[Web-SIG] How to make REMOTE_USER variable private across WSGI middlewares?

Etienne Robillard tkadm30 at yandex.com
Fri Aug 11 06:43:11 EDT 2017 

I fixed this bug! :)

My application logic was causing a redirect loop in the oauth2 
authentication mecanism.

Have a nice day,
E

Le 2017-08-10 à 06:25, Etienne Robillard a écrit :
> Hi,
>
> A little update on this issue. I switched to werkzeug/gevent for 
> storing the http request in a thread-local object. I also use a 
> contextmanager to set the current request for a thread. However, since 
> the value of REMOTE_USER is set from a WSGI middleware, it doesn't 
> persist into my thread-local request object.
>
> Here's my code:
>
> @contextmanager
> def sessionmanager(environ):
>     _requests.request = RequestClass(environ)
>     yield
>     _requests.request = None
>
> def get_current_request():
>     try:
>         return _requests.request
>     except AttributeError:
>         raise TypeError("No request object for this thread")
>
>
> request = LocalProxy(lambda: get_current_request())
>
> [...]
>
> def application(self, environ, start_response):
>         self._session.environ.update(environ)
>         with sessionmanager(self._session.environ):
>             response = self.get_response(request=request)
>         try:
>             return response(self._session.environ, start_response)
>         finally:
>             _requests.request = None
>             #self._session.environ.clear()
>
>
> Any suggestions how to improve this code to allow the value of 
> REMOTE_USER to persist if and only if the user has been authenticated ?
>
> Thank you in advance,
>
> Etienne
>
>
> Le 2016-10-12 à 05:42, Etienne Robillard a écrit :
>> I believe the OAuth2 middleware and client is functioning correctly 
>> and is setting the REMOTE_USER value as expected. But I guess the 
>> problem is because I recreate a new WebOb request object before 
>> returning a WSGI response. Also, I need to update the WSGI 
>> environment for each request in order to preserve the value of 
>> REMOTE_USER. However, i don't know if it's logical to recreate a WSGI 
>> request every time. Perhaps the solution would be to use a global 
>> request object...
>>
>

-- 
Etienne Robillard
tkadm30 at yandex.com
http://www.isotopesoftware.ca/

More information about the Web-SIG mailing list