[Web-SIG] How to make REMOTE_USER variable private across WSGI middlewares?

Thu Aug 10 06:25:00 EDT 2017

Hi,

A little update on this issue. I switched to werkzeug/gevent for storing 
the http request in a thread-local object. I also use a contextmanager 
to set the current request for a thread. However, since the value of 
REMOTE_USER is set from a WSGI middleware, it doesn't persist into my 
thread-local request object.

Here's my code:

@contextmanager
def sessionmanager(environ):
     _requests.request = RequestClass(environ)
     yield
     _requests.request = None

def get_current_request():
     try:
         return _requests.request
     except AttributeError:
         raise TypeError("No request object for this thread")

request = LocalProxy(lambda: get_current_request())

[...]

def application(self, environ, start_response):
         self._session.environ.update(environ)
         with sessionmanager(self._session.environ):
             response = self.get_response(request=request)
         try:
             return response(self._session.environ, start_response)
         finally:
             _requests.request = None
             #self._session.environ.clear()

Any suggestions how to improve this code to allow the value of 
REMOTE_USER to persist if and only if the user has been authenticated ?

Thank you in advance,

Etienne

Le 2016-10-12 à 05:42, Etienne Robillard a écrit :
> I believe the OAuth2 middleware and client is functioning correctly 
> and is setting the REMOTE_USER value as expected. But I guess the 
> problem is because I recreate a new WebOb request object before 
> returning a WSGI response. Also, I need to update the WSGI environment 
> for each request in order to preserve the value of REMOTE_USER. 
> However, i don't know if it's logical to recreate a WSGI request every 
> time. Perhaps the solution would be to use a global request object...
>

-- 
Etienne Robillard
tkadm30 at yandex.com
http://www.isotopesoftware.ca/