From e1321699936b4eea0c11fcf2e4be48dfa19cb25e Mon Sep 17 00:00:00 2001 From: Min RK Date: Tue, 1 Feb 2022 10:35:41 +0100 Subject: [PATCH] Move Authorizer to existing jupyter_server.auth since it's a public API packages should import, let's not nest it deep in services.auth.authorizer --- docs/source/operators/security.rst | 4 ++-- examples/authorization/README.md | 2 +- examples/authorization/jupyter_nbclassic_readonly_config.py | 2 +- examples/authorization/jupyter_nbclassic_rw_config.py | 2 +- examples/authorization/jupyter_temporary_config.py | 2 +- jupyter_server/auth/__init__.py | 2 ++ jupyter_server/{services => }/auth/authorizer.py | 5 +++++ jupyter_server/{services => }/auth/decorator.py | 2 ++ jupyter_server/{services => }/auth/utils.py | 0 jupyter_server/files/handlers.py | 2 +- jupyter_server/kernelspecs/handlers.py | 2 +- jupyter_server/nbconvert/handlers.py | 2 +- jupyter_server/serverapp.py | 2 +- jupyter_server/services/api/handlers.py | 2 +- jupyter_server/services/auth/__init__.py | 1 - jupyter_server/services/config/handlers.py | 2 +- jupyter_server/services/contents/handlers.py | 2 +- jupyter_server/services/kernels/handlers.py | 2 +- jupyter_server/services/kernelspecs/handlers.py | 2 +- jupyter_server/services/nbconvert/handlers.py | 2 +- jupyter_server/services/security/handlers.py | 2 +- jupyter_server/services/sessions/handlers.py | 2 +- jupyter_server/services/shutdown.py | 2 +- jupyter_server/terminal/api_handlers.py | 2 +- jupyter_server/tests/{services => }/auth/test_authorizer.py | 6 +++--- jupyter_server/tests/{services => }/auth/test_utils.py | 2 +- jupyter_server/tests/services/auth/__init__.py | 0 jupyter_server/view/handlers.py | 2 +- 28 files changed, 34 insertions(+), 26 deletions(-) rename jupyter_server/{services => }/auth/authorizer.py (96%) rename jupyter_server/{services => }/auth/decorator.py (98%) rename jupyter_server/{services => }/auth/utils.py (100%) delete mode 100644 jupyter_server/services/auth/__init__.py rename jupyter_server/tests/{services => }/auth/test_authorizer.py (97%) rename jupyter_server/tests/{services => }/auth/test_utils.py (92%) delete mode 100644 jupyter_server/tests/services/auth/__init__.py diff --git a/docs/source/operators/security.rst b/docs/source/operators/security.rst index 4d65847f07..87148cbe41 100644 --- a/docs/source/operators/security.rst +++ b/docs/source/operators/security.rst @@ -194,7 +194,7 @@ follows: .. sourcecode:: python - from jupyter_server.services.auth.authorizer import Authorizer + from jupyter_server.auth import Authorizer class MyAuthorizationManager(Authorizer): """Class for authorizing access to resources in the Jupyter Server. @@ -230,7 +230,7 @@ follows: return True # implement your authorization logic here The ``is_authorized()`` method will automatically be called whenever a handler is decorated with -``@authorized`` (from ``jupyter_server.services.auth``), similarly to the +``@authorized`` (from ``jupyter_server.auth``), similarly to the ``@authenticated`` decorator for authorization (from ``tornado.web``). Security in notebook documents diff --git a/examples/authorization/README.md b/examples/authorization/README.md index 351a43c368..28fe0df83f 100644 --- a/examples/authorization/README.md +++ b/examples/authorization/README.md @@ -13,7 +13,7 @@ To add a custom authorization system to the Jupyter Server, you will need to wri The examples below demonstrate some basic implementations of an `Authorizer`. ```python -from jupyter_server.services.auth.authorizer import Authorizer +from jupyter_server.auth import Authorizer class MyCustomAuthorizer(Authorizer): diff --git a/examples/authorization/jupyter_nbclassic_readonly_config.py b/examples/authorization/jupyter_nbclassic_readonly_config.py index 8a286f4ace..292644c284 100644 --- a/examples/authorization/jupyter_nbclassic_readonly_config.py +++ b/examples/authorization/jupyter_nbclassic_readonly_config.py @@ -1,4 +1,4 @@ -from jupyter_server.services.auth.authorizer import Authorizer +from jupyter_server.auth import Authorizer class ReadOnly(Authorizer): diff --git a/examples/authorization/jupyter_nbclassic_rw_config.py b/examples/authorization/jupyter_nbclassic_rw_config.py index 323b10fd30..261efcf984 100644 --- a/examples/authorization/jupyter_nbclassic_rw_config.py +++ b/examples/authorization/jupyter_nbclassic_rw_config.py @@ -1,4 +1,4 @@ -from jupyter_server.services.auth.authorizer import Authorizer +from jupyter_server.auth import Authorizer class ReadWriteOnly(Authorizer): diff --git a/examples/authorization/jupyter_temporary_config.py b/examples/authorization/jupyter_temporary_config.py index 2e8c30d883..e1bd2fb507 100644 --- a/examples/authorization/jupyter_temporary_config.py +++ b/examples/authorization/jupyter_temporary_config.py @@ -1,4 +1,4 @@ -from jupyter_server.services.auth.authorizer import Authorizer +from jupyter_server.auth import Authorizer class TemporaryServerPersonality(Authorizer): diff --git a/jupyter_server/auth/__init__.py b/jupyter_server/auth/__init__.py index 23b6dc8b2a..54477ffd1b 100644 --- a/jupyter_server/auth/__init__.py +++ b/jupyter_server/auth/__init__.py @@ -1 +1,3 @@ +from .authorizer import * # noqa +from .decorator import authorized # noqa from .security import passwd # noqa diff --git a/jupyter_server/services/auth/authorizer.py b/jupyter_server/auth/authorizer.py similarity index 96% rename from jupyter_server/services/auth/authorizer.py rename to jupyter_server/auth/authorizer.py index 1b16629856..952cb0278d 100644 --- a/jupyter_server/services/auth/authorizer.py +++ b/jupyter_server/auth/authorizer.py @@ -3,6 +3,7 @@ The default authorizer (AllowAllAuthorizer) allows all authenticated requests +.. versionadded:: 2.0 """ # Copyright (c) Jupyter Development Team. # Distributed under the terms of the Modified BSD License. @@ -27,6 +28,8 @@ class Authorizer(LoggingConfigurable): The authorization check will only be applied to requests that have already been authenticated. + + .. versionadded:: 2.0 """ def is_authorized(self, handler: JupyterHandler, user: str, action: str, resource: str) -> bool: @@ -54,6 +57,8 @@ class AllowAllAuthorizer(Authorizer): """A no-op implementation of the Authorizer This authorizer allows all authenticated requests. + + .. versionadded:: 2.0 """ def is_authorized(self, handler: JupyterHandler, user: str, action: str, resource: str) -> bool: diff --git a/jupyter_server/services/auth/decorator.py b/jupyter_server/auth/decorator.py similarity index 98% rename from jupyter_server/services/auth/decorator.py rename to jupyter_server/auth/decorator.py index bf758a2b74..926808fd85 100644 --- a/jupyter_server/services/auth/decorator.py +++ b/jupyter_server/auth/decorator.py @@ -25,6 +25,8 @@ def authorized( Helpful for adding an 'authorization' layer to a REST API. + .. versionadded:: 2.0 + Parameters ---------- action : str diff --git a/jupyter_server/services/auth/utils.py b/jupyter_server/auth/utils.py similarity index 100% rename from jupyter_server/services/auth/utils.py rename to jupyter_server/auth/utils.py diff --git a/jupyter_server/files/handlers.py b/jupyter_server/files/handlers.py index 69e51ae33f..2eab425aeb 100644 --- a/jupyter_server/files/handlers.py +++ b/jupyter_server/files/handlers.py @@ -7,8 +7,8 @@ from tornado import web +from jupyter_server.auth import authorized from jupyter_server.base.handlers import JupyterHandler -from jupyter_server.services.auth.decorator import authorized from jupyter_server.utils import ensure_async diff --git a/jupyter_server/kernelspecs/handlers.py b/jupyter_server/kernelspecs/handlers.py index d7230616d0..f78a57181c 100644 --- a/jupyter_server/kernelspecs/handlers.py +++ b/jupyter_server/kernelspecs/handlers.py @@ -2,7 +2,7 @@ from ..base.handlers import JupyterHandler from ..services.kernelspecs.handlers import kernel_name_regex -from jupyter_server.services.auth.decorator import authorized +from jupyter_server.auth import authorized AUTH_RESOURCE = "kernelspecs" diff --git a/jupyter_server/nbconvert/handlers.py b/jupyter_server/nbconvert/handlers.py index 20b278aa76..e4ba4bb851 100644 --- a/jupyter_server/nbconvert/handlers.py +++ b/jupyter_server/nbconvert/handlers.py @@ -15,7 +15,7 @@ from ..base.handlers import FilesRedirectHandler from ..base.handlers import JupyterHandler from ..base.handlers import path_regex -from jupyter_server.services.auth.decorator import authorized +from jupyter_server.auth import authorized from jupyter_server.utils import ensure_async diff --git a/jupyter_server/serverapp.py b/jupyter_server/serverapp.py index b97eb30e40..091b51f4e6 100644 --- a/jupyter_server/serverapp.py +++ b/jupyter_server/serverapp.py @@ -91,7 +91,7 @@ GatewaySessionManager, GatewayClient, ) -from jupyter_server.services.auth.authorizer import Authorizer, AllowAllAuthorizer +from jupyter_server.auth.authorizer import Authorizer, AllowAllAuthorizer from jupyter_server.auth.login import LoginHandler from jupyter_server.auth.logout import LogoutHandler diff --git a/jupyter_server/services/api/handlers.py b/jupyter_server/services/api/handlers.py index 03dfcb6595..8974215eb1 100644 --- a/jupyter_server/services/api/handlers.py +++ b/jupyter_server/services/api/handlers.py @@ -10,7 +10,7 @@ from ...base.handlers import JupyterHandler from jupyter_server._tz import isoformat from jupyter_server._tz import utcfromtimestamp -from jupyter_server.services.auth.decorator import authorized +from jupyter_server.auth import authorized from jupyter_server.utils import ensure_async diff --git a/jupyter_server/services/auth/__init__.py b/jupyter_server/services/auth/__init__.py deleted file mode 100644 index 9cdb38bfbd..0000000000 --- a/jupyter_server/services/auth/__init__.py +++ /dev/null @@ -1 +0,0 @@ -from .decorator import authorized # noqa diff --git a/jupyter_server/services/config/handlers.py b/jupyter_server/services/config/handlers.py index 4107810dea..09bb88f1aa 100644 --- a/jupyter_server/services/config/handlers.py +++ b/jupyter_server/services/config/handlers.py @@ -6,7 +6,7 @@ from tornado import web from ...base.handlers import APIHandler -from jupyter_server.services.auth.decorator import authorized +from jupyter_server.auth import authorized AUTH_RESOURCE = "config" diff --git a/jupyter_server/services/contents/handlers.py b/jupyter_server/services/contents/handlers.py index 4abb8f6c9c..e4e97bb59e 100644 --- a/jupyter_server/services/contents/handlers.py +++ b/jupyter_server/services/contents/handlers.py @@ -18,7 +18,7 @@ from jupyter_server.utils import ensure_async from jupyter_server.utils import url_escape from jupyter_server.utils import url_path_join -from jupyter_server.services.auth.decorator import authorized +from jupyter_server.auth import authorized AUTH_RESOURCE = "contents" diff --git a/jupyter_server/services/kernels/handlers.py b/jupyter_server/services/kernels/handlers.py index b4e90a4e94..295f304e73 100644 --- a/jupyter_server/services/kernels/handlers.py +++ b/jupyter_server/services/kernels/handlers.py @@ -26,7 +26,7 @@ from jupyter_server.utils import ensure_async from jupyter_server.utils import url_escape from jupyter_server.utils import url_path_join -from jupyter_server.services.auth.decorator import authorized +from jupyter_server.auth import authorized AUTH_RESOURCE = "kernels" diff --git a/jupyter_server/services/kernelspecs/handlers.py b/jupyter_server/services/kernelspecs/handlers.py index 3fba0f78fa..f00cfcc999 100644 --- a/jupyter_server/services/kernelspecs/handlers.py +++ b/jupyter_server/services/kernelspecs/handlers.py @@ -14,7 +14,7 @@ from ...base.handlers import APIHandler from ...utils import ensure_async, url_path_join, url_unescape -from jupyter_server.services.auth.decorator import authorized +from jupyter_server.auth import authorized AUTH_RESOURCE = "kernelspecs" diff --git a/jupyter_server/services/nbconvert/handlers.py b/jupyter_server/services/nbconvert/handlers.py index 12438aa8e1..d64c0566ea 100644 --- a/jupyter_server/services/nbconvert/handlers.py +++ b/jupyter_server/services/nbconvert/handlers.py @@ -5,7 +5,7 @@ from tornado import web from ...base.handlers import APIHandler -from jupyter_server.services.auth.decorator import authorized +from jupyter_server.auth import authorized AUTH_RESOURCE = "nbconvert" diff --git a/jupyter_server/services/security/handlers.py b/jupyter_server/services/security/handlers.py index dd1bc525b4..5bf540fa72 100644 --- a/jupyter_server/services/security/handlers.py +++ b/jupyter_server/services/security/handlers.py @@ -5,7 +5,7 @@ from . import csp_report_uri from ...base.handlers import APIHandler -from jupyter_server.services.auth.decorator import authorized +from jupyter_server.auth import authorized AUTH_RESOURCE = "csp" diff --git a/jupyter_server/services/sessions/handlers.py b/jupyter_server/services/sessions/handlers.py index 9d78f8015a..09e3ca367b 100644 --- a/jupyter_server/services/sessions/handlers.py +++ b/jupyter_server/services/sessions/handlers.py @@ -17,7 +17,7 @@ from ...base.handlers import APIHandler from jupyter_server.utils import ensure_async from jupyter_server.utils import url_path_join -from jupyter_server.services.auth.decorator import authorized +from jupyter_server.auth import authorized AUTH_RESOURCE = "sessions" diff --git a/jupyter_server/services/shutdown.py b/jupyter_server/services/shutdown.py index a64663a306..a77e90091b 100644 --- a/jupyter_server/services/shutdown.py +++ b/jupyter_server/services/shutdown.py @@ -3,8 +3,8 @@ from tornado import ioloop from tornado import web +from jupyter_server.auth import authorized from jupyter_server.base.handlers import JupyterHandler -from jupyter_server.services.auth.decorator import authorized AUTH_RESOURCE = "server" diff --git a/jupyter_server/terminal/api_handlers.py b/jupyter_server/terminal/api_handlers.py index f7b87f22c1..99f7e91d2a 100644 --- a/jupyter_server/terminal/api_handlers.py +++ b/jupyter_server/terminal/api_handlers.py @@ -3,7 +3,7 @@ from tornado import web from ..base.handlers import APIHandler -from jupyter_server.services.auth.decorator import authorized +from jupyter_server.auth import authorized AUTH_RESOURCE = "terminals" diff --git a/jupyter_server/tests/services/auth/test_authorizer.py b/jupyter_server/tests/auth/test_authorizer.py similarity index 97% rename from jupyter_server/tests/services/auth/test_authorizer.py rename to jupyter_server/tests/auth/test_authorizer.py index e2a1ec8e63..a0453200e0 100644 --- a/jupyter_server/tests/services/auth/test_authorizer.py +++ b/jupyter_server/tests/auth/test_authorizer.py @@ -8,9 +8,9 @@ from tornado.httpclient import HTTPClientError from tornado.websocket import WebSocketHandler -from jupyter_server.services.auth.authorizer import Authorizer -from jupyter_server.services.auth.utils import HTTP_METHOD_TO_AUTH_ACTION -from jupyter_server.services.auth.utils import match_url_to_resource +from jupyter_server.auth.authorizer import Authorizer +from jupyter_server.auth.utils import HTTP_METHOD_TO_AUTH_ACTION +from jupyter_server.auth.utils import match_url_to_resource from jupyter_server.services.security import csp_report_uri diff --git a/jupyter_server/tests/services/auth/test_utils.py b/jupyter_server/tests/auth/test_utils.py similarity index 92% rename from jupyter_server/tests/services/auth/test_utils.py rename to jupyter_server/tests/auth/test_utils.py index cc81cd2e66..4927c2243a 100644 --- a/jupyter_server/tests/services/auth/test_utils.py +++ b/jupyter_server/tests/auth/test_utils.py @@ -1,6 +1,6 @@ import pytest -from jupyter_server.services.auth.utils import match_url_to_resource +from jupyter_server.auth.utils import match_url_to_resource @pytest.mark.parametrize( diff --git a/jupyter_server/tests/services/auth/__init__.py b/jupyter_server/tests/services/auth/__init__.py deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/jupyter_server/view/handlers.py b/jupyter_server/view/handlers.py index 042d0effd8..6bd2f32258 100644 --- a/jupyter_server/view/handlers.py +++ b/jupyter_server/view/handlers.py @@ -9,7 +9,7 @@ from ..utils import ensure_async from ..utils import url_escape from ..utils import url_path_join -from jupyter_server.services.auth.decorator import authorized +from jupyter_server.auth import authorized AUTH_RESOURCE = "contents"