Commit e93dfd1f authored by CAMPION Sebastien's avatar CAMPION Sebastien

JWT auth

parent e2c4d467
......@@ -51,7 +51,7 @@ def kid_from_crypto_key(private_key_path, key_type):
class Token(object):
def __init__(self, service, access_type="", access_name="",
access_actions=None, subject=''):
access_actions=None, subject='', username=''):
if access_actions is None:
access_actions = []
......@@ -74,6 +74,7 @@ class Token(object):
'exp': int(time.time()) + int(self.token_expiration),
'nbf': int(time.time()) - 30,
'iat': int(time.time()),
'upn': username,
'access': [
{
'type': access_type,
......
......@@ -7,6 +7,7 @@ urlpatterns = [
url(r'^$', views.index, name="home"),
url(r'^tokens$', views.tokens, name="tokens"),
url(r'^registryhook', views.registryhook, name="registryhook"),
url(r'^jupyter$', views.jupyter, name="jupyter"),
url(r'^apps/$', views.WebappList.as_view(), name='webapp_list'),
url(r'^app/(?P<docker_name>[\w-]+)/$', views.WebappDetail.as_view(), name='webapp_detail'),
url(r'^jobs/$', views.JobList.as_view(), name='job_list'),
......
......@@ -7,9 +7,9 @@ import os
from django.contrib.auth.mixins import LoginRequiredMixin
from django.views.decorators.csrf import csrf_exempt
from django.contrib.auth.models import User
from django.shortcuts import render, get_object_or_404
from django.shortcuts import render, get_object_or_404, redirect
from django.http import JsonResponse, HttpResponse
from django.urls import reverse
from django.core.urlresolvers import reverse
from django.views.generic import (
ListView,
DetailView,
......@@ -63,6 +63,13 @@ def registryhook(request):
return HttpResponse(status=200)
def jupyter(request):
token = Token("jupyter", username=request.user)
response = redirect(os.environ.get('ALLGO_JUPYTER_URL'))
response['Authorization'] = 'Bearer ' + token
return response
def tokens(request):
auth_header = request.META.get('HTTP_AUTHORIZATION', '')
if not auth_header:
......
FROM sebastiencampion/jupyterhub
FROM jupyterhub/jupyterhub
RUN pip install git+https://github.com/data-8/nbgitpuller
RUN pip install jupyterhub-jwtauthenticator
......@@ -7,4 +7,5 @@ RUN useradd -ms /bin/bash seb
RUN echo 'seb:seb' | chpasswd
RUN apt-get install git
CMD ["jupyterhub"]
ONBUILD ADD jupyterhub_config.py /srv/jupyterhub/jupyterhub_config.py
CMD ["jupyterhub", "-f", "/srv/jupyterhub/jupyterhub_config.py"]
\ No newline at end of file
......@@ -74,18 +74,19 @@
# - takes two arguments: (handler, data),
# where `handler` is the calling web.RequestHandler,
# and `data` is the POST form data from the login page.
c.JupyterHub.authenticator_class = 'jupyterhub.auth.PAMAuthenticator'
#c.JupyterHub.authenticator_class = 'jupyterhub.auth.PAMAuthenticator'
# c.JupyterHub.authenticator_class = 'jwtauthenticator.jwtauthenticator.JSONWebTokenAuthenticator'
#c.JupyterHub.authenticator_class = 'jwtauthenticator.jwtauthenticator.JSONWebTokenAuthenticator'
c.JupyterHub.authenticator_class = 'jwtauthenticator.jwtauthenticator.JSONWebTokenLocalAuthenticator'
# # one of "secret" or "signing_certificate" must be given. If both, then "secret" will be the signing method used.
# c.JSONWebTokenAuthenticator.secret = '<insert-256-bit-secret-key-here>' # The secrect key used to generate the given token
#c.JSONWebTokenAuthenticator.secret = '<insert-256-bit-secret-key-here>' # The secrect key used to generate the given token
# # -OR-
# c.JSONWebTokenAuthenticator.signing_certificate = '/foo/bar/adfs-signature.crt' # The certificate used to sign the incoming JSONWebToken, must be in PEM Format
#
# c.JSONWebTokenAuthenticator.username_claim_field = 'upn' # The claim field contianing the username/sAMAccountNAme/userPrincipalName
# c.JSONWebTokenAuthenticator.audience = 'https://myApp.domain.local/' # This config option should match the aud field of the JSONWebToken, empty string to disable the validation of this field.
# #c.JSONWebLocalTokenAuthenticator.create_system_users = True # This will enable local user creation upon authentication, requires JSONWebTokenLocalAuthenticator
# #c.JSONWebTokenAuthenticator.header_name = 'Authorization' # default value
import os
c.JSONWebTokenAuthenticator.signing_certificate = '/certs/server.crt' #/foo/bar/adfs-signature.crt' # The certificate used to sign the incoming JSONWebToken, must be in PEM Format
c.JSONWebTokenAuthenticator.username_claim_field = 'upn' # The claim field contianing the username/sAMAccountNAme/userPrincipalName
c.JSONWebTokenAuthenticator.audience = 'http://0.0.0.0:8008/tokens' # This config option should match the aud field of the JSONWebToken, empty string to disable the validation of this field.
c.JSONWebLocalTokenAuthenticator.create_system_users = True # This will enable local user creation upon authentication, requires JSONWebTokenLocalAuthenticator
c.JSONWebTokenAuthenticator.header_name = 'Authorization' # default value
## The base URL of the entire application.
......
0d9d8e2189c9d24309009cda70533862c8e16090cb2c4e1c61a84d46c5111ce4
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment