[Twisted-Python] how to implement login form logic with twisted.cred checkers, credentials and portal
Mashiat Sarker Shakkhar
mashiat.sarker at gmail.com
Sat Mar 5 20:11:23 MST 2016
On 3/2/16 9:32 AM, snailcoder wrote:
> I'm trying to implement some login logic using twisted.cred module for
> a website. In short, there's a login page with username/password
> forms. Once the user input the right username/password, the browser
> will redirect to another page which includes the user's profile.
>
> Does anyone have any ideas about how to implement this logic with
> twisted.cred checkers, credentials and portal? Any suggestion is
> appreciated :-)
Hi
Before I answer your question, allow me to give you a word of advice.
Twisted is a low-level library. While you can build a web application
directly on top of Twisted, I would not recommend it. You need
higher-level abstractions to write manageable code. I recommend that you
find a framework that builds on top of Twisted.
As for your question, you will find many examples of Twisted
authentication if you Google a bit. You should probably start by reading
this page:
https://twistedmatrix.com/documents/current/core/howto/cred.html. Below
you will find a simple (and not very secure) example. It uses HTTP Basic
authentication. It owes its verbosity to the low-level nature of Twisted.
from twisted.cred import portal, checkers, credentials, error as
credError
from twisted.internet import defer, reactor
from twisted.web import guard, http, resource, server
from zope.interface import implements
class HttpPasswordRealm(object):
implements(portal.IRealm)
def __init__(self, resource):
self.resource = resource
def requestAvatar(self, avatarId, mind, *interfaces):
if resource.IResource in interfaces:
return (resource.IResource, self.resource, lambda: None)
raise NotImplementedError()
class MyPasswordChecker(object):
implements(checkers.ICredentialsChecker)
credentialInterfaces = (credentials.IUsernamePassword, )
MY_INSECURE_CREDS = {'name': 'pa$$w0rd'}
@defer.inlineCallbacks
def requestAvatarId(self, creds):
pw = self.MY_INSECURE_CREDS.get(creds.username) or b''
pw_match = yield creds.checkPassword(pw)
if pw_match is True:
defer.returnValue(creds.username)
else:
raise credError.UnauthorizedLogin('Incorrect username
or password')
class MyPortal(resource.Resource):
isLeaf = True
def render_GET(self, request):
return 'Top secret content'
checker = MyPasswordChecker()
realm = HttpPasswordRealm(MyPortal())
p = portal.Portal(realm, [checker, ])
factory = guard.BasicCredentialFactory('My secret portal')
protected_resource = guard.HTTPAuthSessionWrapper(p, [factory, ])
site = server.Site(protected_resource)
site.protocol = http.HTTPChannel
reactor.listenTCP(8080, site)
reactor.run()
Do not go and copy-paste the above. Please do your research. To build
the interaction you described, I will recommend using Klein
(https://github.com/twisted/klein). Klein can give you your entire app
as a Resource instance. This example does not manage sessions or lets
you log out. It only describes how you can protect a Resource using
Twisted.cred. Good luck.
Regards
Shakkhar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20160305/11d6aa49/attachment-0002.html>
More information about the Twisted-Python
mailing list