o ^i/@sdZddlZddlZddlZddlmZddlmZddlm Z ddl m Z dd l m Z mZGd d d e ZGd d d eZeZdS)z5Tornado handlers for logging into the Jupyter Server.N)urlparse) url_escape)JupyterHandler)allow_unauthenticated) passwd_check set_passwordc@s<eZdZdZd ddZd ddZeddZed d ZdS) LoginFormHandlerzlThe basic tornado login handler accepts login form, passed to IdentityProvider.process_login_form. Nc Cs*||jdt|jd|jd|ddS)zRender the login form.z login.htmlnextdefault)r messageN)writerender_templater get_argumentbase_url)selfrrT/home/ubuntu/hpml_nyu/venv/lib/python3.10/site-packages/jupyter_server/auth/login.py_renderszLoginFormHandler._renderc Cs|dur|j}|dd}d|vr#|d\}}}|d|d}t|}|js6|js6|jd|jsld}|js>|jr`|jd|j}| }|j rT|j |k}n |j r`t t |j |}|sl|jd||}||dS) zRedirect if url is on our PATH Full-domain redirects are allowed if they pass our CORS origin checks. Otherwise use default (self.base_url if unspecified). N\z%5C:z:///Fz!Not allowing login redirect to %r)rreplace partitionlstriprschemenetlocpath startswithlower allow_originallow_origin_patboolrematchlogwarningredirect) rurlr r_restparsedalloworiginrrr_redirect_safe!s(   zLoginFormHandler._redirect_safecCs0|jr|jd|jd}||dS|dS)zGet the login form.r r N) current_userrrr0r)rnext_urlrrrgetNs zLoginFormHandler.getcCsz|j|}|_|dur|d|jddiddS|jd|jd|j|||j d|j d }| |dS) z Post a login.NerrorInvalid credentialsrzUser z logged in.r r ) identity_providerprocess_login_formr1 set_statusrr'infousernameset_login_cookierrr0)ruserr2rrrpostWs zLoginFormHandler.postN) __name__ __module__ __qualname____doc__rr0rr3r?rrrrr s  - r c@seZdZdZeddZddZeddZe dd d Z e d e j Ze d d Ze ddZe ddZe ddZe ddZe ddZe dddZe ddZe ddZdS)LegacyLoginHandlerzLegacy LoginHandler, implementing most custom auth configuration. Deprecated in jupyter-server 2.0. Login configuration has moved to IdentityProvider. cCs ||jSr@)password_from_settingssettings)rrrrhashed_passwordms z"LegacyLoginHandler.hashed_passwordcCs t||S)zCheck a passwd.)r)rabrrrrqs zLegacyLoginHandler.passwd_checkcCs|jddd}|jddd}||jrz||j|r'|s'||tjnS|j rk|j |krk||tj|rjt |j ddrj|j dd}t j|d}t|j d rbt||d |j _|jd<|jd |n|d |jd diddS|jd|jd}||dS)zPost a login form.passwordr new_passwordallow_password_changeF config_dirzjupyter_server_config.jsonrH) config_filezWrote hashed password to %sr4r5r6r7Nr )rget_login_availablerGrrHr=uuiduuid4hextokengetattrr8r3osrjoinhasattrr r'r;r:rrr0)rtyped_passwordrMrOrPr2rrrr?us(    zLegacyLoginHandler.postNcCsd|jdi}|dd|jd|jjdkr|dd|d|j|j|j|fi||S)z9Call this on handlers to set the login cookie for successcookie_optionshttponlyT secure_cookiehttpssecurer)rGr3 setdefaultrequestprotocolrset_secure_cookie cookie_name)clshandleruser_idr[rrrr=s  z#LegacyLoginHandler.set_login_cookiez token\s+(.+)cCs:|dd}|s|j|jjdd}|r|d}|S)zGet the user token from a request Default: - in URL parameters: ?token= - in header: Authorization: token rUrL Authorizationr)rauth_header_patr&raheadersr3group)rerf user_tokenmrrr get_tokens  zLegacyLoginHandler.get_tokencCs || S)+DEPRECATED in 2.0, use IdentityProvider API)is_token_authenticatedrerfrrrshould_check_origin z&LegacyLoginHandler.should_check_origincCs"t|dddur |jt|ddS)ro_user_idN_token_authenticatedF)rVr1rqrrrrps z)LegacyLoginHandler.is_token_authenticatedcCst|ddr |jS||}||}|p|}|r&||kr#|||d|_|durC||jdur>|j d|j| |j sCd}||_|S)rortNTz(Clearing invalid/expired login cookie %s anonymous) rVrtget_user_tokenget_user_cookier=ru get_cookierdr'r(clear_login_cookielogin_available)rerf token_user_idcookie_user_idrgrrrget_users"    zLegacyLoginHandler.get_usercCs2|jdi}|j|jfi|}|r|}|S)roget_secure_cookie_kwargs)rGr3get_secure_cookierddecode)rerfrrgrrrrxs z"LegacyLoginHandler.get_user_cookiecCst|j}|sdS||}d}||kr|jd|jjd}|r8||}|dur6tj }|j d||SdS)roNFz0Accepting token-authenticated connection from %sTz8Generating new user_id for token-authenticated request: ) rUrnr'debugra remote_iprxrRrSrTr;)rerfrUrl authenticatedrgrrrrws(   z!LegacyLoginHandler.get_user_tokencCsr|js'd}|dur|j|d|js#|js%|j|ddSdSdS|js5|js7|jddSdSdS)rozs    UF