copying scope before modifying it in JWTMiddleware

piccolo-orm · Aug 13, 2019 · 3bee368 · 3bee368
1 parent 374b296
commit 3bee368
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/docs/source/introduction.rst b/docs/source/introduction.rst
@@ -121,6 +121,9 @@ default it's set to 1 day.
         expiry=timedelta(minutes=10)
     )
 
+.. hint:: You generally want short expiry tokens for web applications, and
+   longer expiry times for mobile applications.
+
 JWTMiddleware
 -------------
 

diff --git a/piccolo_api/middleware/auth.py b/piccolo_api/middleware/auth.py
@@ -1,3 +1,4 @@
+import copy
 import typing as t
 import time
 
@@ -102,6 +103,7 @@ async def __call__(self, scope, receive, send):
         if not user_id:
             raise HTTPException(status_code=403)
 
-        scope['user_id'] = user_id
+        new_scope = copy.copy(scope)
+        new_scope['user_id'] = user_id
 
-        await self.asgi(scope, receive, send)
+        await self.asgi(new_scope, receive, send)