ó ù2¢\c@s¾dZddlZddlZyddlmZmZWn'ek raddlmZmZnXddlZddlm Z ddl m Z m Z ddl mZd efd „ƒYZdS( s/Tornado handlers for logging into the notebook.iÿÿÿÿN(turlparset urlunparse(t url_escapei(t passwd_checkt set_passwordi(tIPythonHandlert LoginHandlercBsòeZdZdd„Zdd„Zd„Zed„ƒZd„Z d„Z e dd„ƒZ e jde jƒZe d „ƒZe d „ƒZe d „ƒZe d „ƒZe d „ƒZe dd„ƒZe d„ƒZe d„ƒZRS(sfThe basic tornado login handler authenticates with a hashed password from the configuration. c Cs>|j|jddt|jdd|jƒƒd|ƒƒdS(Ns login.htmltnexttdefaulttmessage(twritetrender_templateRt get_argumenttbase_url(tselfR ((s2lib/python2.7/site-packages/notebook/auth/login.pyt_renderscCsR|d kr|j}n|jddƒ}t|ƒ}t|jddddƒƒ}||ksz|jdj|jƒ rAt}||krd|j |j f}|j ƒ}|d|j j |j jfkrÙt}q|jrô|j|k}q|jrt|jj|ƒƒ}qn|sA|jjd|ƒ|}qAn|j|ƒd S( s¶Redirect if url is on our PATH Full-domain redirects are allowed if they pass our CORS origin checks. Otherwise use default (self.base_url if unspecified). s\s%5Ctnetlocttschemet/s%s://%ss!Not allowing login redirect to %rN(tNoneR treplaceRRt_replacetpatht startswithtFalseRRtlowertrequesttprotocolthosttTruet allow_origintallow_origin_pattbooltmatchtlogtwarningtredirect(RturlRtparsedt path_onlytallowtorigin((s2lib/python2.7/site-packages/notebook/auth/login.pyt_redirect_safe!s(   &  "    cCs?|jr1|jdd|jƒ}|j|ƒn |jƒdS(NRR(t current_userR R R+R(Rtnext_url((s2lib/python2.7/site-packages/notebook/auth/login.pytgetDs cCs|j|jƒS(N(tpassword_from_settingstsettings(R((s2lib/python2.7/site-packages/notebook/auth/login.pythashed_passwordKscCs t||ƒS(N(R(Rtatb((s2lib/python2.7/site-packages/notebook/auth/login.pyROscCsb|jdddƒ}|jdddƒ}|j|jƒr9|j|j|ƒrt| rt|j|tjƒjƒq9|j r|j |kr|j|tjƒjƒ|r6|jj dƒr6|jj dƒ}t j j |dƒ}t|d|ƒ|jjd |ƒq6q9|jd ƒ|jd id d 6ƒdSn|jdd|jƒ}|j|ƒdS(NtpasswordRut new_passwordtallow_password_changet config_dirsjupyter_notebook_config.jsont config_filesWrote hashed password to %si‘R sInvalid credentialsterrorR(R tget_login_availableR0RR1tset_login_cookietuuidtuuid4thexttokenR.tosRtjoinRR#tinfot set_statusRR R+(Rttyped_passwordR5R7R8R-((s2lib/python2.7/site-packages/notebook/auth/login.pytpostRs" cCs†|jjdiƒ}|jdtƒ|jjd|jjdkƒrY|jdtƒn|jd|jƒ|j|j|||S(s9Call this on handlers to set the login cookie for successtcookie_optionsthttponlyt secure_cookiethttpstsecureR( R0R.t setdefaultRRRR tset_secure_cookiet cookie_name(tclsthandlertuser_idRF((s2lib/python2.7/site-packages/notebook/auth/login.pyR;ks!s token\s+(.+)cCs[|jddƒ}|sW|jj|jjjddƒƒ}|rW|jdƒ}qWn|S(s›Get the user token from a request Default: - in URL parameters: ?token= - in header: Authorization: token R?Rt Authorizationi(R tauth_header_patR"RtheadersR.tgroup(RNROt user_tokentm((s2lib/python2.7/site-packages/notebook/auth/login.pyt get_tokenzs $cCs|j|ƒ S(s3Should the Handler check for CORS origin validation? Origin check should be skipped for token-authenticated requests. Returns: - True, if Handler must check for valid CORS origin. - False, if Handler should skip origin check since requests are token-authenticated. (tis_token_authenticated(RNRO((s2lib/python2.7/site-packages/notebook/auth/login.pytshould_check_originŒs cCs5t|ddƒdkr%|jƒnt|dtƒS(sÿReturns True if handler has been token authenticated. Otherwise, False. Login with a token is used to signal certain things, such as: - permit access to REST API - xsrf protection - skip origin-checks for scripts t_user_idt_token_authenticatedN(tgetattrRtget_current_userR(RNRO((s2lib/python2.7/site-packages/notebook/auth/login.pyRX˜s  cCsãt|ddƒr|jS|j|ƒ}|dkra|jjdiƒ}|j|j|}n|j||ƒt |_ |dkrÖ|j |jƒdk rÁ|j j d|jƒ|jƒn|jsÖd}qÖn||_|S(s”Called by handlers.get_current_user for identifying the current user. See tornado.web.RequestHandler.get_current_user for details. RZtget_secure_cookie_kwargss(Clearing invalid/expired login cookie %st anonymousN(R\RRZtget_user_tokenR0R.tget_secure_cookieRMR;RR[t get_cookieR#R$tclear_login_cookietlogin_available(RNRORPR^((s2lib/python2.7/site-packages/notebook/auth/login.pytget_user§s        cCsq|j}|sdS|j|ƒ}t}||krV|jjd|jjƒt}n|ritj ƒj SdSdS(sžIdentify the user based on a token in the URL or Authorization header Returns: - uuid if authenticated - None if not Ns0Accepting token-authenticated connection from %s( R?RWRR#tdebugRt remote_ipRR<R=R>R(RNROR?RUt authenticated((s2lib/python2.7/site-packages/notebook/auth/login.pyR`Ês    cCs‹|js`d}|dkr2|jj|dƒn|j r‡|j r‡|jj|dƒq‡n'|j r‡|j r‡|jjdƒndS(s‡Check the notebook application's security. Show messages, or abort if necessary, based on the security configuration. s=WARNING: The notebook server is listening on all IP addressess3 and not using encryption. This is not recommended.sK and not using authentication. This is highly insecure and not recommended.s`All authentication is disabled. Anyone who can connect to this server will be able to run code.N(tipRR#R$R4R?(RNtappt ssl_optionsR$((s2lib/python2.7/site-packages/notebook/auth/login.pytvalidate_securityãs   cCs|jddƒS(sReturn the hashed password from the tornado settings. If there is no configured password, an empty string will be returned. R4u(R.(RNR0((s2lib/python2.7/site-packages/notebook/auth/login.pyR/÷scCs"t|j|ƒp|jdƒƒS(s_Whether this LoginHandler is needed - and therefore whether the login page should be displayed.R?(R!R/R.(RNR0((s2lib/python2.7/site-packages/notebook/auth/login.pyR:ÿsN(t__name__t __module__t__doc__RRR+R.tpropertyR1RREt classmethodR;tretcompilet IGNORECASERRRWRYRXReR`RlR/R:(((s2lib/python2.7/site-packages/notebook/auth/login.pyRs&  #     #(RoRrR@t urllib.parseRRt ImportErrorR<ttornado.escapeRtsecurityRRt base.handlersRR(((s2lib/python2.7/site-packages/notebook/auth/login.pyts