Ib&jdZddlZddlZddlmZddlZddlmZddlm Z m Z ddl m Z Gd d e Z y) z/Tornado handlers for logging into the notebook.N)urlparse) url_escape) passwd_check set_password)IPythonHandlerceZdZdZddZddZdZedZdZ dZ e dd Z e jd e jZe d Ze d Ze d Ze dZe dZe ddZe dZe dZy) LoginHandlerzfThe basic tornado login handler authenticates with a hashed password from the configuration. Nc |j|jdt|jd|j|y)Nz login.htmlnextdefault)r message)writerender_templater get_argumentbase_url)selfrs 5/usr/lib/python3/dist-packages/notebook/auth/login.py_renderzLoginHandler._rendersA 4''  1 1&$-- 1 PQ(  c2| |j}|jdd}t|}|js(|jdzj |jsd}|jrw|j d|j}|j}|jr|j|k(}n0|jr$t|jj|}|s |jjd||}|j|y)zRedirect if url is on our PATH Full-domain redirects are allowed if they pass our CORS origin checks. Otherwise use default (self.base_url if unspecified). N\z%5C/Fz://zNot allowing login redirect to )rreplacernetlocpath startswithschemelower allow_originallow_origin_patboolmatchlogwarningredirect)rurlrparsedalloworigins r_redirect_safezLoginHandler._redirect_safes ?mmGkk$&# ==s!2 > >t}} ME}}"MM?#fmm_=$$ --7E** !6!6!C!!*d3     1I1IW1T U  % %h 5!!&'*:*:;!!!'"5"5wQ.Qrz token\s+(.+)c|jdd}|sR|jj|jjj dd}|r|j d}|S)zGet the user token from a request Default: - in URL parameters: ?token= - in header: Authorization: token rGr< Authorizationr)rauth_header_patr%rUheadersr1group)rYrZ user_tokenms r get_tokenzLoginHandler.get_tokenus]))'26 ##))'//*A*A*E*EoWY*Z[AWWQZ rc&|j| S)a3Should the Handler check for CORS origin validation? Origin check should be skipped for token-authenticated requests. Returns: - True, if Handler must check for valid CORS origin. - False, if Handler should skip origin check since requests are token-authenticated. )is_token_authenticatedrYrZs rshould_check_originz LoginHandler.should_check_origins--g666rcVt|dd|jt|ddS)zReturns True if handler has been token authenticated. Otherwise, False. Login with a token is used to signal certain things, such as: - permit access to REST API - xsrf protection - skip origin-checks for scripts _user_idN_token_authenticatedF)getattrget_current_userrfs rrez#LoginHandler.is_token_authenticateds/ 7J - 5  $ $ &w 6>>rct|ddr |jS|j|}|:|jj di}|j |j fi|}n|j||d|_|_|j|j 6|jjd|j |j|jsd}||_|S)zCalled by handlers.get_current_user for identifying the current user. See tornado.web.RequestHandler.get_current_user for details. riNget_secure_cookie_kwargsTz(Clearing invalid/expired login cookie %s anonymous)rkriget_user_tokenr5r1get_secure_cookierXrCrj get_cookier&r'clear_login_cookielogin_available)rYrZr[rns rget_userzLoginHandler.get_users 7J -## #$$W- ?(/(8(8(<(<=WY[(\ $/g//0C0CaG_aG  ' 2,0G ( ?!!'"5"56B ##$NPWPcPcd**,**&#rc|j}|sy|j|}d}||k(r2|jjd|jj d}|rt jjSy)zIdentify the user based on a token in the URL or Authorization header Returns: - uuid if authenticated - None if not NFz0Accepting token-authenticated connection from %sT) rGrcr&debugrU remote_iprDrErF)rYrZrGra authenticateds rrpzLoginHandler.get_user_tokensm  ]]7+    KK  PRYRaRaRkRk l M ::<## #rc<|js[d}||jj|dz|js,|js|jj|dzyyy|js)|js|jjdyyy)zCheck the notebook application's security. Show messages, or abort if necessary, based on the security configuration. z=WARNING: The notebook server is listening on all IP addressesNz3 and not using encryption. This is not recommended.zK and not using authentication. This is highly insecure and not recommended.z`All authentication is disabled. Anyone who can connect to this server will be able to run code.)ipr&r'r;rG)rYapp ssl_optionsr's rvalidate_securityzLoginHandler.validate_securitys vvUG"+*!*+<< +C!CD)2<<< XY)2rs/5  ! %0*iS>iSr