diff options
| author | Anders Einar Hilden <hildenae@gmail.com> | 2024-12-11 18:59:57 +0100 |
|---|---|---|
| committer | Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | 2024-12-18 10:07:30 +0100 |
| commit | a8b70aeffd41d082d4bd8f99c777f37b6a58da66 (patch) | |
| tree | f2642eed4b55ca2aeb5c515b503d88d9c3d45685 | |
| parent | 7e41a7a47d0ee3e2d8270b04afbb908ece0b2b77 (diff) | |
Fixed #36002 -- Referred to request.Meta key in Persistent/RemoteUserMiddleware comments.
Changed the docstrings and code comments to better reflect where the default value
comes from (an environment variable, not request header).
| -rw-r--r-- | django/contrib/auth/middleware.py | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/django/contrib/auth/middleware.py b/django/contrib/auth/middleware.py index 85f58ec9a5..880563bc5b 100644 --- a/django/contrib/auth/middleware.py +++ b/django/contrib/auth/middleware.py @@ -95,13 +95,16 @@ class RemoteUserMiddleware: Middleware for utilizing web-server-provided authentication. If request.user is not authenticated, then this middleware attempts to - authenticate the username passed in the ``REMOTE_USER`` request header. + authenticate the username from the ``REMOTE_USER`` key in ``request.META``, + an environment variable commonly set by the webserver. + If authentication is successful, the user is automatically logged in to persist the user in the session. - The header used is configurable and defaults to ``REMOTE_USER``. Subclass - this class and change the ``header`` attribute if you need to use a - different header. + The ``request.META`` key is configurable and defaults to ``REMOTE_USER``. + Subclass this class and change the ``header`` attribute if you need to + use a different key from ``request.META``, for example a HTTP request + header. """ sync_capable = True @@ -116,9 +119,9 @@ class RemoteUserMiddleware: markcoroutinefunction(self) super().__init__() - # Name of request header to grab username from. This will be the key as - # used in the request.META dictionary, i.e. the normalization of headers to - # all uppercase and the addition of "HTTP_" prefix apply. + # Name of request.META key to grab username from. Note that for + # request headers, normalization to all uppercase and the addition + # of a "HTTP_" prefix apply. header = "REMOTE_USER" force_logout_if_no_header = True @@ -259,10 +262,10 @@ class PersistentRemoteUserMiddleware(RemoteUserMiddleware): Middleware for web-server provided authentication on logon pages. Like RemoteUserMiddleware but keeps the user authenticated even if - the header (``REMOTE_USER``) is not found in the request. Useful - for setups when the external authentication via ``REMOTE_USER`` - is only expected to happen on some "logon" URL and the rest of - the application wants to use Django's authentication mechanism. + the ``request.META`` key is not found in the request. Useful for + setups when the external authentication is only expected to happen + on some "logon" URL and the rest of the application wants to use + Django's authentication mechanism. """ force_logout_if_no_header = False |
