Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Storing Invalid Usernames #54

Open
Paul2708 opened this issue Aug 21, 2023 · 1 comment
Open

Storing Invalid Usernames #54

Paul2708 opened this issue Aug 21, 2023 · 1 comment
Labels
bug

Comments

@Paul2708
Copy link

Paul2708 commented Aug 21, 2023
edited
Loading

Bug description

In the JupyterHub config, I enforce a username pattern using c.Authenticator.username_pattern = r'user_.+'.
Thus, trying to log in with an invalid user name, e.g., paul, results in displaying the error message "Invalid username or password".

However, the username and the password are stored in the database.

Expected behaviour

If the username is invalid, I expect that the credentials are not stored in the database.

Actual behaviour

The username and hashed password are stored in the database.

How to reproduce

  1. Set up a JupyterHub instance using FirstUseAuthenticator and a RegEx for usernames.
  2. Try to log in with an invalid username.
  3. The log-in fails but running the command strings passwords.dbm.db reveals that the invalid username gets saved.

Your personal set up

  • OS: ubuntu 20.04
  • Version(s):
    • JupyterHub: 3.1.0
    • Python: 3.10
Full environment 
alembic @ file:///tmp/wheelhouse/alembic-1.8.1-py3-none-any.whl
async-generator @ file:///tmp/wheelhouse/async_generator-1.10-py3-none-any.whl
attrs @ file:///tmp/wheelhouse/attrs-22.1.0-py2.py3-none-any.whl
bcrypt==4.0.1
certifi @ file:///tmp/wheelhouse/certifi-2022.9.24-py3-none-any.whl
certipy @ file:///tmp/wheelhouse/certipy-0.1.3-py3-none-any.whl
cffi @ file:///tmp/wheelhouse/cffi-1.15.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
charset-normalizer @ file:///tmp/wheelhouse/charset_normalizer-2.1.1-py3-none-any.whl
cryptography @ file:///tmp/wheelhouse/cryptography-38.0.4-cp36-abi3-manylinux_2_28_x86_64.whl
docker==6.0.1
dockerspawner==12.1.0
escapism==1.0.1
greenlet @ file:///tmp/wheelhouse/greenlet-2.0.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
gyp==0.1
idna @ file:///tmp/wheelhouse/idna-3.4-py3-none-any.whl
Jinja2 @ file:///tmp/wheelhouse/Jinja2-3.1.2-py3-none-any.whl
jsonschema @ file:///tmp/wheelhouse/jsonschema-4.17.3-py3-none-any.whl
jupyter-telemetry @ file:///tmp/wheelhouse/jupyter_telemetry-0.1.0-py3-none-any.whl
jupyterhub @ file:///tmp/wheelhouse/jupyterhub-3.1.0-py3-none-any.whl
jupyterhub-firstuseauthenticator==1.0.0
jupyterhub-idle-culler==1.2.1
Mako @ file:///tmp/wheelhouse/Mako-1.2.4-py3-none-any.whl
MarkupSafe @ file:///tmp/wheelhouse/MarkupSafe-2.1.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
oauthlib @ file:///tmp/wheelhouse/oauthlib-3.2.2-py3-none-any.whl
packaging @ file:///tmp/wheelhouse/packaging-21.3-py3-none-any.whl
pamela @ file:///tmp/wheelhouse/pamela-1.0.0-py2.py3-none-any.whl
prometheus-client @ file:///tmp/wheelhouse/prometheus_client-0.15.0-py3-none-any.whl
pycparser @ file:///tmp/wheelhouse/pycparser-2.21-py2.py3-none-any.whl
pycurl==7.44.1
pyOpenSSL @ file:///tmp/wheelhouse/pyOpenSSL-22.1.0-py3-none-any.whl
pyparsing @ file:///tmp/wheelhouse/pyparsing-3.0.9-py3-none-any.whl
pyrsistent @ file:///tmp/wheelhouse/pyrsistent-0.19.2-py3-none-any.whl
python-dateutil @ file:///tmp/wheelhouse/python_dateutil-2.8.2-py2.py3-none-any.whl
python-json-logger @ file:///tmp/wheelhouse/python_json_logger-2.0.4-py3-none-any.whl
requests @ file:///tmp/wheelhouse/requests-2.28.1-py3-none-any.whl
ruamel.yaml @ file:///tmp/wheelhouse/ruamel.yaml-0.17.21-py3-none-any.whl
ruamel.yaml.clib @ file:///tmp/wheelhouse/ruamel.yaml.clib-0.2.7-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl
six @ file:///tmp/wheelhouse/six-1.16.0-py2.py3-none-any.whl
SQLAlchemy @ file:///tmp/wheelhouse/SQLAlchemy-1.4.44-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl
tornado @ file:///tmp/wheelhouse/tornado-6.2-cp37-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl
traitlets @ file:///tmp/wheelhouse/traitlets-5.6.0-py3-none-any.whl
urllib3 @ file:///tmp/wheelhouse/urllib3-1.26.13-py2.py3-none-any.whl
websocket-client==1.4.2
wget==3.2

# paste output of `pip freeze` or `conda list` here
Configuration 
c = get_config()

c.JupyterHub.authenticator_class = 'firstuseauthenticator.FirstUseAuthenticator'

c.FirstUseAuthenticator.min_password_length = 4

c.Authenticator.username_pattern = r'user_.+'

# debug-logging for testing
import logging

c.JupyterHub.log_level = logging.DEBUG
Logs 
[W 2023-08-21 16:32:32.370 JupyterHub base:825] Failed login for paul
 I 2023-08-21 16:32:32.373 JupyterHub log:186] 200 POST /hub/login?next=%2Fhub%2F 307.96ms
@Paul2708 Paul2708 added the bug label Aug 21, 2023
@welcome
Copy link

welcome bot commented Aug 21, 2023

Thank you for opening your first issue in this project! Engagement like this is essential for open source projects! 🤗

If you haven't done so already, check out Jupyter's Code of Conduct. Also, please try to follow the issue template as it helps other other community members to contribute more effectively.
welcome
You can meet the other Jovyans by joining our Discourse forum. There is also an intro thread there where you can stop by and say Hi! 👋

Welcome to the Jupyter community! 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Paul2708