Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable JS 2.0 (authenticated) extensions to work with classic notebook servers #1221

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion jupyter_server/auth/identity.py
Original file line number Diff line number Diff line change
Expand Up @@ -236,7 +236,8 @@ async def _get_user(self, handler: JupyterHandler) -> User | None:
_token_user: User | None | Awaitable[User | None] = self.get_user_token(handler)
if isinstance(_token_user, Awaitable):
_token_user = await _token_user
token_user: User | None = _token_user # need second variable name to collapse type
# need second variable name to collapse type
token_user: User | None = _token_user
_cookie_user = self.get_user_cookie(handler)
if isinstance(_cookie_user, Awaitable):
_cookie_user = await _cookie_user
Expand Down
23 changes: 21 additions & 2 deletions jupyter_server/base/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -251,9 +251,28 @@ def identity_provider(self):
)
from jupyter_server.auth import IdentityProvider

# no identity provider set, load default
non_alphanum = re.compile(r"[^A-Za-z0-9]")
default_cookie_name = non_alphanum.sub("-", f"username-{self.request.host}")

# If there is no identity provider set, load the default. If using
# a classic notebook server, adding extensions that inherit
# from JupyterHandler will use a mix of new+old authentication log.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
# from JupyterHandler will use a mix of new+old authentication log.
# from JupyterHandler will use a mix of new+old authentication logic.

# Here, we construct an identity provider that works side-by-side
# and consistently with the old way that we handled auth in
# the classic server.
self.settings["identity_provider"] = IdentityProvider(
config=self.settings.get("config", None)
config=self.settings.get("config", None),
# For backwards compatibility, pass the token
# from the webapp settings.
token=self.settings.get("token", "<generated>"),
Copy link
Contributor

@minrk minrk May 23, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the token's not set, this will actually set the token to the value "<generated>" and accept requests authenticated with that string.

# Prefix the cookie name with "model-" to avoid colliding with
# the cookie set by the classic server.
# NOTE: This creates two cookies to authenticate the user
# (1) the token cookie and (2) the user model cookie.
cookie_name="model-" + self.settings.get("cookie_name", default_cookie_name),
cookie_options=self.settings.get("cookie_options", {}),
secure_cookie=self.settings.get("secure_cookie", None),
get_secure_cookie_kwargs=self.settings.get("get_secure_cookie_kwargs", {}),
)
return self.settings["identity_provider"]

Expand Down