From tkadm30 at yandex.com Thu Aug 10 06:25:00 2017 From: tkadm30 at yandex.com (Etienne Robillard) Date: Thu, 10 Aug 2017 06:25:00 -0400 Subject: [Web-SIG] How to make REMOTE_USER variable private across WSGI middlewares? In-Reply-To: References: <4871a061-a29f-f570-3c3e-ae7f06ddef43@yandex.com> Message-ID: <3a7e7c2f-6c59-f259-4636-8e24e7be4b47@yandex.com> Hi, A little update on this issue. I switched to werkzeug/gevent for storing the http request in a thread-local object. I also use a contextmanager to set the current request for a thread. However, since the value of REMOTE_USER is set from a WSGI middleware, it doesn't persist into my thread-local request object. Here's my code: @contextmanager def sessionmanager(environ): _requests.request = RequestClass(environ) yield _requests.request = None def get_current_request(): try: return _requests.request except AttributeError: raise TypeError("No request object for this thread") request = LocalProxy(lambda: get_current_request()) [...] def application(self, environ, start_response): self._session.environ.update(environ) with sessionmanager(self._session.environ): response = self.get_response(request=request) try: return response(self._session.environ, start_response) finally: _requests.request = None #self._session.environ.clear() Any suggestions how to improve this code to allow the value of REMOTE_USER to persist if and only if the user has been authenticated ? Thank you in advance, Etienne Le 2016-10-12 ? 05:42, Etienne Robillard a ?crit : > I believe the OAuth2 middleware and client is functioning correctly > and is setting the REMOTE_USER value as expected. But I guess the > problem is because I recreate a new WebOb request object before > returning a WSGI response. Also, I need to update the WSGI environment > for each request in order to preserve the value of REMOTE_USER. > However, i don't know if it's logical to recreate a WSGI request every > time. Perhaps the solution would be to use a global request object... > -- Etienne Robillard tkadm30 at yandex.com http://www.isotopesoftware.ca/ From tkadm30 at yandex.com Fri Aug 11 06:43:11 2017 From: tkadm30 at yandex.com (Etienne Robillard) Date: Fri, 11 Aug 2017 06:43:11 -0400 Subject: [Web-SIG] How to make REMOTE_USER variable private across WSGI middlewares? In-Reply-To: <3a7e7c2f-6c59-f259-4636-8e24e7be4b47@yandex.com> References: <4871a061-a29f-f570-3c3e-ae7f06ddef43@yandex.com> <3a7e7c2f-6c59-f259-4636-8e24e7be4b47@yandex.com> Message-ID: <90c1e773-d617-aa0d-d8a4-3a7e74ed672c@yandex.com> I fixed this bug! :) My application logic was causing a redirect loop in the oauth2 authentication mecanism. Have a nice day, E Le 2017-08-10 ? 06:25, Etienne Robillard a ?crit : > Hi, > > A little update on this issue. I switched to werkzeug/gevent for > storing the http request in a thread-local object. I also use a > contextmanager to set the current request for a thread. However, since > the value of REMOTE_USER is set from a WSGI middleware, it doesn't > persist into my thread-local request object. > > Here's my code: > > @contextmanager > def sessionmanager(environ): > _requests.request = RequestClass(environ) > yield > _requests.request = None > > def get_current_request(): > try: > return _requests.request > except AttributeError: > raise TypeError("No request object for this thread") > > > request = LocalProxy(lambda: get_current_request()) > > [...] > > def application(self, environ, start_response): > self._session.environ.update(environ) > with sessionmanager(self._session.environ): > response = self.get_response(request=request) > try: > return response(self._session.environ, start_response) > finally: > _requests.request = None > #self._session.environ.clear() > > > Any suggestions how to improve this code to allow the value of > REMOTE_USER to persist if and only if the user has been authenticated ? > > Thank you in advance, > > Etienne > > > Le 2016-10-12 ? 05:42, Etienne Robillard a ?crit : >> I believe the OAuth2 middleware and client is functioning correctly >> and is setting the REMOTE_USER value as expected. But I guess the >> problem is because I recreate a new WebOb request object before >> returning a WSGI response. Also, I need to update the WSGI >> environment for each request in order to preserve the value of >> REMOTE_USER. However, i don't know if it's logical to recreate a WSGI >> request every time. Perhaps the solution would be to use a global >> request object... >> > -- Etienne Robillard tkadm30 at yandex.com http://www.isotopesoftware.ca/ From tkadm30 at yandex.com Fri Aug 11 09:53:55 2017 From: tkadm30 at yandex.com (Etienne Robillard) Date: Fri, 11 Aug 2017 09:53:55 -0400 Subject: [Web-SIG] Django-hotsauce 0.7.8 release Message-ID: <27e31546-c29b-33cd-ddc4-03c95c30b4b2@yandex.com> Hi everyone, I'm very happy to announce the release of Django-hotsauce 0.7.8, a scalable and non-monolithic web microframework on top of Django and others! What's new: - This release fixes a major issue when WSGIMiddleware is being mounted on top of WSGIController. - Implemented thread-local storage for HTTP requests on top of Werkzeug/Gevent. - Fixed libschevo for supporting Gevent based asynchronous operations in ZODB. Release notes: http://www.isotopesoftware.ca/wiki/DjangoHotSauce/Releases/Release-0.7.8 Download: http://www.isotopesoftware.ca/pub/django-hotsauce/django-hotsauce-0.7.8.tar.gz I recommend everyone to update to 0.7.8. It is by far the most stable release of Django-hotsauce! :) Cheers, Etienne -- Etienne Robillard tkadm30 at yandex.com http://www.isotopesoftware.ca/