Opened 3 months ago

Last modified 3 months ago

#35971 closed New feature

RemoteUserMiddleware needs a get_username method — at Initial Version

Reported by: Adrien Kunysz Owned by:
Component: contrib.auth Version: 5.0
Severity: Normal Keywords:
Cc: Adrien Kunysz Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no
Pull Requests:How to create a pull request

Description

As currently implemented, the only way to customise how RemoteUserMiddleware gets the username is through the "header" variable. This is then used in call and acall methods like this:

            username = request.META[self.header]

It would be convenient to move that logic into a separate method that could be overridden. For example:

get_username(self):
    return request.META[self.header]    

Specific use case: the proxy I have in front of Django always sets two specific headers (say "X-Username" and "X-Authenticated"). The value of "X-Username" is only valid if "X-Authenticated" is "true", otherwise it should be ignored (typically it ends up being a single space character). I use PersistentRemoteMiddleware to use X-Username but the only way I found to ignore it when X-Authenticated is not true is to override call / acall or clean_username. Both seem rather fragile while a small change to RemoteUserMiddleware would make for a much more robust, flexible and maintainable solution.

With the proposed change, in my child class I could just say

def get_username(self):
    if request.META["X-Authenticated"].lower() != "true":
        raise KeyError
    else:
        return request.META[self.header]

I am happy to propose a patch if we can agree this change is desirable.

Change History (0)

Note: See TracTickets for help on using tickets.
Back to Top