[Twisted-web] Get identity of previously-authenticated user

[Mike Pelletier]

twisted.web.template is great to have.  I'm doing a client's web app
project with (so far) just twisted.  So far the only thing I really
miss from nevow is that I cannot load a template from a fragment
identifier in an xml document, but just for reasons of convenience.

I need to know who is logged in.  Twisted offers
twisted.web.guard.HTTPAuthSessionWrapper to perform the initial
authentication, but then when a page element wants to know the
identity of the authenticated user, there seems to be no provision for
this.  Furthermore, there seems to be no place in the classes I am
invited to write to work with twisted.web.guard where both the request
object and the avatarId exist at the same time.

The only opportunity I have to bind a user identity/object to a
request is by constructing and throwing away a new Resource tree for
each request in requestAvatar.  I decided that was probably not what I
was meant to do.  Instead, I have done something that turns out to
smell very bad to solve this problem.  What was the correct solution?

Mine was to subclass HTTPAuthSessionWrapper and override
_authorizedResource and _login in order to pass the request object as
the mind.  From there I can use request.setComponent in requestAvatar
and request.removeComponent in the logout callback (just for fun) to
associate an authenticated user object with the request.  I'm not even
sure that's what "mind" is for, and it's not cool copying and pasting
the body of a couple of methods out of the library.

My next task appears to be to write a credential factory that can take
credentials out of the cookies or session, to support a friendly login
interface.  Again I feel as though I am whacking my way through what
should be a clear trail.  It's dangerous stuff to be writing as
application code.  Am I just expecting too much from twisted.web a la
carte?  Is nevow a viable choice anymore?

TIA for just one or two lines of wisdom.
--Mike