[Twisted-Python] Lazily adding Identities in new cred
dripton at ripton.net
Sat Jul 12 00:09:12 EDT 2003
I'm working on a turn-based game, with a server and N untrusted clients,
So far I just have a few hardcoded test users and passwords. Now I'd
like to add lazy user registration. If a username is already known,
then you need the password to log in. If it's not known, you can claim
that username by attempting to login, and your password should be
immediately set to whatever you just used.
(I'm not saying this is the generally ideal way to add new users and
assign their passwords, but it should definitely be doable in any
reasonably flexible authentication framework.)
It appears that cred was not really designed to support this, because
the password that the user entered is not passed to
Authorizer.getIdentityRequest, which seems like the obvious place to
lazily add an Identity.
Getting it there by patching Twisted would be easy enough: pass it from
pb.authIdentity through AuthServ.remote_username into the call to
getIdentityRequest. The callers would always need to pass the password,
but only a small percentage of Authorizers would actually use it, so
this doesn't seem perfectly clean. But I don't see a better alternative.
David Ripton dripton at ripton.net
More information about the Twisted-Python