Skip to content

Commit

Permalink
Merge pull request #418 from yuvipanda/demo-pass
Browse files Browse the repository at this point in the history 
Support username / password auth provider
  • Loading branch information
@GeorgianaElena
GeorgianaElena authored May 18, 2021
2 parents b3fa595 + dbe77b8 commit d375bcc
Show file tree
Hide file tree
Showing 4 changed files with 38 additions and 14 deletions.
20 changes: 10 additions & 10 deletions config/hubs/cloudbank.cluster.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,7 @@ hubs:
domain: demo.cloudbank.2i2c.cloud
template: basehub
auth0:
connection: google-oauth2
connection: password
config:
jupyterhub:
custom:
Expand All @@ -212,15 +212,15 @@ hubs:
url: http://cloudbank.org/
hub:
config:
Authenticator:
allowed_users: &demo_users
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
admin_users: *demo_users
JupyterHub:
# No more than 100 users at a time
active_server_limit: 100
cull:
# Cull after 30min of inactivity
every: 300
timeout: 1800
# No pods over 12h long
maxAge: 43200
- name: lassen
domain: lassen.cloudbank.2i2c.cloud
template: basehub
Expand Down
3 changes: 2 additions & 1 deletion config/hubs/schema.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,10 +117,11 @@ properties:
properties:
connection:
type: string
enum:
enum:
- google-oauth2
- github
- ORCID
- password
description: |
Authentication method users of the hub can use to log in to the hub.
We support a subset of the [connectors](https://auth0.com/docs/identityproviders)
Expand Down
26 changes: 24 additions & 2 deletions deployer/auth.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@
USERNAME_KEYS = {
'github': 'nickname',
'google-oauth2': 'email',
'ORCID': 'sub'
'ORCID': 'sub',
'password': 'email'
}


Expand Down Expand Up @@ -79,6 +80,7 @@ def _ensure_client_callback(self, client, domains):
}
)


def ensure_client(self, name, domains, connection_name):
current_clients = self.get_clients()
if name not in current_clients:
Expand All @@ -89,12 +91,32 @@ def ensure_client(self, name, domains, connection_name):
self._ensure_client_callback(client, domains)

current_connections = self.get_connections()

if connection_name == 'password':
# Users should not be shared between hubs - each hub
# should have its own username / password database.
# So we create a new 'database connection' per hub,
# instead of sharing one across hubs.
db_connection_name = f'database-{name}'

if db_connection_name not in current_connections:
# connection doesn't exist yet, create it
connection = self.auth0.connections.create({
'name': db_connection_name,
'display_name': name,
'strategy': 'auth0'
})
current_connections[db_connection_name] = connection
selected_connection_name = db_connection_name
else:
selected_connection_name = connection_name

for connection in current_connections.values():
# The chosen connection!
enabled_clients = connection['enabled_clients'].copy()
needs_update = False
client_id = client['client_id']
if connection['name'] == connection_name:
if connection['name'] == selected_connection_name:
if client_id not in enabled_clients:
enabled_clients.append(client_id)
needs_update = True
Expand Down
3 changes: 2 additions & 1 deletion deployer/hub.py
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
from auth import KeyProvider
import hashlib
import hmac
import json
Expand Down Expand Up @@ -100,7 +101,7 @@ def __init__(self, cluster, spec):
self.cluster = cluster
self.spec = spec

def get_generated_config(self, auth_provider, secret_key):
def get_generated_config(self, auth_provider: KeyProvider, secret_key):
"""
Generate config automatically for each hub
Expand Down

0 comments on commit d375bcc

Please sign in to comment.