[Twisted-web] Credential questions - hide user name
andpasswordon login + get ip address in realm
Alexander May
alex-news at comcast.net
Tue Nov 16 08:50:51 MST 2004
Also, while on I'm on the subject of guard, is there a way to set the url a
user reaches after log in? For example if the log in form is at
http:/foo.com/, I would like the admin log in to end up at
http:/foo.com/Admin/, and the non admin log in to end up at
http:/foo.com/Home/. Currently, both just end up at the root url. Should
the respective resources returned in Realm:requestAvatar just do a redirect,
or is some simple way to rewrite the url? I tried muddling with the various
path members of the request in locateChild with no success.
-----Original Message-----
From: twisted-web-bounces at twistedmatrix.com
[mailto:twisted-web-bounces at twistedmatrix.com] On Behalf Of Alexander May
Sent: Tuesday, November 16, 2004 9:42 AM
To: 'Discussion of twisted.web, Nevow,and Woven'
Subject: RE: [Twisted-web] Credential questions - hide user name
andpasswordon login + get ip address in realm
> That's a bug in _your_ code. Just use POST. Guard doesn't implement
> the
form.
> From guarded.tac:
> tags.form(action=guard.LOGIN_AVATAR, method='post')[
I was working off the 0.3 examples directory which does not have
method=post. Somewhat baffled I looked at the version in the svn trunk and
I see that the example has been updated to include method=post. It works
(as you know); I'm glad to see the guard code handles it correctly. Thanks.
> Well, you can do it before or after the guard, atleast.
If I parse this code correctly, you are simply pulling the ipaddress and url
out of the context passed to various resource functions and filtering on it.
I certainly could do this as well, but I would prefer to have access to it
while I have an avatar available too. Furthermore I would like to create a
single log entry of avatar and ip-address for every log-in. Doing it a web
page centric way strikes me as less good then doing it in a log-in centric
way.
Alex
-----Original Message-----
From: twisted-web-bounces at twistedmatrix.com
[mailto:twisted-web-bounces at twistedmatrix.com] On Behalf Of Tommi Virtanen
Sent: Tuesday, November 16, 2004 4:15 AM
To: Discussion of twisted.web, Nevow,and Woven
Subject: Re: [Twisted-web] Credential questions - hide user name and
passwordon login + get ip address in realm
Alexander May wrote:
>1) After I log in, the username and password are shown in the address bar.
>Is there anyway to force the guard code to use post instead of get so
>that such things are not displayed so publicly. I tried changing the
>main log-in form to use post, but it seems there is a redirect that
>occurs that prevents such a change from having the desired result.
>
>
That's a bug in _your_ code. Just use POST. Guard doesn't implement the
form.
From guarded.tac:
tags.form(action=guard.LOGIN_AVATAR, method='post')[
>2) I would like to check the up address that the user is logging in
>from to perform some additional verification. Is there a way to get
>access to this information in Realm.requestAvatar or in
>CredentialsChecker.requestAvatarId,
>or somewhere else where it may be incorporated into the log-in process?
>
>
Well, you can do it before or after the guard, atleast.
http://divmod.org/svn/Nevow/sandbox/tv/access
_______________________________________________
Twisted-web mailing list
Twisted-web at twistedmatrix.com
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-web
_______________________________________________
Twisted-web mailing list
Twisted-web at twistedmatrix.com
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-web
More information about the Twisted-web
mailing list