Skip to content

Commit

Permalink
Add support for async Authorizers (part 2) (#1374)
Browse files Browse the repository at this point in the history
  • Loading branch information
Zsailer authored Dec 6, 2023
1 parent b462387 commit a59beb9
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 6 deletions.
7 changes: 5 additions & 2 deletions jupyter_server/services/api/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ class IdentityHandler(APIHandler):
"""Get the current user's identity model"""

@web.authenticated
def get(self):
async def get(self):
"""Get the identity model."""
permissions_json: str = self.get_argument("permissions", "")
bad_permissions_msg = f'permissions should be a JSON dict of {{"resource": ["action",]}}, got {permissions_json!r}'
Expand All @@ -94,7 +94,10 @@ def get(self):

allowed = permissions[resource] = []
for action in actions:
if self.authorizer.is_authorized(self, user=user, resource=resource, action=action):
authorized = await ensure_async(
self.authorizer.is_authorized(self, user, action, resource)
)
if authorized:
allowed.append(action)

identity: Dict[str, Any] = self.identity_provider.identity_model(user)
Expand Down
10 changes: 7 additions & 3 deletions jupyter_server/services/events/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
from typing import Any, Dict, Optional, cast

import jupyter_events.logger
from jupyter_core.utils import ensure_async
from tornado import web, websocket

from jupyter_server.auth.decorator import authorized
Expand All @@ -27,7 +28,7 @@ class SubscribeWebsocket(

auth_resource = AUTH_RESOURCE

def pre_get(self):
async def pre_get(self):
"""Handles authentication/authorization when
attempting to subscribe to events emitted by
Jupyter Server's eventbus.
Expand All @@ -39,12 +40,15 @@ def pre_get(self):
raise web.HTTPError(403)

# authorize the user.
if not self.authorizer.is_authorized(self, user, "execute", "events"):
authorized = await ensure_async(
self.authorizer.is_authorized(self, user, "execute", "events")
)
if not authorized:
raise web.HTTPError(403)

async def get(self, *args, **kwargs):
"""Get an event socket."""
self.pre_get()
await ensure_async(self.pre_get())
res = super().get(*args, **kwargs)
if res is not None:
await res
Expand Down
6 changes: 5 additions & 1 deletion jupyter_server/services/kernels/websocket.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
# Copyright (c) Jupyter Development Team.
# Distributed under the terms of the Modified BSD License.

from jupyter_core.utils import ensure_async
from tornado import web
from tornado.websocket import WebSocketHandler

Expand Down Expand Up @@ -40,7 +41,10 @@ async def pre_get(self):
raise web.HTTPError(403)

# authorize the user.
if not self.authorizer.is_authorized(self, user, "execute", "kernels"):
authorized = await ensure_async(
self.authorizer.is_authorized(self, user, "execute", "kernels")
)
if not authorized:
raise web.HTTPError(403)

kernel = self.kernel_manager.get_kernel(self.kernel_id)
Expand Down

0 comments on commit a59beb9

Please sign in to comment.