o º¼tfò/ã@s„dZddlZddlZddlZddlmZddlmZddlm Z ddl m Z dd l m Z mZGd d „d e ƒZGd d „d eƒZeZdS)z5Tornado handlers for logging into the Jupyter Server.éN)Úurlparse)Ú url_escapeé)ÚJupyterHandleré)Úallow_unauthenticated)Ú passwd_checkÚ set_passwordc@s<eZdZdZd dd„Zd dd„Zedd„ƒZed d „ƒZdS) ÚLoginFormHandlerzlThe basic tornado login handler accepts login form, passed to IdentityProvider.process_login_form. Nc Cs*| |jdt|jd|jdƒ|d¡dS)zRender the login form.z login.htmlÚnext©Údefault)r ÚmessageN)ÚwriteZrender_templaterÚ get_argumentÚbase_url)Úselfr©rúb/var/www/html/software/conda/envs/catlas/lib/python3.10/site-packages/jupyter_server/auth/login.pyÚ_rendersýÿzLoginFormHandler._renderc Csæ|dur|j}| dd¡}d|vr#| d¡\}}}|›d| d¡›}t|ƒ}|js6|js6|jd |j¡sld}|js>|jr`|j›d|j›}|  ¡}|j rT|j |k}n |j r`t t  |j |¡ƒ}|sl|j d|¡|}| |¡dS) z¶Redirect if url is on our PATH Full-domain redirects are allowed if they pass our CORS origin checks. Otherwise use default (self.base_url if unspecified). Nú\z%5Cú:z://ú/Fz!Not allowing login redirect to %r)rÚreplaceÚ partitionÚlstriprÚschemeÚnetlocÚpathÚ startswithÚlowerZ allow_originZallow_origin_patÚboolÚreÚmatchÚlogÚwarningÚredirect) rÚurlr rÚ_ÚrestÚparsedZallowÚoriginrrrÚ_redirect_safe!s(   zLoginFormHandler._redirect_safecCs0|jr|jd|jd}| |¡dS| ¡dS)zGet the login form.r r N)Ú current_userrrr,r)rÚnext_urlrrrÚgetNs zLoginFormHandler.getcCsz|j |¡}|_|dur| d¡|jddiddS|j d|j›d¡|j ||¡|j d|j d }|  |¡dS) z Post a login.Né‘ÚerrorúInvalid credentials©rzUser z logged in.r r ) Úidentity_providerZprocess_login_formr-Ú set_statusrr$ÚinfoÚusernameÚset_login_cookierrr,)rÚuserr.rrrÚpostWs zLoginFormHandler.post©N) Ú__name__Ú __module__Ú __qualname__Ú__doc__rr,rr/r:rrrrr s  - r c@sºeZdZdZedd„ƒZdd„Zedd„ƒZe dd d „ƒZ e   d e j ¡Ze d d „ƒZe dd„ƒZe dd„ƒZe dd„ƒZe dd„ƒZe dd„ƒZe ddd„ƒZe dd„ƒZe dd„ƒZdS)ÚLegacyLoginHandlerz¤Legacy LoginHandler, implementing most custom auth configuration. Deprecated in jupyter-server 2.0. Login configuration has moved to IdentityProvider. cCs | |j¡Sr;)Úpassword_from_settingsÚsettings)rrrrÚhashed_passwordms z"LegacyLoginHandler.hashed_passwordcCs t||ƒS)zCheck a passwd.)r)rÚaÚbrrrrqs zLegacyLoginHandler.passwd_checkcCs|jddd}|jddd}| |j¡rz| |j|¡r'|s'| |t ¡j¡nS|j rk|j |krk| |t ¡j¡|rjt |j ddƒrj|j  dd¡}t j |d¡}t|j d ƒrbt||d |j _|jd<|j d |¡n| d ¡|jd diddS|jd|jd}| |¡dS)zPost a login form.ÚpasswordÚr Ú new_passwordZallow_password_changeFÚ config_dirzjupyter_server_config.jsonrC)Ú config_filezWrote hashed password to %sr0r1r2r3Nr )rÚget_login_availablerBrrCr8ÚuuidÚuuid4ÚhexÚtokenÚgetattrr4r/ÚosrÚjoinÚhasattrr r$r6r5rrr,)rZtyped_passwordrHrIrJr.rrrr:us(   ÿ€ zLegacyLoginHandler.postNcCsd|j di¡}| dd¡|j d|jjdk¡r| dd¡| d|j¡|j|j|fi|¤Ž|S)z9Call this on handlers to set the login cookie for successÚcookie_optionsÚhttponlyTZ secure_cookieÚhttpsÚsecurer)rBr/Ú setdefaultÚrequestÚprotocolrZset_secure_cookieÚ cookie_name)ÚclsÚhandlerÚuser_idrTrrrr8s  z#LegacyLoginHandler.set_login_cookiez token\s+(.+)cCs:| dd¡}|s|j |jj dd¡¡}|r| d¡}|S)z›Get the user token from a request Default: - in URL parameters: ?token= - in header: Authorization: token rOrGÚ Authorizationr)rÚauth_header_patr#rYÚheadersr/Úgroup)r\r]Ú user_tokenÚmrrrÚ get_tokenŸs  zLegacyLoginHandler.get_tokencCs | |¡ S)ú+DEPRECATED in 2.0, use IdentityProvider API)Úis_token_authenticated©r\r]rrrÚshould_check_origin±ó z&LegacyLoginHandler.should_check_origincCs"t|ddƒdur |jt|ddƒS)rfÚ_user_idNÚ_token_authenticatedF)rPr-rhrrrrg¶s z)LegacyLoginHandler.is_token_authenticatedcCst|ddƒr |jS| |¡}| |¡}|p|}|r&||kr#| ||¡d|_|durC| |j¡dur>|j  d|j¡|  ¡|j sCd}||_|S)rfrkNTz(Clearing invalid/expired login cookie %sZ anonymous) rPrkÚget_user_tokenÚget_user_cookier8rlZ get_cookier[r$r%Zclear_login_cookieZlogin_available)r\r]Z token_user_idZcookie_user_idr^rrrÚget_user¾s"    zLegacyLoginHandler.get_usercCs2|j di¡}|j|jfi|¤Ž}|r| ¡}|S)rfÚget_secure_cookie_kwargs)rBr/Zget_secure_cookier[Údecode)r\r]rpr^rrrrnãs z"LegacyLoginHandler.get_user_cookiecCst|j}|sdS| |¡}d}||kr|j d|jj¡d}|r8| |¡}|dur6t ¡j }|j  d|›¡|SdS)rfNFz0Accepting token-authenticated connection from %sTz8Generating new user_id for token-authenticated request: ) rOrer$ÚdebugrYZ remote_iprnrLrMrNr6)r\r]rOrcÚ authenticatedr^rrrrmìs( þ  ÿz!LegacyLoginHandler.get_user_tokencCsr|js'd}|dur|j |›d¡|js#|js%|j |›d¡dSdSdS|js5|js7|j d¡dSdSdS)rfzr?ÚpropertyrCrrr:Ú classmethodr8r"ÚcompileÚ IGNORECASEr`rerirgrornrmrurArKrrrrr@fs8        $    r@)r?rQr"rLÚ urllib.parserZtornado.escaperZ base.handlersrÚ decoratorrÚsecurityrr r r@Z LoginHandlerrrrrÚs    UF