Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redirecting a notebook URL to another user fails if source user's server is running #2017

Closed
stephenpascoe opened this issue Jun 29, 2018 · 5 comments
Closed

Redirecting a notebook URL to another user fails if source user's server is running #2017

stephenpascoe opened this issue Jun 29, 2018 · 5 comments
Labels
enhancement

Comments

@stephenpascoe
Copy link

Describe the bug
We have a jupyterhub setup where users share links to notebooks (e.g. by email) which they open in their own server. E.g. user1 shares a notebook url1 and user2 clicks on the URL link to open that notebook on their server (all inside the same hub).

If user1 does not have their notebook server running it works. The hub redirects user2 to an equivilent URL containing their username. If user1 has their server running user2 gets the following error:

503 : Service Unavailable
Your server appears to be down. Try restarting it from the hub

Expected Behaviour
Consistent behaviour whether or not user1's notebook server is running or not. Ideally redirection working.

Desktop (please complete the following information):

  • OS: Tested on MacOS and Windows
  • Browser: Tested on latest Chrome and Firefox

Additional context

In the failure case: user2 clicks on link: https://notebooks-dev.example.com/user/user1/notebooks/public/development/Untitled3.ipynb

Hub logs:

[I 2018-06-29 14:46:04.285 JupyterHub log:122] 200 GET /hub/api/authorizations/token/[secret] (user2@127.0.0.1) 5.43ms
[I 2018-06-29 14:46:04.289 JupyterHub log:122] 200 GET /hub/error/503?url=%2Fuser%2Fuser2%2Fnotebooks%2Fpublic%2Fdevelopment%2FUntitled3.ipynb (@127.0.0.1) 1.20ms

Notebook logs:

[W 2018-06-29 14:38:29.118 SingleUserNotebookApp auth:737] Not allowing Hub user user2
 [E 2018-06-29 14:38:29.118 SingleUserNotebookApp http1connection:54] Uncaught exception
     Traceback (most recent call last):
       File \"\/usr\/local\/lib\/python3.5\/dist-packages\/jupyterhub\/services\/auth.py\", line 753, in get_current_user
         self._hub_auth_user_cache = self.check_hub_user(user_model)
       File \"\/usr\/local\/lib\/python3.5\/dist-packages\/jupyterhub\/services\/auth.py\", line 738, in check_hub_user
         raise UserNotAllowed(model)
     jupyterhub.services.auth.UserNotAllowed: <UserNotAllowed user=user2>
     
     During handling of the above exception, another exception occurred:
     
     Traceback (most recent call last):
       File \"\/usr\/local\/lib\/python3.5\/dist-packages\/tornado\/http1connection.py\", line 237, in _read_message
         delegate.finish()
       File \"\/usr\/local\/lib\/python3.5\/dist-packages\/tornado\/httpserver.py\", line 319, in finish
         self.delegate.finish()
       File \"\/usr\/local\/lib\/python3.5\/dist-packages\/tornado\/routing.py\", line 256, in finish
         self.delegate.finish()
       File \"\/usr\/local\/lib\/python3.5\/dist-packages\/tornado\/web.py\", line 2139, in finish
         self.execute()
       File \"\/usr\/local\/lib\/python3.5\/dist-packages\/tornado\/web.py\", line 2159, in execute
         **self.handler_kwargs)
       File \"\/usr\/local\/lib\/python3.5\/dist-packages\/tornado\/web.py\", line 191, in __init__
         self.clear()
       File \"\/usr\/local\/lib\/python3.5\/dist-packages\/tornado\/web.py\", line 295, in clear
         self.set_default_headers()
       File \"\/usr\/local\/lib\/python3.5\/dist-packages\/notebook\/base\/handlers.py\", line 322, in set_default_headers
         self.token_authenticated
       File \"\/usr\/local\/lib\/python3.5\/dist-packages\/notebook\/base\/handlers.py\", line 156, in token_authenticated
         return self.login_handler.is_token_authenticated(self)
       File \"\/usr\/local\/lib\/python3.5\/dist-packages\/jupyterhub\/singleuser.py\", line 85, in is_token_authenticated
         handler.get_current_user()
       File \"\/usr\/local\/lib\/python3.5\/dist-packages\/notebook\/base\/handlers.py\", line 136, in get_current_user
         return self.login_handler.get_user(self)
       File \"\/usr\/local\/lib\/python3.5\/dist-packages\/jupyterhub\/singleuser.py\", line 98, in get_user
         return handler.get_current_user()
       File \"\/usr\/local\/lib\/python3.5\/dist-packages\/jupyterhub\/services\/auth.py\", line 757, in get_current_user
         raise HTTPError(403, \"{kind} {name} is not allowed.\".format(**e.model))
     tornado.web.HTTPError: HTTP 403: Forbidden (user user2 is not allowed.)
 [I 2018-06-29 14:38:29.121 JupyterHub log:122] 200 GET \/hub\/error\/503?url=%2Fuser%2Fuser2%2Fnotebooks%2Fpublic%2Fdevelopment%2FUntitled3.ipynb (@127.0.0.1) 1.28ms
@stephenpascoe
Copy link
Author

Installed requirements.txt

jupyterhub==0.8.1
notebook==5.4.0
jinja2==2.9.6
ipywidgets==7.0.0b2
jupyterlab==0.32.1
git+git://github.com/jupyterhub/wrapspawner.git@5f2b7075f77d0c1c49066682a8e8adad0dab76db

@minrk
Copy link
Member

minrk commented Jul 4, 2018

The URL to share if you want a user to be able to open a notebook that's available at the same URL for all users is: https://host/hub/user-redirect/notebooks/name.ipynb, not https://host/user/user1/notebooks/name.ipynb.

The two improvements we can do for sharing links to notebooks are:

  1. make the user-redirect URL findable and copyable in the notebook UI so it's easier to share the right URL
  2. include the link to the user-redirect url in the 403 error page

In general, visiting /user/user1/notebooks/... as user2 should not result in automatically opening the URL for user2, even though that may sometimes occur. What visiting that URL means is explicitly requesting access to user1's server. With the possibility that user1 can grant user2 permission to do that, it makes less sense to interpret a permission error as a valid request for something else. Instead, we should show the error that the request was not valid, with a hint about what the likely intended request was.

@stephenpascoe
Copy link
Author

I think both your suggestions would help, particularly making the user-redirect URL findable.

When using JupterLab, if I right-button over a file in the file browser there is the option "Copy Shareable Link" this does not copy a user-redirect URL but the user-specific URL. That looks like a bug.

@stephenpascoe stephenpascoe mentioned this issue Jul 5, 2018
Closed
@minrk minrk mentioned this issue Sep 27, 2018
Closed
@bobbychopra
Copy link

Is it be possible to provide a flag to override the behavior so that when user2 pastes a url for /user/user1/notebooks/... it automatically opens the URL for user2? I've created a Work In Progress Pull Request to gather feedback and discuss it at #2478 I haven't added any tests, but can gladly add that and code according to contributing standards.

My hope is that I can get the guidance to provide a flag in JupyterHub config that can control this auto-redirect behavior.

@minrk minrk mentioned this issue Mar 28, 2019
Closed
@minrk minrk mentioned this issue Feb 21, 2020
Merged
@manics
Copy link
Member

manics commented Feb 17, 2021

I'm closing this as there's a solution in JupyterLab, and #2478 was not merged

@manics manics closed this as completed Feb 17, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@minrk @stephenpascoe @bobbychopra @manics @willingc