From 65c5d78ea57327c53bb18d84a5e7a54b4a6ef226 Mon Sep 17 00:00:00 2001 From: Min RK Date: Fri, 23 Aug 2024 09:52:11 +0200 Subject: [PATCH 1/3] jupyterhub 5 require 5.1.0 for security fixes --- integration-tests/test_hub.py | 2 +- tljh/requirements-hub-env.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/integration-tests/test_hub.py b/integration-tests/test_hub.py index 9281566..939175d 100644 --- a/integration-tests/test_hub.py +++ b/integration-tests/test_hub.py @@ -33,7 +33,7 @@ def test_hub_version(): r = requests.get(HUB_URL + "/hub/api") r.raise_for_status() info = r.json() - assert V("4") <= V(info["version"]) <= V("5") + assert V("5.1") <= V(info["version"]) <= V("6") async def test_user_code_execute(): diff --git a/tljh/requirements-hub-env.txt b/tljh/requirements-hub-env.txt index 62f39f4..c3b1887 100644 --- a/tljh/requirements-hub-env.txt +++ b/tljh/requirements-hub-env.txt @@ -8,7 +8,7 @@ # If a dependency is bumped to a new major version, we should make a major # version release of tljh. # -jupyterhub>=4.0.2,<5 +jupyterhub>=5.1.0,<6 jupyterhub-systemdspawner>=1.0.1,<2 jupyterhub-firstuseauthenticator>=1.0.0,<2 jupyterhub-nativeauthenticator>=1.2.0,<2 From c492c176bc1a2be9ff5274da69a4250fe98bf4ca Mon Sep 17 00:00:00 2001 From: Min RK Date: Fri, 23 Aug 2024 11:36:09 +0200 Subject: [PATCH 2/3] allow all by default with default FirstUseAuthenticator doesn't take effect if there's any auth config --- tljh/configurer.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tljh/configurer.py b/tljh/configurer.py index 962cdde..7a58bbe 100644 --- a/tljh/configurer.py +++ b/tljh/configurer.py @@ -199,6 +199,14 @@ def update_userlists(c, config): """ users = config["users"] + if ( + not users["allowed"] + and config["auth"]["type"] == default["auth"]["type"] + and "allow_all" not in c.FirstUseAuthenticator + ): + # _default_ authenticator, enable allow_all if no users specified + c.FirstUseAuthenticator.allow_all = True + c.Authenticator.allowed_users = set(users["allowed"]) c.Authenticator.blocked_users = set(users["banned"]) c.Authenticator.admin_users = set(users["admin"]) From dcbb37688e7be4b2324094dd6af1d57d468f8b4d Mon Sep 17 00:00:00 2001 From: Min RK Date: Fri, 23 Aug 2024 11:39:41 +0200 Subject: [PATCH 3/3] doc adding users with github, since they won't be allowed by default --- docs/howto/auth/github.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/howto/auth/github.md b/docs/howto/auth/github.md index 47fed0a..2e5baf5 100644 --- a/docs/howto/auth/github.md +++ b/docs/howto/auth/github.md @@ -91,10 +91,16 @@ For more information on `tljh-config`, see [](/topic/tljh-config). 4. Tell your JupyterHub to _use_ the GitHub OAuthenticator for authentication: ``` - sudo tljh-config set auth.type oauthenticator.github.GitHubOAuthenticator + sudo tljh-config set auth.type github ``` -5. Restart your JupyterHub so that new users see these changes: +5. Tell JupyterHub which users to allow, if you haven't already: + + ``` + sudo tljh-config add-item users.allowed good-user_1 + ``` + +6. Restart your JupyterHub so that new users see these changes: ``` sudo tljh-config reload