393b49c
commit 709fdd637a
2 changed files with 30 additions and 3 deletions
--- a/notebook/auth/login.py
+++ b/notebook/auth/login.py
@ -4,6 +4,7 @@
 # Distributed under the terms of the Modified BSD License.

 import re
+import os

 try:
    from urllib.parse import urlparse # Py 3
@ -13,7 +14,7 @@ import uuid

 from tornado.escape import url_escape

-from ..auth.security import passwd_check
+from .security import passwd_check, set_password

 from ..base.handlers import IPythonHandler

@ -72,16 +73,26 @@ class LoginHandler(IPythonHandler):
    
    def post(self):
        typed_password = self.get_argument('password', default=u'')
+        new_password = self.get_argument('new_password', default=u'')
+
+
+        
        if self.get_login_available(self.settings):
-            if self.passwd_check(self.hashed_password, typed_password):
+            if self.passwd_check(self.hashed_password, typed_password) and not new_password:
                self.set_login_cookie(self, uuid.uuid4().hex)
            elif self.token and self.token == typed_password:
                self.set_login_cookie(self, uuid.uuid4().hex)
+                if self.new_password:
+                    config_dir = self.settings.get('config_dir')
+                    config_file = os.path.join(config_dir, 'jupyter_notebook_config.json')
+                    set_password(new_password, config_file=config_file)
+                    self.log.info("Wrote hashed password to %s" % config_file)
            else:
                self.set_status(401)
-                self._render(message={'error': 'Invalid password'})
+                self._render(message={'error': 'Invalid credentials'})
                return

+
        next_url = self.get_argument('next', default=self.base_url)
        self._redirect_safe(next_url)

--- a/notebook/templates/login.html
+++ b/notebook/templates/login.html
@ -85,6 +85,22 @@ http://localhost:8888/?token=c8de56fa... :: /Users/you/notebooks
      <p>
        Cookies are required for authenticated access to notebooks.
      </p>
+      <h3>{% trans %}Setup a Password{% endtrans %}</h3>
+      <p> You can setup a password by entering your token and a new password
+      on the fields below:</p>
+      <form action="{{base_url}}login?next={{next}}" method="post" class="">
+              {{ xsrf_form_html() | safe }}
+        <div class="form-group">
+          <input type="password" name="password" id="password_input" class="form-control" placeholder="Token">
+        </div>
+        <div class="form-group">
+          <input type="password" name="new_password" id="new_password_input"
+          class="form-control" placeholder="New password" required>
+        </div>
+        <div class="form-group">
+          <button type="submit" id="login_submit">{% trans %}Log in and set new password{% endtrans %}</button>
+        </div>
+      </form>

    </div>
    {% endblock token_message %}