Written with Mateusz Paprocki.
Based on PR #1011.
Add hashed passphrase generation and verification.
Integrate hashed passwords into the notebook.
In passwd, mention which variable in the notebook config to update.
Notify user about invalid password.
Use template inheritance.
Add logout button.
Add info, error and warning message boxes.
Only show logout button if logged in.
Had a first look and tests, and it all looks great! But I'm a bit tired and I'm going to crash now. I'll pick it up tomorrow to finish the review/merge. Thanks!
@stefanv, the logout button should not appear in the top bar for non-authenticated notebooks. Otherwise this looks great to me! I'll wait for this fix and for @takluyver to have a chance to check things on py3...
Hide logout button on unauthenticated notebook.
I'm confused as to why IPython/lib/security.py is showing up as a new file here, when it was already added by PR #1011.
Just ignore commits 551f71e through 7ab92dd, they were already merged in #1011 and github simply isn't showing the branch correctly. The first new commit in this branch is 233e9c0.
While we're on this topic - have we left an easy way to replace our own authentication method with something a site is already using. I'm thinking for example of PythonAnywhere.
I don't know how well spearated the code is for that yet, honestly. But I don't want to over-engineer up-front; we should obviously keep those use cases in mind, but we shouldn't try to fake a multiuser authentication mechanism here. The current notebooks is firmly and squarely tied to a true unix user, this is just a mechanism to authorize sharing. But you are giving someone effectively your system shell...
What we're building is orthogonal to a separate multiuser system that can be implemented outside of the notebook to manage users, accounts, etc, and then will use the single-user notebook for each user. This is just a way for an individual user to effectively give access to his shell to friends/colleagues without having to give up his real unix password or provide a full ssh login. But for the duration of the session, the other users have full system access, so it's not something to be granted lightly.
Looks great, thanks! Merging now...
Mmh, auto-close isn't working. Closing manually. Merged in 80e7338.