[Twisted-Python] htpasswd / HTTP basic auth example

Andrew Bennetts andrew-twisted at puzzling.org
Mon Jul 21 17:32:02 MDT 2003


On Mon, Jul 21, 2003 at 12:53:51PM -0400, Itamar Shtull-Trauring wrote:
> On Mon, 21 Jul 2003 21:03:43 +1000
> Andrew Bennetts <andrew-twisted at puzzling.org> wrote:
> > 
> > For what it's worth, I originally *tried* to implement this with
> > newcred/guard, and couldn't figure out how.  I seem to recall that a
> > large stumbling block was UsernamePasswordWrapper not being useful if
> > you are trying to compare against *hashed* passwords;
> 
> We now have a new credential type whose name I forget, or possibly the
> same one. Anyway, *some* credential type, which explicitly exposes the
> password. Which is what you should use. And it was added for the exact
> reason you mentioned.

IUsernameHashedPassword, I believe.  It got added after I wrote this and
whinged to Jp, iirc ;)

Regardless, UsernamePasswordWrapper has its credentials checker class
hardcoded to UsernamePassword (which implements IUsernamePassword) in a
nested function in the middle of a forty-line function, so it's still rather
useless to me.  It might be nice if that aspect of UsernamePasswordWrapper
was parameterised...

UsernamePasswordWrapper also assumes form-based authentication, if I'm
understanding correctly.  I'm not hugely wedded to HTTP basic auth, but it
is useful for some things, so it would be nice if UPW was able to return
something other than form.FormProcessor in the "INIT_PERSPECTIVE" case (and
I'm not certain I like the login URL being hard-coded... 'perspective-init'
strikes me as an implementation detail, like '.html' or '.asp', that users
shouldn't have to see -- 'login' would make more sense to most people).

Anyway, it was clear to me that the existing stable version of Twisted
couldn't support what I needed via guard, which is why I took the route I
did.  If someone who understands this stuff wants to incorporate htpasswd
and/or HTTP basic auth in such a way that I can use it from guard, I won't
complain :)

-Andrew.





More information about the Twisted-Python mailing list