[Twisted-web] Nevow: Authenticated site with "remember me" and vhosts

Donovan Preston dp at divmod.org
Sat Oct 30 10:26:46 MDT 2004


On Oct 30, 2004, at 11:03 AM, Paul Moore wrote:

> I'm trying to use Nevow to build a site which displays the results of
> a series of SQL queries. It looks good so far, I have the basic site
> structure all sorted out in my mind (it's *very* impressive how quick
> that was in Nevow). Before I flesh things out much further, I want to
> add some authentication - basically, "guest" users will be able to
> see a limited subset of the data.
>
> Adding authentication including a "login" form in the sidebar (a bit
> like Roundup does) was again very easy. I basically cribbed from the
> existing examples. But there are a few things I's now like to add:
>
> 1. Ultimately, I want to proxy the app through Apache, so I was using
>    the Virtual Host Monster. Im ny original, unauthenticated,
>    application, I added a "vhost" child to the main application
>    resource, and that was it. I can no longer do that, as the
>    resource is wrapped in a guard.SessionWrapper, which doesn't have
>    a putChild method. I'm not clear that I want the vhost child to be
>    authenticated anyway - what I *think* I want is for "/" to be
>    authenticated, but "/vhost" not to be. Or do I? Any suggestions?

Are you using 0.3 or SVN head? I think Tv was working on fixing 
guard-related problems in this area. You might have more luck using SVN 
head, if you are not.

> 2. I'd like to add a "remember me" checkbox, which if checked sets a
>    cookie to remember the user's ID, so that they don't have to log
>    in again for (say) 2 weeks. Much like gmail, or Yahoo, do. But I'm
>    not too sure how I'd go about this. I'm not even sure where I'd
>    *put* auto-login code: the page is too late (the guard has done
>    its thing by then) but anything else seems to be too early (ie,
>    not per-session, if you see what I mean). I suspect I need to
>    subclass the Portal, or something, but I'm not sure...

I'm not sure guard is sufficiently flexible to allow this. Perhaps one 
of the guard replacements that is being worked on will help? mg, can 
you comment? Also, indigo, can you comment on the session system you 
wrote and/or perhaps turn it into an example or a module?

> I've scanned the various examples, both in the distribution and in
> the Nevow sandbox, but nothing seems to do what I want. Can anyone
> give me some pointers?

Sorry I can't be of more help. Guard is one of nevow's weak spots, 
since I didn't write it and therefore don't understand it, because it 
is pretty horrifically complex.

> <off on a tangent>
> This is the sort of area where the lack of documentation really
> hurts. Examples are great (and the wealth of Nevow examples is realy
> nice) but there's a lack of "general principle" documentation to make
> it easy to generalise the example code. My best example of this is
> that I can't work out what to return from a render_* method - should
> it be a function, or a string, or a stan tree, or what? I suspect
> that by the magic of interfaces, the answer is "anything that can be
> adapted to an ISomething" (which needs further documentation to say
> what standard adapters from string, sequence, whatever to ISomething
> exist) - but it's not stated anywhere, which makes writing render_*
> methods an exciting exercise in experimentation :-)

Yes.

> At the other end of the scale, the source is really too low-level to
> follow for this sort of thing (I have tried).

Yes.

> Is there any documentation effort for Nevow going on anywhere? I'd
> happily contribute, although it would more likely be in the form of
> questions than answers at the moment :-)
> </off on a tangent>

There should be, and it is creeping up higher on my priority list. 
However, life prevents me. Hopefully sometime in the next few months.

Perhaps lurking on #twisted.web on irc.freenode.net would help?

dp




More information about the Twisted-web mailing list