search

django / djangoproject.com

Source code to djangoproject.com
https://www.djangoproject.com/
BSD 3-Clause "New" or "Revised" License
1.86k stars 939 forks source link

Discrepancy in Documentation for RemoteUserBackend Usage #1514

Closed meibenny closed 2 months ago

meibenny commented 2 months ago

I've found that when using RemoteUserBackend, I need to pass remote_user in authenticate to log in my user, i.e.

user = authenticate(request, remote_user=remote_user.username)

Is this expected behavior?

The documentation for RemoteUserBackend states that it authenticates usernames that are found in request.META["REMOTE_USER"].

I was following the documentation to authenticate a user, e.g.

def myview(request):
    remote_user = remote_auth()
    request.META["REMOTE_USER"] = user.username
    user = authenticate(request)

In this case, however, user is None. My understanding of the documentation is that RemoteUserBackend would take the user's username from request.META["REMOTE_USER"]. However that doesn't seem to be the case. Indeed, the source code doesn't look at request.META["REMOTE_USER"] at all. Instead, it expects that the remote_user argument is passed by the caller.