Backport PR #1994: Further highlight token info in log output

Author: gnestor

notebook/notebookapp.py

@@ -79,7 +79,7 @@
 from nbformat.sign import NotebookNotary
 from traitlets import (
     Dict, Unicode, Integer, List, Bool, Bytes, Instance,
-    TraitError, Type, Float
+    TraitError, Type, Float, observe
 )
 from ipython_genutils import py3compat
 from jupyter_core.paths import jupyter_runtime_dir, jupyter_path
@@ -533,13 +533,21 @@ def _write_cookie_secret_file(self, secret):
         Once used, this token cannot be used again.
         """
     )
+    
+    _token_generated = True
 
     def _token_default(self):
         if self.password:
             # no token if password is enabled
+            self._token_generated = False
             return u''
         else:
+            self._token_generated = True
             return binascii.hexlify(os.urandom(24)).decode('ascii')
+            
+    @observe('token')
+    def _token_changed(self, change):
+        self._token_generated = False
 
     password = Unicode(u'', config=True,
                       help="""Hashed password to use for web authentication.
@@ -977,6 +985,12 @@ def init_webapp(self):
     @property
     def display_url(self):
         ip = self.ip if self.ip else '[all ip addresses on your system]'
+        url = self._url(ip)
+        if self.token:
+            # Don't log full token if it came from config
+            token = self.token if self._token_generated else '...'
+            url = url_concat(url, {'token': token})
+        return url
         query = '?token=%s' % self.token if self.token else ''
         return self._url(ip) + query
 
@@ -1195,7 +1209,17 @@ def start(self):
                 b = lambda : browser.open(url_path_join(self.connection_url, uri),
                                           new=2)
                 threading.Thread(target=b).start()
-        
+                
+        if self.token and self._token_generated:
+            # log full URL with generated token, so there's a copy/pasteable link
+            # with auth info.
+            self.log.critical('\n'.join([
+                '\n',
+                'Copy/paste this URL into your browser when you connect for the first time,',
+                'to login with a token:',
+                '    %s' % url_concat(self.connection_url, {'token': self.token}),
+             ]))
+
         self.io_loop = ioloop.IOLoop.current()
         if sys.platform.startswith('win'):
             # add no-op to wake every 5s
@@ -1251,4 +1275,3 @@ def list_running_servers(runtime_dir=None):
 #-----------------------------------------------------------------------------
 
 main = launch_new_instance = NotebookApp.launch_instance
-

notebook/templates/login.html

@@ -20,7 +20,7 @@
       <div class="navbar-inner">
         <div class="container">
           <div class="center-nav">
-            <p class="navbar-text nav">Password or token:</p>
+            <p class="navbar-text nav">Password{% if token_available %} or token{% endif %}:</p>
             <form action="{{base_url}}login?next={{next}}" method="post" class="navbar-form pull-left">
               <input type="password" name="password" id="password_input" class="form-control">
               <button type="submit" id="login_submit">Log in</button>
@@ -42,10 +42,11 @@
       {% endfor %}
       </div>
     {% endif %}
+    {% if token_available %}
     {% block token_message %}
     <div class="col-sm-6 col-sm-offset-3 text-left">
       <p class="warning">
-        If this notebook server has no password set, token authentication is enabled.
+        Token authentication is enabled.
 
         You need to open the notebook server with its first-time login token in the URL,
         or enable a password in order to gain access.
@@ -62,8 +63,12 @@
       <p>
         Or you can paste just the token value into the password field on this page.
       </p>
+      <p>
+        Cookies are required for authenticated access to notebooks.
+      </p>
     </div>
     {% endblock token_message %}
+    {% endif %}
 </div>
 
 {% endblock %}