bi/dZddlZddlZddlZddlmZddlmZddlm Z ddl m Z dd l m Z mZGd d e ZGd d eZeZy)z5Tornado handlers for logging into the Jupyter Server.N)urlparse) url_escape)JupyterHandler)allow_unauthenticated) passwd_check set_passwordc@eZdZdZddZddZedZedZy)LoginFormHandlerzlThe basic tornado login handler accepts login form, passed to IdentityProvider.process_login_form. Nc |j|jdt|jd|j|y)zRender the login form.z login.htmlnextdefault)rmessageN)writerender_templater get_argumentbase_url)selfrs T/home/cdr/jupyterlab/.venv/lib/python3.12/site-packages/jupyter_server/auth/login.py_renderzLoginFormHandler._rendersC   1 1&$-- 1 PQ !  c| |j}|jdd}d|vr+|jd\}}}|d|jd}t |}|j s4|j s(|jdzj|jsd}|j s |j r||j d|j }|j}|jr|j|k(}n5|jr)ttj|j|}|s |jj!d|z|}|j#|y) zRedirect if url is on our PATH Full-domain redirects are allowed if they pass our CORS origin checks. Otherwise use default (self.base_url if unspecified). N\z%5C:z:///Fz!Not allowing login redirect to %r)rreplace partitionlstriprschemenetlocpath startswithlower allow_originallow_origin_patboolrematchlogwarningredirect) rurlrr!_restparsedalloworigins r_redirect_safezLoginFormHandler._redirect_safe!s. ?mmGkk$& #:!mmC0OFAtHC C 012C# MMV]]FKK#4E3Q3QRVR_R_3`E}} "MM?#fmm_=$$ --7E** $*?*?!HIE  !Ds!JK crc|jr/|jd|j}|j|y|j y)zGet the login form.rrN) current_userrrr4r)rnext_urls rgetzLoginFormHandler.getNs=   (((GH    ) LLNrc~|jj|x}|_|&|jd|j ddiy|j j d|jd|jj|||jd|j }|j|y) z Post a login.NerrorInvalid credentialsrzUser z logged in.rr) identity_providerprocess_login_formr6 set_statusrr+infousernameset_login_cookierrr4)ruserr7s rpostzLoginFormHandler.postWs$(#9#9#L#LT#RRt < OOC LL'+@!AL B   dmm_K89 //d;$$VT]]$C H%rN) __name__ __module__ __qualname____doc__rr4rr8rErrr r s:  +Z & &rr ceZdZdZedZdZedZe ddZ e jde jZe dZe d Ze d Ze d Ze d Ze d Ze ddZe dZe dZy)LegacyLoginHandlerzLegacy LoginHandler, implementing most custom auth configuration. Deprecated in jupyter-server 2.0. Login configuration has moved to IdentityProvider. c8|j|jSrF)password_from_settingssettings)rs rhashed_passwordz"LegacyLoginHandler.hashed_passwordms**4==99rct||S)zCheck a passwd.)r )rabs rr zLegacyLoginHandler.passwd_checkqsAq!!rc|jdd}|jdd}|j|jrr|j|j|r2|s0|j |t jjn$|jr|j|k(r|j |t jj|rt|jddr|jjdd}tjj|d}t!|jd r+t#|| x|j_|jd<|j$j'd |zn&|j)d |j+d diy|jd|j,}|j/|y)zPost a login form.passwordr new_passwordallow_password_changeF config_dirzjupyter_server_config.jsonrQ) config_filezWrote hashed password to %sr:r;r<r=Nr)rget_login_availablerPr rQrCuuiduuid4hextokengetattrr>r8osr#joinhasattrr r+rAr@rrr4)rtyped_passwordrXrZr[r7s rrEzLegacyLoginHandler.postus{**:r*B(((D  # #DMM 2  !5!5~F|%%dDJJL,<,<= n <%%dDJJL,<,<=GD,B,BD[]b$c!%!2!2<!DJ"$'',,z;W"XKt557HI(;O..>zAZHHMM"?+"MN$ g/D%E F$$VT]]$C H%rNc`|jjdi}|jdd|jjd|jjdk(r|jdd|jd|j |j |j|fi||S)z9Call this on handlers to set the login cookie for successcookie_optionshttponlyT secure_cookiehttpssecurer#)rPr8 setdefaultrequestprotocolrset_secure_cookie cookie_name)clshandleruser_idrgs rrCz#LegacyLoginHandler.set_login_cookies!))--.>C!!*d3     1I1IW1T U  % %h 5!!&'*:*:;!!!'"5"5wQ.Qrz token\s+(.+)c|jdd}|sR|jj|jjj dd}|r|j d}|S)zGet the user token from a request Default: - in URL parameters: ?token= - in header: Authorization: token r`rW Authorizationr)rauth_header_patr*rmheadersr8group)rqrr user_tokenms r get_tokenzLegacyLoginHandler.get_tokens]))'26 ##))'//*A*A*E*EoWY*Z[AWWQZ rc&|j| S)+DEPRECATED in 2.0, use IdentityProvider API)is_token_authenticatedrqrrs rshould_check_originz&LegacyLoginHandler.should_check_origins--g666rcNt|dd |jt|ddS)r}_user_idN_token_authenticatedF)rar6rs rr~z)LegacyLoginHandler.is_token_authenticateds, 7J - 5  w 6>>rct|ddr |jS|j|}|j|}|xs|}|r||k7r|j ||d|_|_|j |j6|jjd|j|j|jsd}||_|S)r}rNTz(Clearing invalid/expired login cookie %s anonymous) rarget_user_tokenget_user_cookierCr get_cookierpr+r,clear_login_cookielogin_available)rqrr token_user_idcookie_user_idrss rget_userzLegacyLoginHandler.get_users 7J -## #**73 ,,W5 1> .($$Wg6,0G ( ?!!'"5"56B ##$NPWPcPcd**,**&#rc|jjdi}|j|jfi|}|r|j }|S)r}get_secure_cookie_kwargs)rPr8get_secure_cookierpdecode)rqrrrrss rrz"LegacyLoginHandler.get_user_cookiesQ$+#3#3#7#78RTV#W +'++G,?,?\C[\ nn&Grc\|j}|sy|j|}d}||k(r2|jjd|jj d}|rQ|j |}|",,SSrrM)rJrbr)r] urllib.parsertornado.escaper base.handlersr decoratorrsecurityr r r rM LoginHandlerrKrrrsJ; !%*,0R&~R&jAS)ASJ" r