fix: restore local PFS authentication by adding WSGI loopback identity middleware

[YizukiAme]

Fixes #4130

Problem

PR #4090 correctly removed the trust of client-supplied X-Remote-User headers to prevent identity spoofing. However, it did not provide an alternative mechanism for the local Prompt Flow Service (PFS) to identify the local user. Since waitress (the WSGI server used by PFS) never sets REMOTE_USER in the WSGI environ, all local calls to @local_user_only endpoints (/Connections/{name}/listsecrets, /Telemetries/) are now rejected with 403.

Fix

Add a LocalUserMiddleware WSGI middleware that:

1. Sets REMOTE_USER = getpass.getuser() only when REMOTE_ADDR is 127.0.0.1 or ::1 (loopback)
2. Strips client-supplied HTTP_REMOTE_USER / HTTP_X_REMOTE_USER headers to prevent spoofing
3. Leaves non-loopback connections without REMOTE_USER — external connections are correctly rejected

The middleware is applied in create_app() via app.wsgi_app = LocalUserMiddleware(app.wsgi_app).

The existing local_user_only decorator is unchanged — it continues to check only request.environ["REMOTE_USER"], which is now properly populated by the server-side middleware rather than trusting any client header.

Security Properties

• ✅ Loopback-only: only 127.0.0.1 and ::1 get identity injection
• ✅ Header stripping: client-supplied Remote-User / X-Remote-User are removed before reaching the app
• ✅ No new trust surface: the fix adds server-side identity, not client-side
• ✅ Backwards compatible: @local_user_only behavior is preserved exactly

Tests

4 regression tests in test_local_user_auth_middleware.py:

• IPv4 loopback → REMOTE_USER injected
• IPv6 loopback → REMOTE_USER injected
• Non-loopback → no REMOTE_USER (403 expected)
• Spoofed headers → stripped, real OS user used

This fix was developed with AI assistance and reviewed by a human.

[YizukiAme]

@microsoft-github-policy-service agree

[github-actions]

Hi, thank you for your interest in helping to improve the prompt flow experience and for your contribution. We've noticed that there hasn't been recent engagement on this pull request. If this is still an active work stream, please let us know by pushing some changes or leaving a comment.

[github-actions]

Hi, thank you for your interest in helping to improve the prompt flow experience and for your contribution. We've noticed that there hasn't been recent engagement on this pull request. If this is still an active work stream, please let us know by pushing some changes or leaving a comment.

[github-actions]

Hi, thank you for your interest in helping to improve the prompt flow experience and for your contribution. We've noticed that there hasn't been recent engagement on this pull request. If this is still an active work stream, please let us know by pushing some changes or leaving a comment.

[YizukiAme]

:-)

[github-actions]

Hi, thank you for your interest in helping to improve the prompt flow experience and for your contribution. We've noticed that there hasn't been recent engagement on this pull request. If this is still an active work stream, please let us know by pushing some changes or leaving a comment.

[YizukiAme]

cmt