Ticket #1729: 1729-notebook-login.patch

sage/server/notebook/avatars.py

@@ -39 +39 @@
     implements(checkers.ICredentialsChecker)
     credentialInterfaces = (credentials.IUsernamePassword,)
 
-
-
     def add_user(self, username, password, email, account_type='user'):
         self.check_username(username)
         U = twist.notebook.add_user(username, password, email, account_type)
@@ -66 +64 @@
             return defer.succeed(username)
         else:
             return defer.succeed(FailedLogin(username,failure_type='password'))
+            
+
+class ITokenCredentials(credentials.ICredentials):
+    def checkToken(token):
+        pass
+        
+
+class TokenCred(object):
+    implements(ITokenCredentials)
+    
+    def __init__(self, token=None):
+        self.token = token
+        
+    def checkToken(self, token):
+        return token == self.token
+        
+
+class OneTimeTokenChecker(object):
+    implements(checkers.ICredentialsChecker)
+    credentialInterfaces = (ITokenCredentials,)
+    
+    is_startup = True
+    
+    def requestAvatarId(self, credentials):
+        from twisted.python import log
+        if self.token and credentials.checkToken(self.token):
+            if self.is_startup:
+                self.is_startup = False
+                self.token = credentials.token = randint(0, 2**128)
+            return defer.succeed('admin')
+        else:
+            return defer.fail("Bad token")
 
 
 class LoginSystem(object):

sage/server/notebook/guard.py

@@ -149 +149 @@
         Inital logic occurs here to decide the
         authentication status of a given user.
         """
-        #log.msg("request: %s, segments: %s" % (str(request.args), segments)) 
-        #see if the user already has a session going
         if segments and segments[0] == "login":
             #log.msg("Login")
             #get the username and password in the postdata
@@ -160 +158 @@
             l.addCallback(lambda _: self.requestPasswordAuthentication(request, segments))
             return l
             
+        if segments and segments[0] == "":
+            if request.args.get('startup_token', [''])[0]:
+                return self.requestPasswordAuthentication(request, segments)
+            
+        #see if the user already has a session going
         session = self.getSession(request)
+        log.msg("session: %s" % session) 
         if session is None:
-            # log.msg("unknown session")
+            #log.msg("unknown session")
             return self.requestAnonymousAuthentication(request, segments)
         else:
             if segments and segments[0] == "logout":
@@ -238 +242 @@
         mind = [newCookie, None, None] 
         d = self.portal.login(creds, mind, self.credInterface)
         d.addCallback(_success, request, segments)
-        #d.addErrback(self._loginFailure, request, segments, 'Anonymous access not allowed.')
         return d
 
     def getSession(self, request):
@@ -258 +261 @@
         or if they dont exist we have an anonymous
         session
         """
+        if request.args.get('startup_token', [''])[0]:
+            import avatars
+            return avatars.TokenCred(request.args.get('startup_token', [''])[0])
         username = request.args.get('email', [''])[0]
         password = request.args.get('password', [''])[0]
         return credentials.UsernamePassword(username, password)
@@ -269 +275 @@
         Also saved the credentials that the user used to log in
         to later associate these credentials with the users session.
         """
+        #log.msg("=== _loginSuccess ===")
         session.set_authCreds(creds)
         return rsrc, ()
     
     def _loginFailure(self, *x): #TODO
-        #log.msg("=== _loginFailure ===")
-        print x
+        log.msg("=== _loginFailure ===")
+        
+        log.msg(str(x))
                  
     def incorrectLoginError(self, error, ctx, segments, loginFailure):
         pass

sage/server/notebook/run_notebook.py

@@ -143 +143 @@
                 address, port, secure)
 
         if open_viewer:
-            open_page = "from sage.server.misc import open_page; open_page('%s', %s, %s, '%s')"%(address, port, secure, start_path)
+            if secure:
+                start_path = "'/?startup_token=%s' % startup_token"
+            else:
+                start_path = "'" + start_path + "'"
+            open_page = "from sage.server.misc import open_page; open_page('%s', %s, %s, %s)"%(address, port, secure, start_path)
         else:
             open_page = ''
         
@@ -168 +172 @@
 import sage.server.notebook.worksheet as worksheet
 worksheet.init_sage_prestart(twist.notebook.get_server(), twist.notebook.get_ulimit())
 
-import signal, sys
+import signal, sys, random
 def my_sigint(x, n):
     twist.notebook.save()
     signal.signal(signal.SIGINT, signal.SIG_DFL)
@@ -190 +194 @@
 
 realm = avatars.LoginSystem()
 p = portal.Portal(realm)
+startup_token = '%%x' %% random.randint(0, 2**128)
+startup_checker = avatars.OneTimeTokenChecker()
+startup_checker.token = startup_token
+p.registerChecker(startup_checker)
 password_checker = avatars.PasswordChecker()
 p.registerChecker(password_checker)
 p.registerChecker(checkers.AllowAnonymousAccess())

sage/server/notebook/twist.py

@@ -102 +102 @@
 ######################################################################################
 # RESOURCES
 ######################################################################################
+
 
 ############################
 # An error message
@@ -1686 +1687 @@
     child_upload = Upload()
     child_logout = Logout()
     
+    
 
     #child_login = RedirectLogin()