When token is enabled, the login page will present a form to the user
asking them if they want to set a password at the same time. This is
almost equivalent to running `jupyter notebook password` on the command
line.
The experience can likely be better, but just submitting that as a POC
for feedback
* Load translations for Javascript in page template
* Normalise language codes to gettext format with underscores
* .mo files need to be under LC_MESSAGES as well
* remove unused JS code
* Normalise result in test
* Fix for opening files on Py 2
* Fix location of I18N directory
* Add translation files to package_data
The user is technically still logged in when the logout page is
produced, but this is not obvious to the user, and they may leave the
page open.
This ensures that it is rendered without information such as auth tokens
which should only be available to a logged-in user.
The new dynamic favicon-changing code looks for an existing favicon in
the DOM with id 'favicon'. This uses that id in the templates, so we
don't end up with two favicon links in the page.
I was hoping that this would fix some issues I'm having with the favicon
getting stuck, but it doesn't seem to. :-(
Most user don't care how to get the token each time (if they see the
message). They want to avoid using a token.
Make it clearer that Password should be configured.
Be more tricky, say that password not configured **yet**, to make the
user think they __have to__.
The text is not technically correct as as far as I remember you can have
PW and Token at the same time. But I'm going to say that in 99% of case
where users read that, the password is unset.
There is a less-than optimal double border between the last button and
the input field.
Remove it by making the left border of the input field None, (or the
right one in RLT layout). We don't change the border of the buton or it
looks ugly when pressed.
Once the page has been loaded, the token has done its job and can be discarded.
Its presence can lead to confusion, especially copying/pasting URLs with one-time tokens present.
- Cookie-authenticated API requests must use set X-XSRFToken header
- add utils.ajax for making ajax requests, adding xsrf header from default location
Thomas Kluyver
Matthias Bussonnier
bacboc
Josh Barnes
Vidar Tonaas Fauske
Grant Nestor
Min RK
Thomas Kluyver
John Emmons
Kyle Kelley
michaelpacer
Doug Blank
Paul Ivanov