Kef/dZddlZddlZddlZddlmZddlmZddlm Z ddl m Z m Z Gd d e Z Gd d e ZeZdS) z5Tornado handlers for logging into the Jupyter Server.N)urlparse) url_escape)JupyterHandler) passwd_check set_passwordc.eZdZdZddZddZdZdZdS)LoginFormHandlerzlThe basic tornado login handler accepts login form, passed to IdentityProvider.process_login_form. Nc ||dt|d|j|dS)zRender the login form.z login.htmlnextdefault)r messageN)writerender_templater get_argumentbase_url)selfrs 9lib/python3.11/site-packages/jupyter_server/auth/login.py_renderzLoginFormHandler._renders`   1 1&$- 1 P PQQ !       c||j}|dd}d|vr3|d\}}}|d|d}t |}|js)|js"|jdz|jsd}|js|jrf|jd|j}| }|j r |j |k}n.|j r'ttj|j |}|s|jd|z|}||dS) zRedirect if url is on our PATH Full-domain redirects are allowed if they pass our CORS origin checks. Otherwise use default (self.base_url if unspecified). N\z%5C:z:///Fz!Not allowing login redirect to %r)rreplace partitionlstriprschemenetlocpath startswithlower allow_originallow_origin_patboolrematchlogwarningredirect) rurlrr _restparsedalloworigins r_redirect_safezLoginFormHandler._redirect_safesh ?mGkk$&& #::!mmC00OFAt22 C 0 022C# M V] FK#4E3Q3QRVR_3`3` E} J  J"M==fm==$J -7EE*J $*?!H!HIIE   !Ds!JKKK crc|jr3|d|j}||dS|dS)zGet the login form.r rN) current_userrrr3r)rnext_urls rgetzLoginFormHandler.getLsR   (((GGH    ) ) ) ) ) LLNNNNNrc|j|x}|_|/|d|ddidS|jd|jd|j||| d|j }| |dS) z Post a login.NerrorInvalid credentialsrzUser z logged in.r r) identity_providerprocess_login_formr5 set_statusrr*infousernameset_login_cookierrr3)ruserr6s rpostzLoginFormHandler.postTs#'#9#L#LT#R#RRt < OOC LL'+@!AL B B B F  8dm888999 //d;;;$$VT]$CC H%%%%%rN)__name__ __module__ __qualname____doc__rr3r7rDrrr r se     ++++Z & & & & &rr c@eZdZdZedZdZdZeddZ e j de j Z edZed Zed Zed Zed Zed ZeddZedZedZdS)LegacyLoginHandlerzLegacy LoginHandler, implementing most custom auth configuration. Deprecated in jupyter-server 2.0. Login configuration has moved to IdentityProvider. c6||jSrE)password_from_settingssettings)rs rhashed_passwordz"LegacyLoginHandler.hashed_passwordis**4=999rc"t||S)zCheck a passwd.)r)rabs rrzLegacyLoginHandler.passwd_checkmsAq!!!rc|dd}|dd}||jrc||j|r0|s.||t jjn|j r|j |kr||t jj|rt|j ddr|j dd}tj|d}t!|j d r%t#|| x|j _|jd<|jd |zn/|d |d didS|d|j}||dS)zPost a login form.passwordr new_passwordallow_password_changeF config_dirzjupyter_server_config.jsonrP) config_filezWrote hashed password to %sr9r:r;r<Nr )rget_login_availablerOrrPrBuuiduuid4hextokengetattrr=r7osr"joinhasattrr r*r@r?rrr3)rtyped_passwordrWrYrZr6s rrDzLegacyLoginHandler.postqs**:r*BB(((DD  # #DM 2 2   !5~FF | %%dDJLL,<====  n < <%%dDJLL,<===OGD,BD[]b$c$cO!%!2!2<!D!DJ"$',,z;W"X"XKt57HIIP);OOOP.>&BHMM"?+"MNNN$$$ g/D%E FFF$$VT]$CC H%%%%%rNcD|jdi}|dd|jd|jjdkr|dd|d|j|j|j|fi||S)z9Call this on handlers to set the login cookie for successcookie_optionshttponlyT secure_cookiehttpssecurer")rOr7 setdefaultrequestprotocolrset_secure_cookie cookie_name)clshandleruser_idrfs rrBz#LegacyLoginHandler.set_login_cookies!)--.>CC!!*d333    1IW1T U U 6  % %h 5 5 5!!&'*:;;;!!'"5wQQ.QQQrz token\s+(.+)c|dd}|sO|j|jjdd}|r|d}|S)zGet the user token from a request Default: - in URL parameters: ?token= - in header: Authorization: token r_rV Authorizationr)rauth_header_patr)rlheadersr7group)rprq user_tokenms r get_tokenzLegacyLoginHandler.get_tokensj))'266  (#))'/*A*E*EoWY*Z*Z[[A (WWQZZ rc.|| S)+DEPRECATED in 2.0, use IdentityProvider API)is_token_authenticatedrprqs rshould_check_originz&LegacyLoginHandler.should_check_origins--g6666rcTt|dd|jt|ddS)r|_user_idN_token_authenticatedF)r`r5r~s rr}z)LegacyLoginHandler.is_token_authenticateds2 7J - - 5  w 6>>>rct|ddr|jS||}||}|p|}|r#||kr|||d|_|W||j4|j d|j| |j sd}||_|S)r|rNTz(Clearing invalid/expired login cookie %s anonymous) r`rget_user_tokenget_user_cookierBr get_cookieror*r+clear_login_cookielogin_available)rprq token_user_idcookie_user_idrrs rget_userzLegacyLoginHandler.get_users 7J - - $# #**733 ,,W55 1>  0.(($$Wg666,0G ( ?!!'"566B ##$NPWPcddd**,,,* &&#rc|jdi}|j|jfi|}|r|}|S)r|get_secure_cookie_kwargs)rOr7get_secure_cookierodecode)rprqrrrs rrz"LegacyLoginHandler.get_user_cookiesY$+#3#7#78RTV#W#W +'+G,?\\C[\\  'nn&&GrcD|j}|sdS||}d}||kr'|jd|jjd}|rN||}|5tjj }|j d||SdS)r|NFz0Accepting token-authenticated connection from %sTz8Generating new user_id for token-authenticated request: ) r_rzr*debugrl remote_iprr\r]r^r@)rprqr_rx authenticatedrrs rrz!LegacyLoginHandler.get_user_tokens   F]]7++     K  B)   !M  ))'22G*,,*   XwXXN4rc|jsRd}||j|d|js&|js!|j|ddSdSdS|js#|js|jddSdSdS)r|z[",,[,SS[SSSrrL)rIrar(r\ urllib.parsertornado.escaper base.handlersrsecurityrr r rL LoginHandlerrJrrrs;; !!!!!!%%%%%%******00000000P&P&P&P&P&~P&P&P&f@S@S@S@S@S)@S@S@SH" r