# Custom Authenticators

In [22]:
from jupyterhub.auth import Authenticator, PAMAuthenticator

In [23]:
Authenticator.authenticate?

[1;31mSignature: [0m[0mAuthenticator[0m[1;33m.[0m[0mauthenticate[0m[1;33m([0m[0mself[0m[1;33m,[0m [0mhandler[0m[1;33m,[0m [0mdata[0m[1;33m)[0m[1;33m[0m[0m
[1;31mDocstring:[0m
Authenticate a user with login form data.

This must be a tornado gen.coroutine.
It must return the username on successful authentication,
and return None on failed authentication.

Checking the whitelist is handled separately by the caller.

Args:
    handler (tornado.web.RequestHandler): the current request handler
    data (dict): The formdata of the login form.
                 The default form has 'username' and 'password' fields.
Return:
    str: the username of the authenticated user
    None: Authentication failed
[1;31mFile:      [0m~/conda/envs/jupyterhub-tutorial/lib/python3.5/site-packages/jupyterhub/auth.py
[1;31mType:      [0mfunction


In [12]:
PAMAuthenticator.authenticate??

[1;31mSignature: [0m[0mPAMAuthenticator[0m[1;33m.[0m[0mauthenticate[0m[1;33m([0m[0mself[0m[1;33m,[0m [0mhandler[0m[1;33m,[0m [0mdata[0m[1;33m)[0m[1;33m[0m[0m
[1;31mSource:[0m
    [1;33m@[0m[0mgen[0m[1;33m.[0m[0mcoroutine[0m[1;33m[0m
[1;33m[0m    [1;32mdef[0m [0mauthenticate[0m[1;33m([0m[0mself[0m[1;33m,[0m [0mhandler[0m[1;33m,[0m [0mdata[0m[1;33m)[0m[1;33m:[0m[1;33m[0m
[1;33m[0m        [1;34m"""Authenticate with PAM, and return the username if login is successful.[0m
[1;34m    [0m
[1;34m        Return None otherwise.[0m
[1;34m        """[0m[1;33m[0m
[1;33m[0m        [0musername[0m [1;33m=[0m [0mdata[0m[1;33m[[0m[1;34m'username'[0m[1;33m][0m[1;33m[0m
[1;33m[0m        [1;32mtry[0m[1;33m:[0m[1;33m[0m
[1;33m[0m            [0mpamela[0m[1;33m.[0m[0mauthenticate[0m[1;33m([0m[0musername[0m[1;33m,[0m [0mdata[0m[1;33m[[0m[1;34m'password'[0m[1;33m][0m[1;33m,[0m [0mservice[0m

In [24]:
class DummyAuthenticator(Authenticator):
    def authenticate(self, handler, data):
        username = data['username']
        # check password:
        if data['username'] == data['password']:
            return username

## Exercise:

Write a custom username+password Authenticator where:

1. passwords are loaded from a dict
2. hashed+salted passwords are stored somewhere, but not cleartext passwords

In [26]:
# possibly useful:

from jupyterhub.utils import hash_token, compare_token
hash_token('mypassword')

'sha512:16384:ac479ffbc5d1d013:6eac4b39f6760f0c0aea472c9662d6bb975ba593d4f340b45b01a30051b101e04aa5eb77d99db084e177b59ec63ae8a186624d26fb9689520c9184b07dfd62e3'

In [28]:
compare_token(_, 'mypassword')

True