[mod_python] req.user always returns None

Mitesh Shah mshah at harpercollege.edu
Mon Feb 9 23:52:16 EST 2009


Me<----idiot!  I got it...thank you sooooo much for your help. And I
think I'm still going to keep learning mod_python and also try to take a
look at mod_wsgi.

-Mitesh

-----Original Message-----
From: Graham Dumpleton [mailto:graham.dumpleton at gmail.com] 
Sent: Monday, February 09, 2009 10:33 PM
To: Mitesh Shah
Cc: mod_python at modpython.org
Subject: Re: [mod_python] req.user always returns None

2009/2/10 Mitesh Shah <mshah at harpercollege.edu>:
> The AuthType/AuthName are in the .htaccess file inside
> /var/www/html/gapps where the html is served:
>
> ****.htaccess****
> AuthName "AD Authorize Me!"
> AuthType Basic
> ...
> ****.htaccess****
>
> If I put an .htaccess file in the /var/www/cgi-bin dir the user will
get
> asked for authentication a second time which I don't want.

They would not be asked of the user a second time, the browser will
realise that it has already supplied credentials for 'AD Authorize
Me!' AuthName zone and automatically supply them when server says it
needs them. You just need to ensure that Auth* directives are same for
each area.

It is because you don't have AuthName etc defined for CGI script
location that it isn't seeing REMOTE_USER in its environment.

Graham

> Am I doing
> something wrong with this setup?
>
> ****http.conf for cgi-bin****
> <Directory "/var/www/cgi-bin">
>    AllowOverride AuthConfig
>    Options None
>    Order allow,deny
>    Allow from all
> </Directory>
> ****http.conf for cgi-bin****
>
> -----Original Message-----
> From: Graham Dumpleton [mailto:graham.dumpleton at gmail.com]
> Sent: Monday, February 09, 2009 10:18 PM
> To: Mitesh Shah
> Cc: mod_python at modpython.org
> Subject: Re: [mod_python] req.user always returns None
>
> 2009/2/10 Mitesh Shah <mshah at harpercollege.edu>:
>>>What is the original Apache configuration block you are using for
>>>authentication and where is the CGI script located?
>>
>> Here is the conf block for the html directory (authentication dir):
>>
>> ****http.conf****
>> <Directory "/var/www/html">
>>        Options Indexes FollowSymLinks
>>        AllowOverride AuthConfig
>>        Order allow,deny
>>        Allow from all
>> </Directory>
>> ****http.conf****
>>
>> Now the actual .htaccess and html files are in /var/www/html/gapps.
>>
>> My python CGI is in /var/www/cgi-bin.
>
> But where was AuthType/AuthName etc when trying to use CGI scripts?
>
> If that wasn't defined such that it covered directory/location CGI
> script access from/as, then authentication wouldn't have been applied
> for CGI script.
>
> Graham
>
>> -----Original Message-----
>> From: Graham Dumpleton [mailto:graham.dumpleton at gmail.com]
>> Sent: Monday, February 09, 2009 9:52 PM
>> To: Mitesh Shah
>> Cc: mod_python at modpython.org
>> Subject: Re: [mod_python] req.user always returns None
>>
>> 2009/2/10 Mitesh Shah <mshah at harpercollege.edu>:
>>> Sorry for the confusion.  Well it was initially a CGI and then I
>> learned
>>> about mod_python.  Right now I haven't made any changes to the CGI
>> until
>>> I learn how mod_python works.  And all I need is the username and
not
>>> the full name.  When I tried -- os.environ["REMOTE_USER"] -- it
never
>>> returned anything.  I think I'm just having a hard time
understanding
>>> the logistics of mod_python.
>>
>> If you are using os.environ["REMOTE_USER"] inside mod_python handler
>> it will not work. Only relevant to CGI scripts. Just making sure we
>> are talking about same thing here.
>>
>>> I call an html and ask for authentication, this should set the cgi
>>> variable but since my python CGI is calling python
> (#!/usr/bin/python)
>>> separately, I don't think it can access the username from the
initial
>>> authentication.
>>
>> If you mean that the first line of your CGI script has that line,
then
>> that is normal and how UNIX knows what interpreter to run for the
>> contents of the script.
>>
>> If REMOTE_USER environment variable is not set for CGI script, then
AD
>> authentication handler is either not setting 'user' correctly, or the
>> CGI script isn't located in the same Directory/Location context for
>> which the authentication was enabled.
>>
>> What is the original Apache configuration block you are using for
>> authentication and where is the CGI script located?
>>
>> Graham
>>
>>> Which brought me mod_python.  Every example I see they change
> Apache's
>>> httpd.conf to point to the python script. And then this calls
>>> req.get_basic_auth_pw() and req.user and I am able to see the
>> username.
>>> Basically I want the user to authenticate and be presented the html
>> form
>>> and then post to my CGI(or soon mod_python) and then the python
> script
>>> would then grab the username via req.user.
>>>
>>> Thanks for you help so far.
>>>
>>> -Mitesh
>>>
>>> -----Original Message-----
>>> From: Graham Dumpleton [mailto:graham.dumpleton at gmail.com]
>>> Sent: Monday, February 09, 2009 7:21 PM
>>> To: Mitesh Shah
>>> Cc: mod_python at modpython.org
>>> Subject: Re: [mod_python] req.user always returns None
>>>
>>> 2009/2/10 Mitesh Shah <mshah at harpercollege.edu>:
>>>> I will take a look at mod_wsgi.  Anyway, looking at the initial
post
>> I
>>>> realized that pw = req.get_basic_auth_pw() came AFTER req.user.  I
>>> don't
>>>> know how many times I had read that this was incorrect and STILL
did
>>>> it!!  Anyway, I got it to work with that change.  But this was all
>>> just
>>>> for testing.  But now I realized that I may not be able to use this
>>> with
>>>> what I want to accomplish.
>>>>
>>>> 1) Use apache Authorization via .htaccess (which connects to Active
>>>> Directory) -- Working
>>>> 2) After the user is authenticated I have a form (html) with two
>>> fields
>>>> that posts to a python script. -- partially working (cannot log
>>>> username)
>>>
>>> When you say script, what is it implemented as, CGI or mod_python?
>>>
>>> If CGI, then user should be available as REMOTE_USER environment
>>> variable. If mod_python then as req.user.
>>>
>>> If these don't work then the AD module you are using for
>>> authentication is broken in not setting 'user' in Apache request
>>> structure properly.
>>>
>>>> The reason I looked into mod_python was that I am trying to pass
the
>>>> user's name from the initial login to my python script.  Any ideas
> on
>>>> how I could do this?
>>>
>>> Or are you after full name of user rather than a log in ID?
>>>
>>> Can you clarify a bit.
>>>
>>> Graham
>>>
>>>> Thanks,
>>>> Mitesh
>>>>
>>>> -----Original Message-----
>>>> From: Graham Dumpleton [mailto:graham.dumpleton at gmail.com]
>>>> Sent: Monday, February 09, 2009 5:35 PM
>>>> To: Mitesh Shah
>>>> Cc: mod_python at modpython.org
>>>> Subject: Re: [mod_python] req.user always returns None
>>>>
>>>> It is the authentication handlers responsibility, directly or
>>>> indirectly, to set req.user, it will not be set before the
>>>> authentication handler is called. Setting it is one of the things
>> that
>>>> a correctly implement authentication handler should do.
>>>>
>>>> For the way you are doing things, req.user will only be set after:
>>>>
>>>>  pw = req.get_basic_auth_pw()
>>>>
>>>> is called. Ie., done as a side effect of that call.
>>>>
>>>> BTW, if you are new to mod_python, you might want to consider
> instead
>>>> using mod_wsgi, writing your application code as a WSGI application
>>>> and using mod_wsgi's much simpler to understand authentication
>>>> provider hooks where everything is done for you except for
> validating
>>>> the user credentials. For the latter see:
>>>>
>>>>  http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms
>>>>
>>>> Graham
>>>>
>>>> 2009/2/10 Mitesh Shah <mshah at harpercollege.edu>:
>>>>> I am having some issues trying to req.user to return a username.
I
>>> am
>>>> very
>>>>> new to python and mod_python.  I happened upon this thread:
>>>>>
>>>>>
>>>>>
>>>>> http://osdir.com/ml/python.mod_python/2003-10/msg00092.html
>> regarding
>>>> a
>>>>> similar issue.
>>>>>
>>>>>
>>>>>
>>>>> Anyway, even when I ran the code posted by "David Hancock" in the
>>> post
>>>> above
>>>>> I only got a "None" for the username in the error_log file.  I am
>>>> sending
>>>>> this in the URL:
>>>>>
>>>>> "http://localhost/python/mptest"
>>>>>
>>>>>
>>>>>
>>>>> Here is the test setup as it applies to me(basically unchanged).
>>>>>
>>>>>
>>>>>
>>>>> ******mptest.py*******
>>>>>
>>>>> from mod_python import apache
>>>>>
>>>>>
>>>>>
>>>>> def handler(req):
>>>>>
>>>>>         req.content_type = 'text/plain'
>>>>>
>>>>>         req.send_http_header()
>>>>>
>>>>>         req.write("Hello, world!")
>>>>>
>>>>>         return apache.OK
>>>>>
>>>>>
>>>>>
>>>>> def authenhandler(req):
>>>>>
>>>>>         user = req.user
>>>>>
>>>>>         pw = req.get_basic_auth_pw()
>>>>>
>>>>>         req.log_error(str(user) + ' ' + str(pw))
>>>>>
>>>>>         if user == "fred" and pw == "secret":
>>>>>
>>>>>                 return apache.OK
>>>>>
>>>>>         else:
>>>>>
>>>>>                 return apache.HTTP_UNAUTHORIZED
>>>>>
>>>>> *******mptest.py******
>>>>>
>>>>>
>>>>>
>>>>> *******httpd.conf******
>>>>>
>>>>> <Directory "/var/www/html/python">
>>>>>
>>>>>     AddHandler python-program .py
>>>>>
>>>>>     PythonHandler mptest
>>>>>
>>>>>     PythonAuthenHandler mptest
>>>>>
>>>>>     AuthType Basic
>>>>>
>>>>>     AuthName "mod_python restricted area"
>>>>>
>>>>>     require valid-user
>>>>>
>>>>>     PythonDebug On
>>>>>
>>>>> </Directory>
>>>>>
>>>>> ******httpd.conf*******
>>>>>
>>>>>
>>>>>
>>>>> *******error_log*******
>>>>>
>>>>> [Mon Feb 09 17:10:04 2009] [error] [client 127.0.0.1] None secret
>>>>>
>>>>> *******error_log*******
>>>>>
>>>>>
>>>>>
>>>>> After attempting to login I get a 401 page and then I am asked to
>>>> login
>>>>> again.
>>>>>
>>>>>
>>>>>
>>>>> Any help would be greatly appreciated!
>>>>>
>>>>>
>>>>>
>>>>> Thank you,
>>>>>
>>>>> Mitesh
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Mod_python mailing list
>>>>> Mod_python at modpython.org
>>>>> http://mailman.modpython.org/mailman/listinfo/mod_python
>>>>>
>>>>>
>>>>
>>>
>>
>



More information about the Mod_python mailing list