Integrate hashed passwords into the notebook.

14 years ago · b2972a7e98
parent f2f715beb6
commit b2972a7e98
2 changed files with 13 additions and 2 deletions
--- a/IPython/frontend/html/notebook/handlers.py
+++ b/IPython/frontend/html/notebook/handlers.py
@ -28,6 +28,7 @@ from zmq.utils import jsonapi

 from IPython.external.decorator import decorator
 from IPython.zmq.session import Session
+from IPython.lib.security import passwd_check

 try:
    from docutils.core import publish_string
@ -174,7 +175,8 @@ class LoginHandler(AuthenticatedHandler):

    def post(self):
        pwd = self.get_argument('password', default=u'')
-        if self.application.password and pwd == self.application.password:
+        if self.application.password and \
+               passwd_check(self.application.password, pwd):
            self.set_secure_cookie('username', str(uuid.uuid4()))
        self.redirect(self.get_argument('next', default='/'))

--- a/IPython/frontend/html/notebook/notebookapp.py
+++ b/IPython/frontend/html/notebook/notebookapp.py
@ -208,7 +208,16 @@ class NotebookApp(BaseIPythonApplication):
    )

    password = Unicode(u'', config=True,
-                      help="""Password to use for web authentication"""
+                      help="""Hashed password to use for web authentication.
+
+                      To generate, do:
+
+                        from IPython.lib import passwd
+
+                        passwd('mypassphrase')
+
+                      The string should be of the form type:salt:hashed-password.
+                      """
    )
    
    open_browser = Bool(True, config=True,