o i+@sxdZddlZddlZddlZddlmZddlmZddlm Z ddl m Z m Z Gd d d e Z Gd d d e ZeZdS) z5Tornado handlers for logging into the Jupyter Server.N)urlparse) url_escape)JupyterHandler) passwd_check set_passwordc@s4eZdZdZd ddZd ddZddZd d ZdS) LoginFormHandlerzlThe basic tornado login handler accepts login form, passed to IdentityProvider.process_login_form. Nc Cs*||jdt|jd|jd|ddS)zRender the login form.z login.htmlnextdefault)r messageN)writerender_templater get_argumentbase_url)selfr rT/var/www/edux/Edux_v2/venv/lib/python3.10/site-packages/jupyter_server/auth/login.py_renderszLoginFormHandler._rendercCs|dur|j}|dd}t|}|js|jd|jsPd}|jrD|jd|j}|}|jr8|j|k}n |j rDt t |j |}|sP|j d||}||dS)zRedirect if url is on our PATH Full-domain redirects are allowed if they pass our CORS origin checks. Otherwise use default (self.base_url if unspecified). N\z%5C/Fz://z!Not allowing login redirect to %r)rreplacernetlocpath startswithschemelower allow_originallow_origin_patboolrematchlogwarningredirect)rurlr parsedalloworiginrrr_redirect_safes"  zLoginFormHandler._redirect_safecCs0|jr|jd|jd}||dS|dS)zGet the login form.r r N) current_userrrr*r)rnext_urlrrrget?s zLoginFormHandler.getcCsz|j|}|_|dur|d|jddiddS|jd|jd|j|||j d|j d }| |dS) z Post a login.NerrorInvalid credentialsr zUser z logged in.r r ) identity_providerprocess_login_formr+ set_statusrr#infousernameset_login_cookierrr*)ruserr,rrrpostGs zLoginFormHandler.postN)__name__ __module__ __qualname____doc__rr*r-r9rrrrr s    r c@seZdZdZeddZddZddZedd d Z e d e j Z ed d ZeddZeddZeddZeddZeddZedddZeddZeddZdS)LegacyLoginHandlerzLegacy LoginHandler, implementing most custom auth configuration. Deprecated in jupyter-server 2.0. Login configuration has moved to IdentityProvider. cCs ||jSr:)password_from_settingssettings)rrrrhashed_password\s z"LegacyLoginHandler.hashed_passwordcCs t||S)zCheck a passwd.)r)rabrrrr`s zLegacyLoginHandler.passwd_checkcCs|jddd}|jddd}||jrt||j|r'|s'||tjnM|j re|j |kre||tj|rdt |j ddrd|j dd}t j|d}t||d |j _|jd<|jd |n|d |jd d iddS|jd|jd}||dS)zPost a login form.passwordr new_passwordallow_password_changeF config_dirzjupyter_server_config.json) config_filezWrote hashed password to %sr.r/r0r1Nr )rget_login_availablerArrBr7uuiduuid4hextokengetattrr2r-osrjoinrr#r5r4rrr*)rtyped_passwordrGrIrJr,rrrr9ds*    zLegacyLoginHandler.postNcCsd|jdi}|dd|jd|jjdkr|dd|d|j|j|j|fi||S)z9Call this on handlers to set the login cookie for successcookie_optionshttponlyT secure_cookiehttpssecurer)rAr- setdefaultrequestprotocolrset_secure_cookie cookie_name)clshandleruser_idrTrrrr7}s  z#LegacyLoginHandler.set_login_cookiez token\s+(.+)cCs:|dd}|s|j|jjdd}|r|d}|S)zGet the user token from a request Default: - in URL parameters: ?token= - in header: Authorization: token rOrF Authorizationr)rauth_header_patr"rZheadersr-group)r^r_ user_tokenmrrr get_tokens  zLegacyLoginHandler.get_tokencCs || S)+DEPRECATED in 2.0, use IdentityProvider API)is_token_authenticatedr^r_rrrshould_check_origin z&LegacyLoginHandler.should_check_origincCs"t|dddur |jt|ddS)rh_user_idN_token_authenticatedF)rPr+rjrrrris z)LegacyLoginHandler.is_token_authenticatedcCst|ddr |jS||}||}|p|}|r&||kr#|||d|_|durC||jdur>|j d|j| |j sCd}||_|S)rhrmNTz(Clearing invalid/expired login cookie %s anonymous) rPrmget_user_tokenget_user_cookier7rn get_cookier]r#r$clear_login_cookielogin_available)r^r_ token_user_idcookie_user_idr`rrrget_users"    zLegacyLoginHandler.get_usercCs2|jdi}|j|jfi|}|r|}|S)rhget_secure_cookie_kwargs)rAr-get_secure_cookier]decode)r^r_rxr`rrrrqs z"LegacyLoginHandler.get_user_cookiecCst|j}|sdS||}d}||kr|jd|jjd}|r8||}|dur6tj }|j d||SdS)rhNFz0Accepting token-authenticated connection from %sTz8Generating new user_id for token-authenticated request: ) rOrgr#debugrZ remote_iprqrLrMrNr5)r^r_rOre authenticatedr`rrrrps(   z!LegacyLoginHandler.get_user_tokencCsr|js'd}|dur|j|d|js#|js%|j|ddSdSdS|js5|js7|jddSdSdS)rhzpropertyrBrr9 classmethodr7r!compile IGNORECASErbrgrkrirwrqrprr@rKrrrrr?Us6       $    r?)r>rQr!rL urllib.parsertornado.escaper base.handlersrsecurityrrr r? LoginHandlerrrrrs   FD