WIP: add /api/me to get identity model

includes fields:

- username: str
- name: Optional[str]
- display_name: Optional[str]
- initials: Optional[str]
- avatar_url: Optional[str]
- color: Optional[str]
- permissions in the form {"resource": ["action", ],}

where permissions are only populated _by request_,
because the server cannot know what all resource/action combinations are available.

Author: minrk

jupyter_server/services/auth/authorizer.py

@@ -62,7 +62,7 @@ def user_model(self, user: Any) -> Dict:
             user_model["username"] = user
             return {
                 "username": user,
-                "given_name": None,
+                "name": None,
             }
         elif isinstance(user, dict):
             user_model = {}

jupyter_server/services/auth/handlers.py

@@ -21,33 +21,86 @@
 
 
 class IdentityModel(TypedDict):
-    username: str
-    given_name: Optional[str]
+    # see the JupyterLab IUser model for definitions
+
+    username: str  # the only truly required field
+
+    # these fields are derived from username if not specified
+    name: str
+    display_name: str
+    initials: str
+
+    # these fields are left as None if undefined
+    avatar_url: Optional[str]
+    color: Optional[str]
+
+    # Jupyter Server permissions
+    # as a dict of permitted {"resource": ["actions"]}
     permissions: Dict[str, List[str]]
 
 
+def _fill_defaults(identity: IdentityModel) -> IdentityModel:
+    """Fill out default fields in the identity model
+
+    - Ensures all values are defined
+    - Fills out derivative values for name fields fields
+    - Fills out null values for optional fields
+    """
+
+    # username is the only truly required field
+    if not identity.get("username"):
+        raise ValueError(f"identity.username must not be empty: {identity}")
+
+    # derive name fields from username -> name -> display name -> initials
+    if not identity.get("name"):
+        identity["name"] = identity["username"]
+    if not identity.get("display_name"):
+        identity["display_name"] = identity["name"]
+    if not identity.get("initials"):
+        identity["initials"] = identity["display_name"][0]
+
+    # fields that should be defined, but use null if no information is provided
+    for key in ("avatar_url", "color"):
+        identity.setdefault(key, None)
+    return identity
+
+
 class IdentityHandler(APIHandler):
     """Get the current user's identity model"""
 
     @web.authenticated
     def get(self):
-        resources: List[str] = self.get_argument("resources") or []
-        actions: List[str] = self.get_argument("actions") or [
-            "read",
-            "write",
-            "execute",
-        ]
+        resources_json: str = self.get_argument("resources")
+        bad_resources_msg = f'resources should be a JSON dict of {{"resource": ["action",]}}, got {resources_json!r}'
+        if resources_json:
+            try:
+                resources = json.loads(resources_json)
+            except ValueError:
+                raise web.HTTPError(400, bad_resources_msg)
+            if not isinstance(resources, dict):
+                raise web.HTTPError(400, bad_resources_msg)
+
         permissions: Dict[str, List[str]] = {}
         user = self.current_user
-        for resource in resources:
+
+        for resource, actions in resources.items():
+            if (
+                not isinstance(resource, str)
+                or not isinstance(actions, list)
+                or not all(isinstance(action, str) for action in actions)
+            ):
+                raise web.HTTPError(400, bad_resources_msg)
+
             allowed = permissions[resource] = []
             for action in actions:
                 if self.authorizer.is_authorized(self, user=user, resource=resource, action=action):
                     allowed.append(action)
+
         user_model: IdentityModel = dict(
             permissions=permissions,
             **self.authorizer.user_model(user),
         )
+        user_model = _fill_defaults(user_model)
         self.write(json.dumps(user_model))