From 018db6c8ce1e954f26ed4aa7703a0802e41f68df Mon Sep 17 00:00:00 2001
From: Matthias Bussonnier <bussonniermatthias@gmail.com>
Date: Tue, 7 Mar 2017 11:02:01 -0800
Subject: [PATCH 1/2] Tell user how to avoid token authentication.

Most user don't care how to get the token each time (if they see the
message). They want to avoid using a token.

Make it clearer that Password should be configured.

Be more tricky, say that password not configured **yet**, to make the
user think they __have to__.

The text is not technically correct as as far as I remember you can have
PW and Token at the same time.  But I'm going to say that in 99% of case
where users read that, the password is unset.
---
 notebook/templates/login.html | 34 +++++++++++++++++++++++++---------
 1 file changed, 25 insertions(+), 9 deletions(-)

diff --git a/notebook/templates/login.html b/notebook/templates/login.html
index 61aafaf17..54af057a6 100644
--- a/notebook/templates/login.html
+++ b/notebook/templates/login.html
@@ -45,16 +45,20 @@
     {% endif %}
     {% if token_available %}
     {% block token_message %}
-    <div class="col-sm-6 col-sm-offset-3 text-left">
-      <p class="warning">
-        Token authentication is enabled.
-
-        You need to open the notebook server with its first-time login token in the URL,
-        or enable a password in order to gain access.
-        The command:
+    <div class="col-sm-6 col-sm-offset-3 text-left rendered_html">
+      <h3>
+        No password configured yet: Token authentication is enabled.
+      </h3>
+      <p>
+        No password have been configured yet, you need to open the notebook
+        server with its first-time login token in the URL. Theis requirement
+        will be lifted once you <b>enable a password</b> in order to gain
+        access.
       </p>
-      <pre>jupyter notebook list</pre>
+        
       <p>
+        The command:
+        <pre>jupyter notebook list</pre>
         will show you the URLs of running servers with their tokens,
         which you can copy and paste into your browser. For example:
       </p>
@@ -62,11 +66,23 @@
 http://localhost:8888/?token=c8de56fa... :: /Users/you/notebooks
 </pre>
       <p>
-        Or you can paste just the token value into the password field on this page.
+        Or you can paste just the token value into the password field on this
+        page.
       </p>
       <p>
         Cookies are required for authenticated access to notebooks.
       </p>
+      <p>
+
+        Authentication using tokens is enabled for your security as no password
+        has been set yet.
+        <b><a
+         href='http://jupyter-notebook.readthedocs.io/en/stable/public_server.html'>
+                See the documentation on how to enable password
+        </a></b>
+        and lift random token authentication.
+
+      <p/>
     </div>
     {% endblock token_message %}
     {% endif %}

From ee82acd66a3e0e022e7cebbd744b3e3e4c9c4d1a Mon Sep 17 00:00:00 2001
From: Min RK <benjaminrk@gmail.com>
Date: Wed, 8 Mar 2017 09:34:20 -0800
Subject: [PATCH 2/2] update token info on login page

- clarify that it does *not* mean password is disabled
- phrasing
- https links
---
 notebook/templates/login.html | 33 ++++++++++++++++-----------------
 1 file changed, 16 insertions(+), 17 deletions(-)

diff --git a/notebook/templates/login.html b/notebook/templates/login.html
index 54af057a6..91f909a77 100644
--- a/notebook/templates/login.html
+++ b/notebook/templates/login.html
@@ -47,15 +47,15 @@
     {% block token_message %}
     <div class="col-sm-6 col-sm-offset-3 text-left rendered_html">
       <h3>
-        No password configured yet: Token authentication is enabled.
+        Token authentication is enabled
       </h3>
       <p>
-        No password have been configured yet, you need to open the notebook
-        server with its first-time login token in the URL. Theis requirement
-        will be lifted once you <b>enable a password</b> in order to gain
-        access.
+        If no password has been configured, you need to open the notebook
+        server with its login token in the URL, or paste it above.
+        This requirement will be lifted if you
+        <b><a href='https://jupyter-notebook.readthedocs.io/en/stable/public_server.html'>
+            enable a password</a></b>.
       </p>
-        
       <p>
         The command:
         <pre>jupyter notebook list</pre>
@@ -66,23 +66,22 @@
 http://localhost:8888/?token=c8de56fa... :: /Users/you/notebooks
 </pre>
       <p>
-        Or you can paste just the token value into the password field on this
+        or you can paste just the token value into the password field on this
         page.
       </p>
       <p>
-        Cookies are required for authenticated access to notebooks.
+        See
+        <b><a
+         href='https://jupyter-notebook.readthedocs.io/en/stable/public_server.html'>
+                the documentation on how to enable a password</a>
+        </b>
+        in place of token authentication,
+        if you would like to avoid dealing with random tokens.
       </p>
       <p>
+        Cookies are required for authenticated access to notebooks.
+      </p>
 
-        Authentication using tokens is enabled for your security as no password
-        has been set yet.
-        <b><a
-         href='http://jupyter-notebook.readthedocs.io/en/stable/public_server.html'>
-                See the documentation on how to enable password
-        </a></b>
-        and lift random token authentication.
-
-      <p/>
     </div>
     {% endblock token_message %}
     {% endif %}