|
|
|
|
@ -14,7 +14,7 @@ from ..base.handlers import IPythonHandler
|
|
|
|
|
|
|
|
|
|
class LoginHandler(IPythonHandler):
|
|
|
|
|
"""The basic tornado login handler
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
authenticates with a hashed password from the configuration.
|
|
|
|
|
"""
|
|
|
|
|
def _render(self, message=None):
|
|
|
|
|
@ -32,7 +32,7 @@ class LoginHandler(IPythonHandler):
|
|
|
|
|
self.redirect(next_url)
|
|
|
|
|
else:
|
|
|
|
|
self._render()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@property
|
|
|
|
|
def hashed_password(self):
|
|
|
|
|
return self.password_from_settings(self.settings)
|
|
|
|
|
@ -41,32 +41,33 @@ class LoginHandler(IPythonHandler):
|
|
|
|
|
typed_password = self.get_argument('password', default=u'')
|
|
|
|
|
if self.login_available(self.settings):
|
|
|
|
|
if passwd_check(self.hashed_password, typed_password):
|
|
|
|
|
# tornado <4.2 have a bug that consider secure==True as soon as
|
|
|
|
|
# tornado <4.2 have a bug that consider secure==True as soon as
|
|
|
|
|
# 'secure' kwarg is passed to set_secure_cookie
|
|
|
|
|
if self.settings.get('secure_cookie', self.request.protocol == 'https'):
|
|
|
|
|
kwargs = {'secure':True}
|
|
|
|
|
kwargs = {'secure': True}
|
|
|
|
|
else:
|
|
|
|
|
kwargs = {}
|
|
|
|
|
self.set_secure_cookie(self.cookie_name, str(uuid.uuid4()), **kwargs)
|
|
|
|
|
else:
|
|
|
|
|
self.set_status(401)
|
|
|
|
|
self._render(message={'error': 'Invalid password'})
|
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
next_url = self.get_argument('next', default=self.base_url)
|
|
|
|
|
if not next_url.startswith(self.base_url):
|
|
|
|
|
# require that next_url be absolute path within our path
|
|
|
|
|
next_url = self.base_url
|
|
|
|
|
self.redirect(next_url)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
|
def get_user(cls, handler):
|
|
|
|
|
"""Called by handlers.get_current_user for identifying the current user.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
See tornado.web.RequestHandler.get_current_user for details.
|
|
|
|
|
"""
|
|
|
|
|
# Can't call this get_current_user because it will collide when
|
|
|
|
|
# called on LoginHandler itself.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
user_id = handler.get_secure_cookie(handler.cookie_name)
|
|
|
|
|
# For now the user_id should not return empty, but it could, eventually.
|
|
|
|
|
if user_id == '':
|
|
|
|
|
@ -77,12 +78,12 @@ class LoginHandler(IPythonHandler):
|
|
|
|
|
if not handler.login_available:
|
|
|
|
|
user_id = 'anonymous'
|
|
|
|
|
return user_id
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
|
def validate_security(cls, app, ssl_options=None):
|
|
|
|
|
"""Check the notebook application's security.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Show messages, or abort if necessary, based on the security configuration.
|
|
|
|
|
"""
|
|
|
|
|
if not app.ip:
|
|
|
|
|
@ -97,7 +98,7 @@ class LoginHandler(IPythonHandler):
|
|
|
|
|
@classmethod
|
|
|
|
|
def password_from_settings(cls, settings):
|
|
|
|
|
"""Return the hashed password from the tornado settings.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
If there is no configured password, an empty string will be returned.
|
|
|
|
|
"""
|
|
|
|
|
return settings.get('password', u'')
|
|
|
|
|
@ -106,4 +107,3 @@ class LoginHandler(IPythonHandler):
|
|
|
|
|
def login_available(cls, settings):
|
|
|
|
|
"""Whether this LoginHandler is needed - and therefore whether the login page should be displayed."""
|
|
|
|
|
return bool(cls.password_from_settings(settings))
|
|
|
|
|
|
|
|
|
|
|
Min RK
11 years ago