[Twisted-web] HTTP authentication and Nevow cred checker

KC Leong mewanttowork at gmail.com
Mon Jan 29 06:50:06 CST 2007


With Twisted and Nevow I'm building an XML-RPC server that does HTTP
authentication. So a basic XML-RPC client can login using
https://user:passwd@host. I can get the credentials with HTTP
authentication, but how can I check the credentials. I'd tried calling
guard.SessionWrapper.login(....), but I get the error: "exceptions.TypeError:
unbound method login() must be called with SessionWrapper instance as first
argument (got NevowRequest instance instead)".

So I'm guessing that request.getSession() is wrong and I must get the
session of the guard (or something similar). Or I'm calling the wrong
function to check the creds. In the guarded.py example from Nevow the
credentials get checked thru a html form, but that is not what I want.

Below is an example part of my code:

class RootPage(rend.Page):
    ## We are a directory-like resource because we are at the root
    addSlash = True
    ## Doesn't work
    def tryLogin(self, ctx, request):
        session =  request.getSession()
        segments = inevow.ICurrentSegments(ctx)
        httpAuthCredentials = (self.data_username,self.data_password)
        return guard.SessionWrapper.login(request, session,
httpAuthCredentials, segments).addCallback(self._loginSucceeded).addErrback(

    def renderHTTP(self, ctx):
        request = inevow.IRequest(ctx)
        username, password = request.getUser(), request.getPassword()
        ## No REAL authentication yet, must implement it.
        if (username, password) == ('', ''):
            request.setHeader('WWW-Authenticate', 'Basic
            return "Authentication required."
        ## They provided a username and password, so let's let them in!
        self.data_username, self.data_password = username, password

        self.tryLogin(ctx, request)
        return rend.Page.renderHTTP(self, ctx)

    docFactory = loaders.stan(tags.html[
        tags.h1["Welcome user!"],
        tags.div["You said: ",
            tags.span(data=tags.directive('username'), render=str),
            " ",
            tags.span(data=tags.directive('password'), render=str),


Kim Chee Leong
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://twistedmatrix.com/pipermail/twisted-web/attachments/20070129/e78a6de1/attachment.htm

More information about the Twisted-web mailing list