add system_password identity provider example

minrk · minrk · commit 1d52b1d64cd4 · 2022-05-09T12:17:35.000+02:00
diff --git a/examples/identity/system_password/README.md b/examples/identity/system_password/README.md
@@ -0,0 +1,7 @@
+# Jupyter login with system password
+
+This `jupyter_server_config.py` defines and enables a `SystemPasswordIdentityProvider`.
+This IdentityProvider checks the entered password against your system password using PAM.
+Only the current user's password (the user the server is running as) is accepted.
+
+The result is a User whose name matches the system user, rather than a randomly generated one.
diff --git a/examples/identity/system_password/jupyter_server_config.py b/examples/identity/system_password/jupyter_server_config.py
@@ -0,0 +1,29 @@
+import pwd
+from getpass import getuser
+
+from pamela import PAMError, authenticate
+
+from jupyter_server.auth.identity import IdentityProvider, User
+
+
+class SystemPasswordIdentityProvider(IdentityProvider):
+    # no need to generate a default token (token can still be used, but it's opt-in)
+    need_token = False
+
+    def process_login_form(self, handler):
+        username = getuser()
+        password = handler.get_argument("password", "")
+        try:
+            authenticate(username, password)
+        except PAMError as e:
+            self.log.error(f"Failed login for {username}: {e}")
+            return None
+
+        user_info = pwd.getpwnam(username)
+        # get human name from pwd, if not empty
+        return User(username=username, name=user_info.pw_gecos or username)
+
+
+c = get_config()  # type: ignore # noqa
+
+c.ServerApp.identity_provider_class = SystemPasswordIdentityProvider
