Move Authorizer to existing jupyter_server.auth

since it's a public API packages should import, let's not nest it deep in services.auth.authorizer
jupyter-server · Feb 1, 2022 · e132169 · e132169
1 parent b0461c7
commit e132169
Show file tree

Hide file tree

Showing 28 changed files with 34 additions and 26 deletions.
diff --git a/docs/source/operators/security.rst b/docs/source/operators/security.rst
@@ -194,7 +194,7 @@ follows:
 
 .. sourcecode:: python
 
-    from jupyter_server.services.auth.authorizer import Authorizer
+    from jupyter_server.auth import Authorizer
 
     class MyAuthorizationManager(Authorizer):
         """Class for authorizing access to resources in the Jupyter Server.
@@ -230,7 +230,7 @@ follows:
             return True  # implement your authorization logic here
 
 The ``is_authorized()`` method will automatically be called whenever a handler is decorated with
-``@authorized`` (from ``jupyter_server.services.auth``), similarly to the
+``@authorized`` (from ``jupyter_server.auth``), similarly to the
 ``@authenticated`` decorator for authorization (from ``tornado.web``).
 
 Security in notebook documents

diff --git a/examples/authorization/README.md b/examples/authorization/README.md
@@ -13,7 +13,7 @@ To add a custom authorization system to the Jupyter Server, you will need to wri
 The examples below demonstrate some basic implementations of an `Authorizer`.
 
 ```python
-from jupyter_server.services.auth.authorizer import Authorizer
+from jupyter_server.auth import Authorizer
 
 
 class MyCustomAuthorizer(Authorizer):

diff --git a/examples/authorization/jupyter_nbclassic_readonly_config.py b/examples/authorization/jupyter_nbclassic_readonly_config.py
@@ -1,4 +1,4 @@
-from jupyter_server.services.auth.authorizer import Authorizer
+from jupyter_server.auth import Authorizer
 
 
 class ReadOnly(Authorizer):

diff --git a/examples/authorization/jupyter_nbclassic_rw_config.py b/examples/authorization/jupyter_nbclassic_rw_config.py
@@ -1,4 +1,4 @@
-from jupyter_server.services.auth.authorizer import Authorizer
+from jupyter_server.auth import Authorizer
 
 
 class ReadWriteOnly(Authorizer):

diff --git a/examples/authorization/jupyter_temporary_config.py b/examples/authorization/jupyter_temporary_config.py
@@ -1,4 +1,4 @@
-from jupyter_server.services.auth.authorizer import Authorizer
+from jupyter_server.auth import Authorizer
 
 
 class TemporaryServerPersonality(Authorizer):

diff --git a/jupyter_server/auth/__init__.py b/jupyter_server/auth/__init__.py
@@ -1 +1,3 @@
+from .authorizer import *  # noqa
+from .decorator import authorized  # noqa
 from .security import passwd  # noqa
diff --git a/jupyter_server/services/auth/authorizer.py → jupyter_server/auth/authorizer.py b/jupyter_server/services/auth/authorizer.py → jupyter_server/auth/authorizer.py
@@ -3,6 +3,7 @@
 The default authorizer (AllowAllAuthorizer)
 allows all authenticated requests
 
+.. versionadded:: 2.0
 """
 # Copyright (c) Jupyter Development Team.
 # Distributed under the terms of the Modified BSD License.
@@ -27,6 +28,8 @@ class Authorizer(LoggingConfigurable):
 
     The authorization check will only be applied to requests
     that have already been authenticated.
+
+    .. versionadded:: 2.0
     """
 
     def is_authorized(self, handler: JupyterHandler, user: str, action: str, resource: str) -> bool:
@@ -54,6 +57,8 @@ class AllowAllAuthorizer(Authorizer):
     """A no-op implementation of the Authorizer
 
     This authorizer allows all authenticated requests.
+
+    .. versionadded:: 2.0
     """
 
     def is_authorized(self, handler: JupyterHandler, user: str, action: str, resource: str) -> bool:

diff --git a/jupyter_server/services/auth/decorator.py → jupyter_server/auth/decorator.py b/jupyter_server/services/auth/decorator.py → jupyter_server/auth/decorator.py
@@ -25,6 +25,8 @@ def authorized(
     Helpful for adding an 'authorization' layer to
     a REST API.
 
+    .. versionadded:: 2.0
+
     Parameters
     ----------
     action : str

diff --git a/jupyter_server/services/auth/utils.py → jupyter_server/auth/utils.py b/jupyter_server/services/auth/utils.py → jupyter_server/auth/utils.py
diff --git a/jupyter_server/files/handlers.py b/jupyter_server/files/handlers.py
@@ -7,8 +7,8 @@
 
 from tornado import web
 
+from jupyter_server.auth import authorized
 from jupyter_server.base.handlers import JupyterHandler
-from jupyter_server.services.auth.decorator import authorized
 from jupyter_server.utils import ensure_async
 
 

diff --git a/jupyter_server/kernelspecs/handlers.py b/jupyter_server/kernelspecs/handlers.py
@@ -2,7 +2,7 @@
 
 from ..base.handlers import JupyterHandler
 from ..services.kernelspecs.handlers import kernel_name_regex
-from jupyter_server.services.auth.decorator import authorized
+from jupyter_server.auth import authorized
 
 
 AUTH_RESOURCE = "kernelspecs"

diff --git a/jupyter_server/nbconvert/handlers.py b/jupyter_server/nbconvert/handlers.py
@@ -15,7 +15,7 @@
 from ..base.handlers import FilesRedirectHandler
 from ..base.handlers import JupyterHandler
 from ..base.handlers import path_regex
-from jupyter_server.services.auth.decorator import authorized
+from jupyter_server.auth import authorized
 from jupyter_server.utils import ensure_async
 
 

diff --git a/jupyter_server/serverapp.py b/jupyter_server/serverapp.py
@@ -91,7 +91,7 @@
     GatewaySessionManager,
     GatewayClient,
 )
-from jupyter_server.services.auth.authorizer import Authorizer, AllowAllAuthorizer
+from jupyter_server.auth.authorizer import Authorizer, AllowAllAuthorizer
 
 from jupyter_server.auth.login import LoginHandler
 from jupyter_server.auth.logout import LogoutHandler

diff --git a/jupyter_server/services/api/handlers.py b/jupyter_server/services/api/handlers.py
@@ -10,7 +10,7 @@
 from ...base.handlers import JupyterHandler
 from jupyter_server._tz import isoformat
 from jupyter_server._tz import utcfromtimestamp
-from jupyter_server.services.auth.decorator import authorized
+from jupyter_server.auth import authorized
 from jupyter_server.utils import ensure_async
 
 

diff --git a/jupyter_server/services/auth/__init__.py b/jupyter_server/services/auth/__init__.py
diff --git a/jupyter_server/services/config/handlers.py b/jupyter_server/services/config/handlers.py
@@ -6,7 +6,7 @@
 from tornado import web
 
 from ...base.handlers import APIHandler
-from jupyter_server.services.auth.decorator import authorized
+from jupyter_server.auth import authorized
 
 
 AUTH_RESOURCE = "config"

diff --git a/jupyter_server/services/contents/handlers.py b/jupyter_server/services/contents/handlers.py
@@ -18,7 +18,7 @@
 from jupyter_server.utils import ensure_async
 from jupyter_server.utils import url_escape
 from jupyter_server.utils import url_path_join
-from jupyter_server.services.auth.decorator import authorized
+from jupyter_server.auth import authorized
 
 
 AUTH_RESOURCE = "contents"

diff --git a/jupyter_server/services/kernels/handlers.py b/jupyter_server/services/kernels/handlers.py
@@ -26,7 +26,7 @@
 from jupyter_server.utils import ensure_async
 from jupyter_server.utils import url_escape
 from jupyter_server.utils import url_path_join
-from jupyter_server.services.auth.decorator import authorized
+from jupyter_server.auth import authorized
 
 
 AUTH_RESOURCE = "kernels"

diff --git a/jupyter_server/services/kernelspecs/handlers.py b/jupyter_server/services/kernelspecs/handlers.py
@@ -14,7 +14,7 @@
 
 from ...base.handlers import APIHandler
 from ...utils import ensure_async, url_path_join, url_unescape
-from jupyter_server.services.auth.decorator import authorized
+from jupyter_server.auth import authorized
 
 
 AUTH_RESOURCE = "kernelspecs"

diff --git a/jupyter_server/services/nbconvert/handlers.py b/jupyter_server/services/nbconvert/handlers.py
@@ -5,7 +5,7 @@
 from tornado import web
 
 from ...base.handlers import APIHandler
-from jupyter_server.services.auth.decorator import authorized
+from jupyter_server.auth import authorized
 
 
 AUTH_RESOURCE = "nbconvert"

diff --git a/jupyter_server/services/security/handlers.py b/jupyter_server/services/security/handlers.py
@@ -5,7 +5,7 @@
 
 from . import csp_report_uri
 from ...base.handlers import APIHandler
-from jupyter_server.services.auth.decorator import authorized
+from jupyter_server.auth import authorized
 
 
 AUTH_RESOURCE = "csp"

diff --git a/jupyter_server/services/sessions/handlers.py b/jupyter_server/services/sessions/handlers.py
@@ -17,7 +17,7 @@
 from ...base.handlers import APIHandler
 from jupyter_server.utils import ensure_async
 from jupyter_server.utils import url_path_join
-from jupyter_server.services.auth.decorator import authorized
+from jupyter_server.auth import authorized
 
 
 AUTH_RESOURCE = "sessions"

diff --git a/jupyter_server/services/shutdown.py b/jupyter_server/services/shutdown.py
@@ -3,8 +3,8 @@
 from tornado import ioloop
 from tornado import web
 
+from jupyter_server.auth import authorized
 from jupyter_server.base.handlers import JupyterHandler
-from jupyter_server.services.auth.decorator import authorized
 
 
 AUTH_RESOURCE = "server"

diff --git a/jupyter_server/terminal/api_handlers.py b/jupyter_server/terminal/api_handlers.py
@@ -3,7 +3,7 @@
 from tornado import web
 
 from ..base.handlers import APIHandler
-from jupyter_server.services.auth.decorator import authorized
+from jupyter_server.auth import authorized
 
 
 AUTH_RESOURCE = "terminals"

diff --git a/...er/tests/services/auth/test_authorizer.py → jupyter_server/tests/auth/test_authorizer.py b/...er/tests/services/auth/test_authorizer.py → jupyter_server/tests/auth/test_authorizer.py
@@ -8,9 +8,9 @@
 from tornado.httpclient import HTTPClientError
 from tornado.websocket import WebSocketHandler
 
-from jupyter_server.services.auth.authorizer import Authorizer
-from jupyter_server.services.auth.utils import HTTP_METHOD_TO_AUTH_ACTION
-from jupyter_server.services.auth.utils import match_url_to_resource
+from jupyter_server.auth.authorizer import Authorizer
+from jupyter_server.auth.utils import HTTP_METHOD_TO_AUTH_ACTION
+from jupyter_server.auth.utils import match_url_to_resource
 from jupyter_server.services.security import csp_report_uri
 
 

diff --git a/..._server/tests/services/auth/test_utils.py → jupyter_server/tests/auth/test_utils.py b/..._server/tests/services/auth/test_utils.py → jupyter_server/tests/auth/test_utils.py
@@ -1,6 +1,6 @@
 import pytest
 
-from jupyter_server.services.auth.utils import match_url_to_resource
+from jupyter_server.auth.utils import match_url_to_resource
 
 
 @pytest.mark.parametrize(

diff --git a/jupyter_server/tests/services/auth/__init__.py b/jupyter_server/tests/services/auth/__init__.py
diff --git a/jupyter_server/view/handlers.py b/jupyter_server/view/handlers.py
@@ -9,7 +9,7 @@
 from ..utils import ensure_async
 from ..utils import url_escape
 from ..utils import url_path_join
-from jupyter_server.services.auth.decorator import authorized
+from jupyter_server.auth import authorized
 
 
 AUTH_RESOURCE = "contents"