Merge pull request #1011 from stefanv/salted_password

Add hashing of passwords to notebook configuration. From now on, we do NOT support plain text passwords in the notebook configuration file, only hashed ones. To create a properly hashed password, you can use `IPython.lib.security.passwd()`. Written with Mateusz Paprocki (@mattpap at github).
15 years ago · b4b1ad3dd5
parent f2f715beb6 15520ba820
commit b4b1ad3dd5
4 changed files with 30 additions and 5 deletions
--- a/IPython/frontend/html/notebook/handlers.py
+++ b/IPython/frontend/html/notebook/handlers.py
@ -28,6 +28,7 @@ from zmq.utils import jsonapi

 from IPython.external.decorator import decorator
 from IPython.zmq.session import Session
+from IPython.lib.security import passwd_check

 try:
    from docutils.core import publish_string
@ -166,16 +167,25 @@ class ProjectDashboardHandler(AuthenticatedHandler):

 class LoginHandler(AuthenticatedHandler):

-    def get(self):
+    def _render(self, message=''):
        self.render('login.html',
                next=self.get_argument('next', default='/'),
                read_only=self.read_only,
+                message=message
        )

+    def get(self):
+        self._render()
+
    def post(self):
        pwd = self.get_argument('password', default=u'')
-        if self.application.password and pwd == self.application.password:
-            self.set_secure_cookie('username', str(uuid.uuid4()))
+        if self.application.password:
+            if passwd_check(self.application.password, pwd):
+                self.set_secure_cookie('username', str(uuid.uuid4()))
+            else:
+                self._render(message='Invalid password')
+                return
+
        self.redirect(self.get_argument('next', default='/'))


--- a/IPython/frontend/html/notebook/notebookapp.py
+++ b/IPython/frontend/html/notebook/notebookapp.py
@ -208,7 +208,16 @@ class NotebookApp(BaseIPythonApplication):
    )

    password = Unicode(u'', config=True,
-                      help="""Password to use for web authentication"""
+                      help="""Hashed password to use for web authentication.
+
+                      To generate, do:
+
+                        from IPython.lib import passwd
+
+                        passwd('mypassphrase')
+
+                      The string should be of the form type:salt:hashed-password.
+                      """
    )
    
    open_browser = Bool(True, config=True,
--- a/IPython/frontend/html/notebook/static/css/projectdashboard.css
+++ b/IPython/frontend/html/notebook/static/css/projectdashboard.css
@ -31,7 +31,7 @@ body {
 }

 #content_toolbar {
-    padding: 10px 5px 5px 5px;
+    padding: 5px;
    height: 25px;
    line-height: 25px;
 }
--- a/IPython/frontend/html/notebook/templates/login.html
+++ b/IPython/frontend/html/notebook/templates/login.html
@ -31,6 +31,12 @@
    </div>
    
    <div id="content_panel">
+        {% if message %}
+        <div id="message">
+            {{message}}
+        </div>
+        {% end %}
+
        <form action="/login?next={{url_escape(next)}}" method="post">
            Password: <input type="password" name="password">
            <input type="submit" value="Sign in" id="signin">