ideonate / cdsdashboards

JupyterHub extension for ContainDS Dashboards
https://cdsdashboards.readthedocs.io/
Other
201 stars 37 forks source link

403 : Forbidden You do not have permission to access Server #98

Closed jhannink closed 2 years ago

jhannink commented 2 years ago

I have a strange behaviour when trying to share dashboards with other users on my jupyterhub instance, this does only seem to work between Admin users.

If a non-admin is trying to access a shared dashboard via the Dashboards tab the following happens:

This is the error log for a non-admin user

[I 2022-02-24 18:03:06.433 JupyterHub log:189] 302 GET /hub/dashboards/dashboard-test -> /user/julius/dash-dashboard-test (julius-test@[secret]) 7.92ms
INFO:tornado.application:SuperviseAndProxyHandler http_get 56595 
DEBUG:tornado.application:No user identified
WARNING:tornado.application:Detected unused OAuth state cookies
DEBUG:tornado.application:Redirecting to login url: /hub/api/oauth2/authorize?client_id=jupyterhub-user-julius-dash-dashboard-test&redirect_uri=%2Fuser%2Fjulius%2Fdash-dashboard-test%2Foauth_callback&response_type=code&state=[secret]
ERROR:tornado.application:Uncaught exception GET /user/julius/dash-dashboard-test/ ([secret])
HTTPServerRequest(protocol='http', host=[secret], method='GET', uri='/user/julius/dash-dashboard-test/', version='HTTP/1.1', remote_ip=[secret])
Traceback (most recent call last):
  File "/opt/homebrew/Caskroom/miniforge/base/lib/python3.9/site-packages/tornado/web.py", line 1704, in _execute
    result = await result
  File "/opt/homebrew/Caskroom/miniforge/base/lib/python3.9/site-packages/jhsingle_native_proxy/websocket.py", line 102, in get
    return await self.http_get(*args, **kwargs)
  File "/opt/homebrew/Caskroom/miniforge/base/lib/python3.9/site-packages/jhsingle_native_proxy/proxyhandlers.py", line 849, in http_get
    return await self.proxy(self.port, path)
  File "/opt/homebrew/Caskroom/miniforge/base/lib/python3.9/site-packages/jhsingle_native_proxy/proxyhandlers.py", line 843, in proxy
    return await self.oauth_proxy(port, path)
TypeError: object NoneType can't be used in 'await' expression
[E 2022-02-24 18:03:06.622 JupyterHub auth:280] User <User(julius-test 0/1 running)> not allowed to access Server at /user/julius/dash-dashboard-test/
[W 2022-02-24 18:03:06.623 JupyterHub web:1787] 403 GET /hub/api/oauth2/authorize?client_id=jupyterhub-user-julius-dash-dashboard-test&redirect_uri=%2Fuser%2Fjulius%2Fdash-dashboard-test%2Foauth_callback&response_type=code&state=[secret] ([secret]): You do not have permission to access Server at /user/julius/dash-dashboard-test/
[W 2022-02-24 18:03:06.660 JupyterHub log:189] 403 GET /hub/api/oauth2/authorize?client_id=jupyterhub-user-julius-dash-dashboard-test&redirect_uri=%2Fuser%2Fjulius%2Fdash-dashboard-test%2Foauth_callback&response_type=code&state=[secret] (julius-test@[secret]) 48.27ms

vs once I made user julius-test an admin via the jupyterhub admin panel

[I 2022-02-24 18:01:02.364 JupyterHub log:189] 200 GET /hub/dashboards/dashboard-test (julius-test@[secret]) 49.53ms
[I 2022-02-24 18:01:02.365 JupyterHub spawner:1526] Spawning python3 -m jhsingle_native_proxy.main --destport=0 python3 '{-}m' voila '{presentation_path}' '{--}port={port}' '{--}no-browser' '{--}Voila.base_url={base_url}/' '{--}Voila.server_url=/' --progressive --presentation-path=./Dashboards/Dashboard.ipynb --ip=127.0.0.1 --port=56588 '{--}debug' --debug
Setting debug
Starting jhsingle-native-proxy server on address 127.0.0.1 port 56588, proxying to port 0
URL Prefix: /user/julius/dash-dashboard-test
Auth Type: oauth
Command: ('python3', '{-}m', 'voila', '{presentation_path}', '{--}port={port}', '{--}no-browser', '{--}Voila.base_url={base_url}/', '{--}Voila.server_url=/', '{--}debug')
INFO:tornado.application:SuperviseAndProxyHandler http_get 56595 
DEBUG:tornado.application:No user identified
DEBUG:tornado.application:Redirecting to login url: /hub/api/oauth2/authorize?client_id=jupyterhub-user-julius-dash-dashboard-test&redirect_uri=%2Fuser%2Fjulius%2Fdash-dashboard-test%2Foauth_callback&response_type=code&state=[secret]
[I 2022-02-24 18:01:02.770 JupyterHub base:944] User julius:dash-dashboard-test took 0.427 seconds to start
[I 2022-02-24 18:01:02.770 JupyterHub proxy:286] Adding user julius to proxy /user/julius/dash-dashboard-test/ => http://127.0.0.1:56588
18:01:02.771 [ConfigProxy] info: Adding route /user/julius/dash-dashboard-test -> http://127.0.0.1:56588
18:01:02.771 [ConfigProxy] info: Route added /user/julius/dash-dashboard-test -> http://127.0.0.1:56588
18:01:02.771 [ConfigProxy] info: 201 POST /api/routes/user/julius/dash-dashboard-test 
ERROR:tornado.application:Uncaught exception GET /user/julius/dash-dashboard-test/ (127.0.0.1)
HTTPServerRequest(protocol='http', host='127.0.0.1:56588', method='GET', uri='/user/julius/dash-dashboard-test/', version='HTTP/1.1', remote_ip='127.0.0.1')
Traceback (most recent call last):
  File "/opt/homebrew/Caskroom/miniforge/base/lib/python3.9/site-packages/tornado/web.py", line 1704, in _execute
    result = await result
  File "/opt/homebrew/Caskroom/miniforge/base/lib/python3.9/site-packages/jhsingle_native_proxy/websocket.py", line 102, in get
    return await self.http_get(*args, **kwargs)
  File "/opt/homebrew/Caskroom/miniforge/base/lib/python3.9/site-packages/jhsingle_native_proxy/proxyhandlers.py", line 849, in http_get
    return await self.proxy(self.port, path)
  File "/opt/homebrew/Caskroom/miniforge/base/lib/python3.9/site-packages/jhsingle_native_proxy/proxyhandlers.py", line 843, in proxy
    return await self.oauth_proxy(port, path)
TypeError: object NoneType can't be used in 'await' expression
[I 2022-02-24 18:01:02.774 JupyterHub events:107] Server julius:dashboard-test is ready
[I 2022-02-24 18:01:02.774 JupyterHub log:189] 200 GET /hub/dashboards-api/dashboard-test/progress (julius-test@[secret]) 145.21ms
INFO:tornado.application:SuperviseAndProxyHandler http_get 56595 
DEBUG:tornado.application:No user identified
WARNING:tornado.application:Detected unused OAuth state cookies
DEBUG:tornado.application:Redirecting to login url: /hub/api/oauth2/authorize?client_id=jupyterhub-user-julius-dash-dashboard-test&redirect_uri=%2Fuser%2Fjulius%2Fdash-dashboard-test%2Foauth_callback&response_type=code&state=[secret]
ERROR:tornado.application:Uncaught exception GET /user/julius/dash-dashboard-test/ ([secret])
HTTPServerRequest(protocol='http', host=[secret], method='GET', uri='/user/julius/dash-dashboard-test/', version='HTTP/1.1', remote_ip=[secret])
Traceback (most recent call last):
  File "/opt/homebrew/Caskroom/miniforge/base/lib/python3.9/site-packages/tornado/web.py", line 1704, in _execute
    result = await result
  File "/opt/homebrew/Caskroom/miniforge/base/lib/python3.9/site-packages/jhsingle_native_proxy/websocket.py", line 102, in get
    return await self.http_get(*args, **kwargs)
  File "/opt/homebrew/Caskroom/miniforge/base/lib/python3.9/site-packages/jhsingle_native_proxy/proxyhandlers.py", line 849, in http_get
    return await self.proxy(self.port, path)
  File "/opt/homebrew/Caskroom/miniforge/base/lib/python3.9/site-packages/jhsingle_native_proxy/proxyhandlers.py", line 843, in proxy
    return await self.oauth_proxy(port, path)
TypeError: object NoneType can't be used in 'await' expression
[I 2022-02-24 18:01:02.974 JupyterHub log:189] 200 GET /hub/api/oauth2/authorize?client_id=jupyterhub-user-julius-dash-dashboard-test&redirect_uri=%2Fuser%2Fjulius%2Fdash-dashboard-test%2Foauth_callback&response_type=code&state=[secret] (julius-test@[secret]) 17.32ms

Configuration

jhannink commented 2 years ago

By the way, my jupyterhub == 2.1.1 and that seemed to be the issue. Using jupyterhub == 1.4.2 resolved the issue for now :smiley:

Any plans on how to proceed with jupyterhub >= 2?

cmosguy commented 2 years ago

@jhannink I just ran into this problem, you said you had to downgrade the jupyterhub version to make this work?

jhannink commented 2 years ago

Yep, downgrading to 1.4.2 solved it for me

cmosguy commented 2 years ago

@danlester are you able to fix this ASAP? I would love to be able to use this, but cannot because of this issue. What is the point of deploying this and having 403 for others when viewing your dashboard?

jhannink commented 2 years ago

Definately, support for jupyterhub > 2.0 would be cool :smiley:

danlester commented 2 years ago

This is tracked in #96 and I've just added a comment.