[Twisted-web] simple guard question
glyph at divmod.com
glyph at divmod.com
Fri Jul 20 00:40:17 EDT 2007
On 12:05 am, p.mayers at imperial.ac.uk wrote:
>On Thu, 2007-07-19 at 19:15 -0400, Jean-Paul Calderone wrote:
>>On Fri, 20 Jul 2007 00:03:33 +0100, Phil Mayers
>><p.mayers at imperial.ac.uk> wrote:
>> >How does one get the username for a given request? Bearing in mind
>> >a guard sessions username may have been gathered via an HTML form and
>> >not be present on subsequent requests.
>>What is a username? What if the HTML form presents a CAPTCHA image as
>>challenge instead of a username/password login?
>The username is the avatarId, which is always a string and always
>present, is it not?
No, we use the term "avatarId" on purpose, to distinguish from other
common ideas about "username". It doesn't necessarily match any
significant input to your system, nor any particularly interesting data
on the back-end. It will be a string, but it might end up just being
the str() of an integer primary key in a database somewhere.
The fact that this differing from the visibly obvious "username" is so
rarely is unfortunately confusing, and treating it as a username is a
convenience that many, many deployments can count on, but should not be
a core assumption of Twisted Web or Nevow.
>Anyway, never mind - I get the idea - the page is the avatar and should
>be acting on the users behalf. I don't *agree* with the idea, but I get
This is certainly a controversial idea, and one that is frequently
criticised, often in this manner. Although I don't *agree* with the
criticism, I don't object to it ;). Its design rationale should be
better documented, and for that I apologize.
However, although you may want a "user object" that is different than
the page -- and in that case the top-level page should probably wrap
that object -- the term "avatar" has a specific meaning. To be an
avatar for HTTP, you must implement IResource.
You can disagree about whether this is the most generally useful design,
but it *is* the specific design to which the jargon term "avatar" refers
in the context of cred. Trying to re-define it so that it doesn't mean
that makes an already confusing topic even more difficult to discuss.
So please don't.
More information about the Twisted-web