give authorizer handle on identity provider (#830)

minrk · web-flow · commit 321f5a9f5966 · 2022-05-03T15:07:49.000Z
diff --git a/jupyter_server/auth/authorizer.py b/jupyter_server/auth/authorizer.py
@@ -7,11 +7,12 @@
 """
 # Copyright (c) Jupyter Development Team.
 # Distributed under the terms of the Modified BSD License.
+from traitlets import Instance
 from traitlets.config import LoggingConfigurable
 
 from jupyter_server.base.handlers import JupyterHandler
 
-from .identity import User
+from .identity import IdentityProvider, User
 
 
 class Authorizer(LoggingConfigurable):
@@ -34,6 +35,8 @@ class Authorizer(LoggingConfigurable):
     .. versionadded:: 2.0
     """
 
+    identity_provider = Instance(IdentityProvider)
+
     def is_authorized(
         self, handler: JupyterHandler, user: User, action: str, resource: str
     ) -> bool:
diff --git a/jupyter_server/base/handlers.py b/jupyter_server/base/handlers.py
@@ -220,7 +220,8 @@ def authorizer(self):
             from jupyter_server.auth import AllowAllAuthorizer
 
             self.settings["authorizer"] = AllowAllAuthorizer(
-                config=self.settings.get("config", None)
+                config=self.settings.get("config", None),
+                identity_provider=self.identity_provider,
             )
 
         return self.settings.get("authorizer")
diff --git a/jupyter_server/serverapp.py b/jupyter_server/serverapp.py
@@ -217,23 +217,23 @@ def __init__(
         authorizer=None,
         identity_provider=None,
     ):
-        if authorizer is None:
+        if identity_provider is None:
             warnings.warn(
-                "authorizer unspecified. Using permissive AllowAllAuthorizer."
-                " Specify an authorizer to avoid this message.",
+                "identity_provider unspecified. Using default IdentityProvider."
+                " Specify an identity_provider to avoid this message.",
                 RuntimeWarning,
                 stacklevel=2,
             )
-            authorizer = AllowAllAuthorizer(parent=jupyter_app)
+            identity_provider = IdentityProvider(parent=jupyter_app)
 
-        if identity_provider is None:
+        if authorizer is None:
             warnings.warn(
-                "identity_provider unspecified. Using default IdentityProvider."
-                " Specify an identity_provider to avoid this message.",
+                "authorizer unspecified. Using permissive AllowAllAuthorizer."
+                " Specify an authorizer to avoid this message.",
                 RuntimeWarning,
                 stacklevel=2,
             )
-            identity_provider = IdentityProvider(parent=jupyter_app)
+            authorizer = AllowAllAuthorizer(parent=jupyter_app, identity_provider=identity_provider)
 
         settings = self.init_settings(
             jupyter_app,
@@ -1861,8 +1861,10 @@ def init_configurables(self):
             parent=self,
             log=self.log,
         )
-        self.authorizer = self.authorizer_class(parent=self, log=self.log)
         self.identity_provider = self.identity_provider_class(parent=self, log=self.log)
+        self.authorizer = self.authorizer_class(
+            parent=self, log=self.log, identity_provider=self.identity_provider
+        )
 
     def init_logging(self):
         # This prevents double log messages because tornado use a root logger that

Original file line number	Diff line number	Diff line change
`@@ -220,7 +220,8 @@ def authorizer(self):`
`220`	`220`	`from jupyter_server.auth import AllowAllAuthorizer`
`221`	`221`
`222`	`222`	`self.settings["authorizer"] = AllowAllAuthorizer(`
`223`		`- config=self.settings.get("config", None)`
	`223`	`+ config=self.settings.get("config", None),`
	`224`	`+ identity_provider=self.identity_provider,`
`224`	`225`	`)`
`225`	`226`
`226`	`227`	`return self.settings.get("authorizer")`