Skip to content

Commit

Permalink
Update xsrf via redirects for hub logins too
Browse files Browse the repository at this point in the history
  • Loading branch information
athornton committed Jul 31, 2024
1 parent 2e45f6f commit 1daae3e
Showing 1 changed file with 12 additions and 4 deletions.
16 changes: 12 additions & 4 deletions src/mobu/storage/nublado.py
Original file line number Diff line number Diff line change
Expand Up @@ -556,15 +556,14 @@ def __init__(
self._base_url = base_url
self._logger = logger.bind(user=user.username)

# Construct a connection pool to use for requets to JupyterHub. We
# Construct a connection pool to use for requests to JupyterHub. We
# have to create a separate connection pool for every monkey, since
# each will get user-specific cookies set by JupyterHub. If we shared
# connection pools, monkeys would overwrite each other's cookies and
# get authentication failures from labs.
headers = {"Authorization": f"Bearer {user.token}"}
self._client = AsyncClient(
headers=headers,
follow_redirects=True,
timeout=timeout.total_seconds(),
)
self._hub_xsrf: str | None = None
Expand All @@ -591,10 +590,19 @@ async def auth_to_hub(self) -> None:
Raised if no ``_xsrf`` cookie was set in the reply from the lab.
"""
url = self._url_for("hub/home")
r = await self._client.get(url)
r = await self._client.get(url, follow_redirects=False)
# As with auth_to_lab, manually extract from cookies at each
# redirection, because httpx doesn't do that if following redirects
# automatically.
while r.is_redirect:
xsrf = self._extract_xsrf(r)
if xsrf and xsrf != self._lab_xsrf:
self._hub_xsrf = xsrf
next_url = urljoin(url, r.headers["Location"])
r = await self._client.get(next_url, follow_redirects=False)
r.raise_for_status()
xsrf = self._extract_xsrf(r)
if xsrf:
if xsrf and xsrf != self._lab_xsrf:
self._hub_xsrf = xsrf
elif not self._hub_xsrf:
msg = "No _xsrf cookie set in login reply from JupyterHub"
Expand Down

0 comments on commit 1daae3e

Please sign in to comment.