o i|'@shdZddlZddlZddlmZmZddlZddlmZddl m Z m Z ddl m Z Gd d d e ZdS) z/Tornado handlers for logging into the notebook.N)urlparse urlunparse) url_escape) passwd_check set_password)IPythonHandlerc@seZdZdZd"ddZd"ddZddZed d Zd d Z d dZ e d"ddZ e de jZe ddZe ddZe ddZe ddZe ddZe d"ddZe ddZe d d!ZdS)# LoginHandlerzfThe basic tornado login handler authenticates with a hashed password from the configuration. Nc Cs*||jdt|jd|jd|ddS)Nz login.htmlnextdefault)r message)writerender_templater get_argumentbase_url)selfrrN/var/www/edux/Edux_v2/venv/lib/python3.10/site-packages/notebook/auth/login.py_renders  zLoginHandler._rendercCs|dur|j}|dd}t|}t|jddd}||ks'|jd|jskd}||kr^|jd|j}| }||j j d|j j krJd }n|j rS|j |k}n |jr^t|j|}|sk|jd ||}||dS) zRedirect if url is on our PATH Full-domain redirects are allowed if they pass our CORS origin checks. Otherwise use default (self.base_url if unspecified). N\z%5C)netlocscheme/Fz://TzNot allowing login redirect to )rreplacerr_replacepath startswithrrlowerrequestprotocolhost allow_originallow_origin_patboolmatchlogwarningredirect)rurlr parsed path_onlyalloworiginrrr_redirect_safes(  zLoginHandler._redirect_safecCs0|jr|jd|jd}||dS|dS)Nr r ) current_userrrr0r)rnext_urlrrrgetBs zLoginHandler.getcCs ||jSN)password_from_settingssettings)rrrrhashed_passwordIs zLoginHandler.hashed_passwordcCs t||Sr4)r)rabrrrrMs zLoginHandler.passwd_checkcCs|jddd}|jddd}||jrl||j|r'|s'||tjnE|j r]|j |kr]||tj|r\|j dr\|j d}t j |d}t||d|jd |n|d |jd d id dS|jd|jd}||dS)Npasswordrr new_passwordallow_password_change config_dirzjupyter_notebook_config.json) config_filezWrote hashed password to ierrorzInvalid credentials)rr )rget_login_availabler6rr7set_login_cookieuuiduuid4hextokenr3osrjoinrr(info set_statusrrr0)rtyped_passwordr;r=r>r2rrrpostPs$    zLoginHandler.postcCsd|jdi}|dd|jd|jjdkr|dd|d|j|j|j|fi||S)z9Call this on handlers to set the login cookie for successcookie_optionshttponlyT secure_cookiehttpssecurer)r6r3 setdefaultr!r"rset_secure_cookie cookie_name)clshandleruser_idrLrrrrAis  zLoginHandler.set_login_cookiez token\s+(.+)cCs:|dd}|s|j|jjdd}|r|d}|S)zGet the user token from a request Default: - in URL parameters: ?token= - in header: Authorization: token rEr Authorizationr)rauth_header_patr'r!headersr3group)rTrU user_tokenmrrr get_tokenxs  zLoginHandler.get_tokencCs || S)a3Should the Handler check for CORS origin validation? Origin check should be skipped for token-authenticated requests. Returns: - True, if Handler must check for valid CORS origin. - False, if Handler should skip origin check since requests are token-authenticated. )is_token_authenticatedrTrUrrrshould_check_origins z LoginHandler.should_check_origincCs$t|dddur |t|ddS)zReturns True if handler has been token authenticated. Otherwise, False. Login with a token is used to signal certain things, such as: - permit access to REST API - xsrf protection - skip origin-checks for scripts _user_idN_token_authenticatedF)getattrget_current_userr_rrrr^s  z#LoginHandler.is_token_authenticatedcCst|ddr |jS||}|dur$|jdi}|j|jfi|}n |||d|_|durJ| |jdurE|j d|j| |j sJd}||_|S)zCalled by handlers.get_current_user for identifying the current user. See tornado.web.RequestHandler.get_current_user for details. raNget_secure_cookie_kwargsTz(Clearing invalid/expired login cookie %s anonymous)rcraget_user_tokenr6r3get_secure_cookierSrArb get_cookier(r)clear_login_cookielogin_available)rTrUrVrerrrget_users   zLoginHandler.get_usercCsL|j}|sdS||}d}||kr|jd|jjd}|r$tjSdS)zIdentify the user based on a token in the URL or Authorization header Returns: - uuid if authenticated - None if not NFz0Accepting token-authenticated connection from %sT) rEr]r(debugr! remote_iprBrCrD)rTrUrEr[ authenticatedrrrrgs  zLoginHandler.get_user_tokencCsn|js%d}|dur|j|d|js!|js#|j|ddSdSdS|js3|js5|jddSdSdS)zCheck the notebook application's security. Show messages, or abort if necessary, based on the security configuration. z=WARNING: The notebook server is listening on all IP addressesNz3 and not using encryption. This is not recommended.zK and not using authentication. This is highly insecure and not recommended.z`All authentication is disabled. Anyone who can connect to this server will be able to run code.)ipr(r)r:rE)rTapp ssl_optionsr)rrrvalidate_securitys  zLoginHandler.validate_securitycCs |ddS)zReturn the hashed password from the tornado settings. If there is no configured password, an empty string will be returned. r:r)r3rTr6rrrr5s z#LoginHandler.password_from_settingscCst||p |dS)z_Whether this LoginHandler is needed - and therefore whether the login page should be displayed.rE)r&r5r3rtrrrr@sz LoginHandler.get_login_availabler4)__name__ __module__ __qualname____doc__rr0r3propertyr7rrK classmethodrArecompile IGNORECASErXr]r`r^rlrgrsr5r@rrrrr s8  #       "   r )rxr{rF urllib.parserrrBtornado.escapersecurityrr base.handlersr r rrrrs