When login-in via token, let a chance for user to set the password

When token is enabled, the login page will present a form to the user asking them if they want to set a password at the same time. This is almost equivalent to running `jupyter notebook password` on the command line. The experience can likely be better, but just submitting that as a POC for feedback
jupyter · Nov 2, 2017 · 709fdd6 · 709fdd6
1 parent 15f393b
commit 709fdd6
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 3 deletions.
diff --git a/notebook/auth/login.py b/notebook/auth/login.py
@@ -4,6 +4,7 @@
 # Distributed under the terms of the Modified BSD License.
 
 import re
+import os
 
 try:
     from urllib.parse import urlparse # Py 3
@@ -13,7 +14,7 @@
 
 from tornado.escape import url_escape
 
-from ..auth.security import passwd_check
+from .security import passwd_check, set_password
 
 from ..base.handlers import IPythonHandler
 
@@ -72,16 +73,26 @@ def passwd_check(self, a, b):
 
     def post(self):
         typed_password = self.get_argument('password', default=u'')
+        new_password = self.get_argument('new_password', default=u'')
+
+
+
         if self.get_login_available(self.settings):
-            if self.passwd_check(self.hashed_password, typed_password):
+            if self.passwd_check(self.hashed_password, typed_password) and not new_password:
                 self.set_login_cookie(self, uuid.uuid4().hex)
             elif self.token and self.token == typed_password:
                 self.set_login_cookie(self, uuid.uuid4().hex)
+                if self.new_password:
+                    config_dir = self.settings.get('config_dir')
+                    config_file = os.path.join(config_dir, 'jupyter_notebook_config.json')
+                    set_password(new_password, config_file=config_file)
+                    self.log.info("Wrote hashed password to %s" % config_file)
             else:
                 self.set_status(401)
-                self._render(message={'error': 'Invalid password'})
+                self._render(message={'error': 'Invalid credentials'})
                 return
 
+
         next_url = self.get_argument('next', default=self.base_url)
         self._redirect_safe(next_url)
 

diff --git a/notebook/templates/login.html b/notebook/templates/login.html
@@ -85,6 +85,22 @@ <h3>
       <p>
         Cookies are required for authenticated access to notebooks.
       </p>
+      <h3>{% trans %}Setup a Password{% endtrans %}</h3>
+      <p> You can setup a password by entering your token and a new password
+      on the fields below:</p>
+      <form action="{{base_url}}login?next={{next}}" method="post" class="">
+              {{ xsrf_form_html() | safe }}
+        <div class="form-group">
+          <input type="password" name="password" id="password_input" class="form-control" placeholder="Token">
+        </div>
+        <div class="form-group">
+          <input type="password" name="new_password" id="new_password_input"
+          class="form-control" placeholder="New password" required>
+        </div>
+        <div class="form-group">
+          <button type="submit" id="login_submit">{% trans %}Log in and set new password{% endtrans %}</button>
+        </div>
+      </form>
 
     </div>
     {% endblock token_message %}