Re: [dancer-users] request->user
On Sun, Sep 13, 2015 at 7:00 AM, <dancer-users-request@dancer.pm> wrote:
Where does Dancer2 get the user that is returned with $dsl->app->request->user? I have a hard time finding this in Dancer2::Core::Request.pm, where it's in the documentation.
Since nobody has answered this, I will take a stab at it from memory. My suspicion: if there was Basic Auth, then there will be a User value. Without auth, I don't think you will get any user value. It could be from a special URL format, like this: http://username:password@example.com/ The User value is encoded in the Authorization header. If I am right, this is not specific to Dancer. Cheers -- Rick
Hurray! A response! Yes, true. With basic auth, there is a user. And with Auth digest there is a user as well. But how and where does Dancer2 get it? I expected that Dancer2 would get it from the environment hash %ENV. That in there the REMOTE_USER would be set and that this is what Dancer2 takes. However I could find this nowhere in the Dancer2 code. And if I set REMOTE_USER myself, Dancer2 does not pick this up. Hence my question: where does Dancer2 get this from? You do give me an idea though. I could read through the code to see if Dancer2 perhaps looks at the headers for this user value, instead of getting it from the server. Because the second is true as well, the server gets the user value from the headers. Kind regards, Arjan. On 09/15/2015 02:40 PM, Rick Leir wrote:
On Sun, Sep 13, 2015 at 7:00 AM, <dancer-users-request@dancer.pm> wrote:
Where does Dancer2 get the user that is returned with $dsl->app->request->user? I have a hard time finding this in Dancer2::Core::Request.pm, where it's in the documentation. Since nobody has answered this, I will take a stab at it from memory.
My suspicion: if there was Basic Auth, then there will be a User value. Without auth, I don't think you will get any user value. It could be from a special URL format, like this: http://username:password@example.com/
The User value is encoded in the Authorization header.
If I am right, this is not specific to Dancer. Cheers -- Rick _______________________________________________ dancer-users mailing list dancer-users@dancer.pm http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
-- Met vriendelijke groet, Arjan Widlak Bezoek onze site op: http://www.unitedknowledge.nl De rijkshuisstijl, ook voor tablet en iPhone: http://www.rijkshuisstijl.unitedknowledge.nl/ United Knowledge, inhoud en techniek Bilderdijkstraat 79N 1053 KM Amsterdam T +31 (0)20 737 1851 F +31 (0)84 877 0399 bureau@unitedknowledge.nl http://www.unitedknowledge.nl M +31 (0)6 2427 1444 E arjan@unitedknowledge.nl We use WebGUI, the Open Source CMS http://www.webgui.org/
On 16/09/2015 4:40 pm, arjan wrote:
I expected that Dancer2 would get it from the environment hash %ENV.
request->user is sugar for request->env->{REMOTE_USER} i.e. its passed through to Dancer2 as an entry in the psgi $env hashref. You may want to look at the code for some of the Plack::Middleware::Auth::* modules to see how they populate REMOTE_USER in the psgi env. (Those middleware are typically less that 100 lines.) If you are using nginx, Apache or similar to do basic or digest auth before using a reverse proxy to your app, the proxied request will NOT contain the REMOTE_USER. You'll need to propagate the user in a custom header. Cheers, Russell.
Thank you Russell! This is very helpful. On 09/16/2015 04:06 PM, Russell Jenkins wrote:
On 16/09/2015 4:40 pm, arjan wrote:
I expected that Dancer2 would get it from the environment hash %ENV.
request->user is sugar for request->env->{REMOTE_USER} i.e. its passed through to Dancer2 as an entry in the psgi $env hashref.
You may want to look at the code for some of the Plack::Middleware::Auth::* modules to see how they populate REMOTE_USER in the psgi env. (Those middleware are typically less that 100 lines.)
If you are using nginx, Apache or similar to do basic or digest auth before using a reverse proxy to your app, the proxied request will NOT contain the REMOTE_USER. You'll need to propagate the user in a custom header.
Cheers, Russell.
_______________________________________________ dancer-users mailing list dancer-users@dancer.pm http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
-- Met vriendelijke groet, Arjan Widlak Bezoek onze site op: http://www.unitedknowledge.nl De rijkshuisstijl, ook voor tablet en iPhone: http://www.rijkshuisstijl.unitedknowledge.nl/ United Knowledge, inhoud en techniek Bilderdijkstraat 79N 1053 KM Amsterdam T +31 (0)20 737 1851 F +31 (0)84 877 0399 bureau@unitedknowledge.nl http://www.unitedknowledge.nl M +31 (0)6 2427 1444 E arjan@unitedknowledge.nl We use WebGUI, the Open Source CMS http://www.webgui.org/
participants (3)
-
arjan -
Rick Leir -
Russell Jenkins