consolidate auth config on IdentityProvider

.pre-commit-config.yaml

@@ -33,7 +33,6 @@ repos:
     rev: v0.961
     hooks:
       - id: mypy
-        exclude: examples/simple/setup.py
         additional_dependencies: [types-requests]
 
   - repo: https://github.com/pre-commit/mirrors-prettier

examples/identity/system_password/README.md

@@ -0,0 +1,7 @@
+# Jupyter login with system password
+
+This `jupyter_server_config.py` defines and enables a `SystemPasswordIdentityProvider`.
+This IdentityProvider checks the entered password against your system password using PAM.
+Only the current user's password (the user the server is running as) is accepted.
+
+The result is a User whose name matches the system user, rather than a randomly generated one.

examples/identity/system_password/jupyter_server_config.py

@@ -0,0 +1,29 @@
+import pwd
+from getpass import getuser
+
+from pamela import PAMError, authenticate
+
+from jupyter_server.auth.identity import IdentityProvider, User
+
+
+class SystemPasswordIdentityProvider(IdentityProvider):
+    # no need to generate a default token (token can still be used, but it's opt-in)
+    need_token = False
+
+    def process_login_form(self, handler):
+        username = getuser()
+        password = handler.get_argument("password", "")
+        try:
+            authenticate(username, password)
+        except PAMError as e:
+            self.log.error(f"Failed login for {username}: {e}")
+            return None
+
+        user_info = pwd.getpwnam(username)
+        # get human name from pwd, if not empty
+        return User(username=username, name=user_info.pw_gecos or username)
+
+
+c = get_config()  # type: ignore # noqa
+
+c.ServerApp.identity_provider_class = SystemPasswordIdentityProvider