-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BUG - Opening apps opened other users jupyterlab servers for me #110
Comments
The way this works is by impersonating their user, so that part is not surprising. During the lead up to the release we did have weird routing issues where it would start lab instead of redirecting to the url of the 'app'. I don't remember exactly but this was some combination of the version of jupyterhub, jupyterlab and jhsingle-user-proxy that was causing the issue. I thought it was fixed in the release. cc: @aktech |
This might be the case, will have to check app's creation commands to figure out what went wrong. I'll take a look. |
I just hit this too. My situation:
We need to disable the ability to have general jupyterlab access and restrict to just the app. There may be some fine grained permissions in JHub/JLab that will allow this now. |
IMO the user A ideally should be able to spinup the shared app with only the last saved configuration for the app. They should not be able to change a thing about it like server type, name, thumbnail etc. Also note that, currently the starting of the shared app won't work as expected due the "fake" sharing ability we have: #138 |
Interestingly the problematic apps disappear from shared apps screen when a server for them gets spawned
But now that you linked #138, it seems to mention the same thing, right? |
Taking a step back:
How should we scope the work here? It looks like these are 3 tasks which all are critical to ensuring that user data is only shared when explicitly allowed and no impersonation takes place - do I see this right? |
Just coming back to this issue @aktech did you have a chance to look into this? |
Yes, correct.
Yes we can, but this is beyond the scope for app sharing requirements.
Sharing code is also a good option for sharing temporarily (excellent feature to add later though), but initially we are more interested in sharing non-timebound access with a group or user via: https://jupyterhub.readthedocs.io/en/latest/reference/rest-api.html#operation/post-shares-server Based on my reading of the sharing feature in JupyterHub 5.0, we will fix this issue after:
Next steps:
Also, there is nothing that needs to be done to fix this one right now, as mentioned it will be fixed by implementing app sharing. |
Context
I opened the xaitkappv3-d7dff58 app by @kcpevey and the maite-c383ebc by @dharhas and instead of opening the apps, a jupyterlab server was created as if I were kim and dharhas's users. Afterwards, I checked the jhub-apps home page again and the xaitkappv3-d7dff58 and maite-c383ebc apps weren't listed anymore.
Maybe they were deleted, but still shown on jhub-apps home page and when I tried to open them jupyterhub forwarded me to jupyterlab? I'm not sure.
Me as Kim in jupyterhub
Me as Dharhas in jupyterhub
Value and/or benefit
Bug report
Anything else?
No response
The text was updated successfully, but these errors were encountered: