Skip to content

Commit

Permalink
allow handlers to work without an authorizer in the settings
Browse files Browse the repository at this point in the history
  • Loading branch information
Zsailer committed Mar 10, 2022
1 parent 426a4c6 commit 1a51c0d
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 2 deletions.
21 changes: 20 additions & 1 deletion jupyter_server/auth/decorator.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
"""
# Copyright (c) Jupyter Development Team.
# Distributed under the terms of the Modified BSD License.
import warnings
from functools import wraps
from typing import Callable
from typing import Optional
Expand All @@ -13,6 +14,20 @@
from .utils import HTTP_METHOD_TO_AUTH_ACTION


def raise_no_authorizer_warning():
warnings.warn(
"The Tornado web application does not have an 'authorizer' defined "
"in its settings. In future releases of jupyter_server, this will "
"be a required key for all subclasses of `JupyterHandler`. For an "
"example, see the jupyter_server source code for how to "
"add an authorizer to the tornado settings: "
"https://github.com/jupyter-server/jupyter_server/blob/"
"653740cbad7ce0c8a8752ce83e4d3c2c754b13cb/jupyter_server/serverapp.py"
"#L234-L256",
# stacklevel=2
)


def authorized(
action: Optional[Union[str, Callable]] = None,
resource: Optional[str] = None,
Expand Down Expand Up @@ -61,7 +76,11 @@ def inner(self, *args, **kwargs):
raise HTTPError(status_code=403, log_message=message)
# If the user is allowed to do this action,
# call the method.
if self.authorizer.is_authorized(self, user, action, resource):
if not self.authorizer:
with warnings.catch_warnings():
warnings.simplefilter("once")
raise_no_authorizer_warning()
elif self.authorizer.is_authorized(self, user, action, resource):
return method(self, *args, **kwargs)
# else raise an exception.
else:
Expand Down
2 changes: 1 addition & 1 deletion jupyter_server/base/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -193,7 +193,7 @@ def login_available(self):

@property
def authorizer(self):
return self.settings["authorizer"]
return self.settings.get("authorizer")


class JupyterHandler(AuthenticatedHandler):
Expand Down

0 comments on commit 1a51c0d

Please sign in to comment.