stv0g/firstuseauthenticator
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
firstuseauthenticator/firstuseauthenticator/firstuseauthenticator.py
yuvipanda 4f87418efc Allow disabling user creation on login 
This forces admins to create users manually - via config
or the admin panel, before they can log in.
2018-07-03 16:09:28 -07:00

67 lines
2 KiB
Python
Raw Blame History

"""
JupyterHub Authenticator that lets users set password on first use.
When users first log in, the password they use becomes their
password for that account. It is hashed with bcrypt & stored
locally in a dbm file, and checked next time they log in.
"""
import dbm
from jupyterhub.auth import Authenticator
from jupyterhub.orm import User
from tornado import gen
from traitlets.traitlets import Unicode, Bool
import bcrypt
class FirstUseAuthenticator(Authenticator):
"""
JupyterHub authenticator that lets users set password on first use.
"""
dbm_path = Unicode(
'passwords.dbm',
config=True,
help="""
Path to store the db file with username / pwd hash in
"""
)
create_users = Bool(
True,
config=True,
help="""
Create users if they do not exist already.
When set to false, users would have to be explicitly created before
they can log in. Users can be created via the admin panel or by setting
whitelist / admin list.
"""
)
def _user_exists(self, username):
"""
Return true if given user already exists.
Note: Depends on internal details of JupyterHub that might change
across versions. Tested with v0.9
"""
return self.db.query(User).filter_by(name=username).first() is not None
@gen.coroutine
def authenticate(self, handler, data):
username = data['username']
if not self.create_users:
if not self._user_exists(username):
return None
password = data['password']
with dbm.open(self.dbm_path, 'c', 0o600) as db:
stored_pw = db.get(username.encode(), None)
if stored_pw is not None:
if bcrypt.hashpw(password.encode(), stored_pw) != stored_pw:
return None
else:
db[username] = bcrypt.hashpw(password.encode(), bcrypt.gensalt())
return username
Reference in a new issue View git blame Copy permalink