Skip to content

Commit 46e24b0

Browse files
ZsailerZsailer
committed
ake JS 2.0 identity provider backwards compatible with classic server's auth model
1 parent ca4b062 commit 46e24b0

File tree

2 files changed

+23
-3
lines changed

2 files changed

+23
-3
lines changed

jupyter_server/auth/identity.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -236,7 +236,8 @@ async def _get_user(self, handler: JupyterHandler) -> User | None:
236236
_token_user: User | None | Awaitable[User | None] = self.get_user_token(handler)
237237
if isinstance(_token_user, Awaitable):
238238
_token_user = await _token_user
239-
token_user: User | None = _token_user # need second variable name to collapse type
239+
# need second variable name to collapse type
240+
token_user: User | None = _token_user
240241
_cookie_user = self.get_user_cookie(handler)
241242
if isinstance(_cookie_user, Awaitable):
242243
_cookie_user = await _cookie_user

jupyter_server/base/handlers.py

Lines changed: 21 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -251,9 +251,28 @@ def identity_provider(self):
251251
)
252252
from jupyter_server.auth import IdentityProvider
253253

254-
# no identity provider set, load default
254+
non_alphanum = re.compile(r"[^A-Za-z0-9]")
255+
default_cookie_name = non_alphanum.sub("-", f"username-{self.request.host}")
256+
257+
# If there is no identity provider set, load the default. If using
258+
# a classic notebook server, adding extensions that inherit
259+
# from JupyterHandler will use a mix of new+old authentication log.
260+
# Here, we construct an identity provider that works side-by-side
261+
# and consistently with the old way that we handled auth in
262+
# the classic server.
255263
self.settings["identity_provider"] = IdentityProvider(
256-
config=self.settings.get("config", None)
264+
config=self.settings.get("config", None),
265+
# For backwards compatibility, pass the token
266+
# from the webapp settings.
267+
token=self.settings.get("token", "<generated>"),
268+
# Prefix the cookie name with "model-" to avoid colliding with
269+
# the cookie set by the classic server.
270+
# NOTE: This creates two cookies to authenticate the user
271+
# (1) the token cookie and (2) the user model cookie.
272+
cookie_name="model-" + self.settings.get("cookie_name", default_cookie_name),
273+
cookie_options=self.settings.get("cookie_options", {}),
274+
secure_cookie=self.settings.get("secure_cookie", None),
275+
get_secure_cookie_kwargs=self.settings.get("get_secure_cookie_kwargs", {}),
257276
)
258277
return self.settings["identity_provider"]
259278

0 commit comments

Comments
 (0)