^h/SrSSKrSSKrSSKrSSKJr SSKJr SSKJ r SSK J r SS K J r Jr "S S \ 5r"S S \5r\rg)z5Tornado handlers for logging into the Jupyter Server.N)urlparse) url_escape)JupyterHandler)allow_unauthenticated) passwd_check set_passwordcL\rSrSrSrS SjrS Sjr\S5r\S5r Sr g) LoginFormHandlerzdThe basic tornado login handler accepts login form, passed to IdentityProvider.process_login_form. Nc URURS[URSURS95US95 g)zRender the login form.z login.htmlnextdefault)rmessageN)writerender_templater get_argumentbase_url)selfrs S/home/james-whalen/.local/lib/python3.13/site-packages/jupyter_server/auth/login.py_renderLoginFormHandler._rendersC   1 1&$-- 1 PQ !  c Uc URnURSS5nSU;a*URS5up4nUSURS53n[ U5nUR (d>UR (d-URS-RUR5(dSnUR (dUR (aUR SUR 3nUR5nUR(aURU:HnO;UR(a*[[R"URU55nU(d URR!SU-5 UnUR#U5 g) zRedirect if url is on our PATH Full-domain redirects are allowed if they pass our CORS origin checks. Otherwise use default (self.base_url if unspecified). N\z%5C:z:///Fz!Not allowing login redirect to %r)rreplace partitionlstriprschemenetlocpath startswithlower allow_originallow_origin_patboolrematchlogwarningredirect) rurlrr#_restparsedalloworigins r_redirect_safeLoginFormHandler._redirect_safe!s/ ?mmGkk$& #:!mmC0OFtHC C 012C# MMV]]FKK#4E3Q3QRVR_R_3`3`E}} "MM?#fmm_=$$ --7E** $*?*?!HIE  !Ds!JK crcUR(a,URSURS9nURU5 gUR 5 g)zGet the login form.rrN) current_userrrr6r)rnext_urls rgetLoginFormHandler.getNs=   (((GH    ) LLNrcpURRU5=olUc#URS5 UR SS0S9 gUR R SURS35 URRX5 URSURS 9nURU5 g) z Post a login.NerrorInvalid credentialsrzUser z logged in.rr) identity_providerprocess_login_formr9 set_statusrr-infousernameset_login_cookierrr6)ruserr:s rpostLoginFormHandler.postWs$(#9#9#L#LT#RR < OOC LL'+@!AL B   dmm_K89 //;$$VT]]$C H%r)r9N) __name__ __module__ __qualname____firstlineno____doc__rr6rr;rI__static_attributes__rrr r s:  +Z & &rr c \rSrSrSr\S5rSr\S5r \ SSj5r \ R"S\ R5r\ S 5r\ S 5r\ S 5r\ S 5r\ S 5r\ S5r\ SSj5r\ S5r\ S5rSrg)LegacyLoginHandlerfzLegacy LoginHandler, implementing most custom auth configuration. Deprecated in jupyter-server 2.0. Login configuration has moved to IdentityProvider. c8URUR5$rK)password_from_settingssettings)rs rhashed_password"LegacyLoginHandler.hashed_passwordms**4==99rc[X5$)zCheck a passwd.)r )rabs rr LegacyLoginHandler.passwd_checkqs A!!rcURSSS9nURSSS9nURUR5(GaURURU5(a8U(d1UR U[ R"5R5 GO3UR(aURU:XaUR U[ R"5R5 U(a[URSS5(aURRSS5n[RRUS5n[!URS 5(a'[#X$S 9=URlURS'UR$R'S U-5 O#UR)S 5 UR+S S0S9 gURSUR,S9nUR/U5 g)zPost a login form.passwordr new_passwordallow_password_changeF config_dirzjupyter_server_config.jsonrY) config_filezWrote hashed password to %sr>r?r@rANr)rget_login_availablerXr rYrGuuiduuid4hextokengetattrrBr;osr%joinhasattrr r-rErDrrr6)rtyped_passwordrbrdrer:s rrILegacyLoginHandler.postus**:r*B(((D  # #DMM 2 2  !5!5~FF|%%dDJJL,<,<= n <%%dDJJL,<,<=GD,B,BD[]b$c$c!%!2!2<!DJ"$'',,z;W"XKt557HII(O..>zAZHHMM"?+"MN$ g/D%E F$$VT]]$C H%rNcjURRS05nURSS5 URRSURRS:H5(aURSS5 URSUR 5 UR "URU40UD6 U$)z9Call this on handlers to set the login cookie for successcookie_optionshttponlyT secure_cookiehttpssecurer%)rXr; setdefaultrequestprotocolrset_secure_cookie cookie_name)clshandleruser_idrrs rrG#LegacyLoginHandler.set_login_cookies!))--.>C!!*d3     1I1IW1T U U  % %h 5!!&'*:*:;!!'"5"5wQ.Qrz token\s+(.+)cURSS5nU(dWURRURRR SS55nU(aUR S5nU$)z{Get the user token from a request Default: - in URL parameters: ?token= - in header: Authorization: token rjra Authorizationr)rauth_header_patr,rxheadersr;group)r|r} user_tokenms r get_tokenLegacyLoginHandler.get_tokens]))'26 ##))'//*A*A*E*EoWY*Z[AWWQZ rc.URU5(+$)+DEPRECATED in 2.0, use IdentityProvider API)is_token_authenticatedr|r}s rshould_check_origin&LegacyLoginHandler.should_check_origins--g666rcP[USS5c UR [USS5$)r_user_idN_token_authenticatedF)rkr9rs rr)LegacyLoginHandler.is_token_authenticateds, 7J - 5  w 6>>rc[USS5(a UR$URU5nURU5nU=(d UnU(aXC:waUR X5 SUlUceUR UR5b6URRSUR5 UR5 UR(dSnXAlU$)rrNTz(Clearing invalid/expired login cookie %s anonymous) rkrget_user_tokenget_user_cookierGr get_cookier{r-r.clear_login_cookielogin_available)r|r} token_user_idcookie_user_idr~s rget_userLegacyLoginHandler.get_users 7J - -## #**73 ,,W5 1> ($$W6,0G ( ?!!'"5"56B ##$NPWPcPcd**,**&#rcURRS05nUR"UR40UD6nU(aUR 5nU$)rget_secure_cookie_kwargs)rXr;get_secure_cookier{decode)r|r}rr~s rr"LegacyLoginHandler.get_user_cookiesO$+#3#3#7#78RTV#W ++G,?,?\C[\ nn&GrctURnU(dgURU5nSnX2:Xa2URRSURR 5 SnU(aSUR U5nUc=[R"5RnURRSU35 U$g)rNFz0Accepting token-authenticated connection from %sTz8Generating new user_id for token-authenticated request: ) rjrr-debugrx remote_iprrgrhrirE)r|r}rjr authenticatedr~s rr!LegacyLoginHandler.get_user_tokens ]]7+    KK  B)) !M ))'2G**,**   NwiXNrcpUR(dfSnUcURRUS35 UR(d1UR(dURRUS35 gggUR(d.UR(dURRS5 ggg)rz",,SSrrT)rPrlr+rg urllib.parsertornado.escaper base.handlersr decoratorrsecurityr r r rT LoginHandlerrRrrrsJ; !%*,0R&~R&jAS)ASJ" r