Skip to content

Commit a48f3c6

Browse files
ZsailerZsailer
committed
ake JS 2.0 identity provider backwards compatible with classic server's auth model
1 parent 2b42b90 commit a48f3c6

File tree

2 files changed

+23
-3
lines changed

2 files changed

+23
-3
lines changed

jupyter_server/auth/identity.py

+2-1
Original file line numberDiff line numberDiff line change
@@ -236,7 +236,8 @@ async def _get_user(self, handler: JupyterHandler) -> User | None:
236236
_token_user: User | None | Awaitable[User | None] = self.get_user_token(handler)
237237
if isinstance(_token_user, Awaitable):
238238
_token_user = await _token_user
239-
token_user: User | None = _token_user # need second variable name to collapse type
239+
# need second variable name to collapse type
240+
token_user: User | None = _token_user
240241
_cookie_user = self.get_user_cookie(handler)
241242
if isinstance(_cookie_user, Awaitable):
242243
_cookie_user = await _cookie_user

jupyter_server/base/handlers.py

+21-2
Original file line numberDiff line numberDiff line change
@@ -248,9 +248,28 @@ def identity_provider(self):
248248
)
249249
from jupyter_server.auth import IdentityProvider
250250

251-
# no identity provider set, load default
251+
non_alphanum = re.compile(r"[^A-Za-z0-9]")
252+
default_cookie_name = non_alphanum.sub("-", f"username-{self.request.host}")
253+
254+
# If there is no identity provider set, load the default. If using
255+
# a classic notebook server, adding extensions that inherit
256+
# from JupyterHandler will use a mix of new+old authentication log.
257+
# Here, we construct an identity provider that works side-by-side
258+
# and consistently with the old way that we handled auth in
259+
# the classic server.
252260
self.settings["identity_provider"] = IdentityProvider(
253-
config=self.settings.get("config", None)
261+
config=self.settings.get("config", None),
262+
# For backwards compatibility, pass the token
263+
# from the webapp settings.
264+
token=self.settings.get("token", "<generated>"),
265+
# Prefix the cookie name with "model-" to avoid colliding with
266+
# the cookie set by the classic server.
267+
# NOTE: This creates two cookies to authenticate the user
268+
# (1) the token cookie and (2) the user model cookie.
269+
cookie_name="model-" + self.settings.get("cookie_name", default_cookie_name),
270+
cookie_options=self.settings.get("cookie_options", {}),
271+
secure_cookie=self.settings.get("secure_cookie", None),
272+
get_secure_cookie_kwargs=self.settings.get("get_secure_cookie_kwargs", {}),
254273
)
255274
return self.settings["identity_provider"]
256275

0 commit comments

Comments
 (0)