jupyter_server icon indicating copy to clipboard operation
jupyter_server copied to clipboard

Published 20 hours ago verified publisher icon jupyter-server

Add authorization to AuthenticatedFileHandler

Open jiajunjie opened this issue 2 years ago • 1 comments

https://github.com/jupyter-server/jupyter_server/blob/31cdf4db3ea352666de5bcce430ddde3ba79f882/docs/source/operators/security.rst#L251-L255 /files requests are handled by AuthenticatedFileHandler by default.

jiajunjie avatar Oct 09 '22 13:10 jiajunjie

Codecov Report

Base: 76.28% // Head: 75.44% // Decreases project coverage by -0.84% :warning:

Coverage data is based on head (e9b0831) compared to base (e66306d). Patch coverage: 75.00% of modified lines in pull request are covered.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1021      +/-   ##
==========================================
- Coverage   76.28%   75.44%   -0.85%     
==========================================
  Files          63       63              
  Lines        8228     8235       +7     
  Branches     1637     1642       +5     
==========================================
- Hits         6277     6213      -64     
- Misses       1546     1618      +72     
+ Partials      405      404       -1
Impacted Files Coverage Δ
jupyter_server/auth/authorizer.py 84.61% <50.00%> (-15.39%) :arrow_down:
jupyter_server/base/handlers.py 66.98% <100.00%> (+0.25%) :arrow_up:
jupyter_server/nbconvert/handlers.py 29.09% <0.00%> (-50.00%) :arrow_down:
jupyter_server/_tz.py 94.11% <0.00%> (-5.89%) :arrow_down:
jupyter_server/services/contents/filemanager.py 73.00% <0.00%> (-1.56%) :arrow_down:
jupyter_server/services/kernels/handlers.py 61.61% <0.00%> (-1.02%) :arrow_down:

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.

codecov-commenter avatar Oct 09 '22 13:10 codecov-commenter

@blink1073 Please take a look. /files requests handled by AuthenticatedFileHandler are not authorized. I suggest adding the authorization.

jiajunjie avatar Nov 10 '22 13:11 jiajunjie

Thanks, @jiajunjie. This LGTM!

Zsailer avatar Nov 18 '22 19:11 Zsailer

Congrats on your first merged pull request in this project! :tada: congrats Thank you for contributing, we are very proud of you! :heart:

welcome[bot] avatar Nov 18 '22 19:11 welcome[bot]