Commit c16acfa9 authored by CAMPION Sebastien's avatar CAMPION Sebastien

final release

parent 16796efd
......@@ -50,8 +50,7 @@ def kid_from_crypto_key(private_key_path, key_type):
class Token(object):
def __init__(self, service, access_type="", access_name="",
access_actions=None, subject='', username=''):
def __init__(self, service, access_type="", access_name="", access_actions=None, subject=''):
if access_actions is None:
access_actions = []
......@@ -74,7 +73,6 @@ class Token(object):
'exp': int(time.time()) + int(self.token_expiration),
'nbf': int(time.time()) - 30,
'iat': int(time.time()),
'upn': username,
'access': [
{
'type': access_type,
......
......@@ -6,6 +6,7 @@ import logging
import os
from django.contrib.auth.mixins import LoginRequiredMixin
from django.views.decorators.csrf import csrf_exempt
from django.contrib.auth.decorators import login_required
from django.contrib.auth.models import User
from django.shortcuts import render, get_object_or_404, redirect
from django.http import JsonResponse, HttpResponse
......@@ -63,11 +64,14 @@ def registryhook(request):
return HttpResponse(status=200)
@login_required
def jupyter(request):
token = Token("jupyter", username=request.user)
response = redirect(os.environ.get('ALLGO_JUPYTER_URL'))
response['Authorization'] = 'Bearer ' + token
return response
token = Token("jupyter")
user = request.user.get_username()
token.claim['upn'] = user
encoded_token = token.encode_token()
next = "/user/%s/git-pull?repo=%s" % (user, request.GET.get("repo"))
return redirect(os.environ.get('ALLGO_JUPYTER_URL')+"?bearer=" + encoded_token + "&next=" + next)
def tokens(request):
......
......@@ -36,7 +36,7 @@ services:
DJANGO_DEBUG: 1
DJANGO_LOG_LEVEL: "DEBUG"
ALLGO_DEBUG: "True"
ALLGO_JUPYTER_URL: "http://0.0.0.0:8000"
ALLGO_JUPYTER_URL: "http://0.0.0.0:8000/hub/login"
ALLGO_EMAIL_BACKEND: "django.core.mail.backends.console.EmailBackend"
ALLGO_SECRET_KEY: "nFgLEiedSJfYKyJA6WjkiGs8c23vokcVoM4DDLi9GsCX36TdsR"
ALLGO_DATABASE_PASSWORD: "allgo"
......@@ -113,15 +113,10 @@ services:
- "8000:8000"
volumes:
- "./certs:/certs"
- "./jupyterhub:/srv/jupyterhub/"
environment:
JUPYTERHUB_LOG_LEVEL: "debug"
JUPYTERHUB_HTTP_TLS_CERTIFICATE: "/certs/server.crt"
JUPYTERHUB_HTTP_TLS_KEY: "/certs/server.key"
JUPYTERHUB_AUTH: "token"
JUPYTERHUB_AUTH_TOKEN_REALM: "http://0.0.0.0:8008/tokens"
JUPYTERHUB_AUTH_TOKEN_SERVICE: "allgo_registry"
JUPYTERHUB_AUTH_TOKEN_ISSUER: "allgo_oauth"
JUPYTERHUB_AUTH_TOKEN_ROOTCERTBUNDLE: "/certs/server.crt"
JUPYTERHUB_JWT_KEY: "/certs/server.key"
networks: [dev]
......
jupyterhub_cookie_secret
jupyterhub.sqlite
FROM jupyterhub/jupyterhub
RUN pip install git+https://github.com/data-8/nbgitpuller
RUN pip install jupyterhub-jwtauthenticator
RUN jupyter serverextension enable --py nbgitpuller --sys-prefix
RUN useradd -ms /bin/bash seb
RUN echo 'seb:seb' | chpasswd
RUN apt-get install git
ONBUILD ADD jupyterhub_config.py /srv/jupyterhub/jupyterhub_config.py
ENV PYTHONUNBUFFERED 1
CMD ["jupyterhub", "-f", "/srv/jupyterhub/jupyterhub_config.py"]
\ No newline at end of file
......@@ -76,18 +76,18 @@
# and `data` is the POST form data from the login page.
#c.JupyterHub.authenticator_class = 'jupyterhub.auth.PAMAuthenticator'
#c.JupyterHub.authenticator_class = 'jwtauthenticator.jwtauthenticator.JSONWebTokenAuthenticator'
c.JupyterHub.authenticator_class = 'jwtauthenticator.jwtauthenticator.JSONWebTokenLocalAuthenticator'
#c.JupyterHub.authenticator_class = 'jwtauthenticator.jwtauthenticator.JSONWebTokenAuthenticator'
# # one of "secret" or "signing_certificate" must be given. If both, then "secret" will be the signing method used.
#c.JSONWebTokenAuthenticator.secret = '<insert-256-bit-secret-key-here>' # The secrect key used to generate the given token
# # -OR-
import os
c.JSONWebTokenAuthenticator.signing_certificate = '/certs/server.crt' #/foo/bar/adfs-signature.crt' # The certificate used to sign the incoming JSONWebToken, must be in PEM Format
c.JSONWebTokenAuthenticator.signing_certificate = os.environ.get("JUPYTERHUB_JWT_KEY") #/foo/bar/adfs-signature.crt' # The certificate used to sign the incoming JSONWebToken, must be in PEM Format
c.JSONWebTokenAuthenticator.username_claim_field = 'upn' # The claim field contianing the username/sAMAccountNAme/userPrincipalName
c.JSONWebTokenAuthenticator.audience = 'http://0.0.0.0:8008/tokens' # This config option should match the aud field of the JSONWebToken, empty string to disable the validation of this field.
c.JSONWebTokenAuthenticator.expected_audience = 'jupyter' # This config option should match the aud field of the JSONWebToken, empty string to disable the validation of this field.
c.JSONWebLocalTokenAuthenticator.create_system_users = True # This will enable local user creation upon authentication, requires JSONWebTokenLocalAuthenticator
c.JSONWebTokenAuthenticator.header_name = 'Authorization' # default value
c.JSONWebTokenAuthenticator.param_name = 'bearer' # default value
c.LocalAuthenticator.create_system_users = True
## The base URL of the entire application.
#
......@@ -165,6 +165,8 @@ c.JSONWebTokenAuthenticator.header_name = 'Authorization'
## url for the database. e.g. `sqlite:///jupyterhub.sqlite`
#c.JupyterHub.db_url = 'sqlite:///jupyterhub.sqlite'
c.JupyterHub.log_level = 'DEBUG'
## log all database transactions. This has A LOT of output
#c.JupyterHub.debug_db = False
......
0d9d8e2189c9d24309009cda70533862c8e16090cb2c4e1c61a84d46c5111ce4
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment