[Twisted-web] Sessions and Authentication for Web2

Jean-Paul Calderone exarkun at divmod.com
Tue Nov 29 18:49:12 MST 2005

On Tue, 29 Nov 2005 17:26:32 +0000, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> [snip]
>class MultiPortal(Portal):
>   def login(self, credlist):
>     for c in self.checkers:
>       # All or a subset...
>       if c.canHandle(credlist):
>         return c.login(credlist)
>     for c in self.checkers:
>       c.maybeChallenge(credlist)
>...which starts to look very different from cred as-is

I haven't had time to catch up on this thread, but I wanted to point out that it is pretty much always wrong to subclass Portal.  If you ever find yourself doing this, you have found a real case cred does not support or (more likely, and I believe this is case here) you not succeeded in fitting whatever authentication scheme is at hand into cred.

Changing the signature of portal.login() in this manner almost entirely defeats the purpose of cred, because it destroys the general nature of the API.  I cannot use a protocol implemented against the above MultiPortal without having specific knowledge as to this implementation detail, nor can I re-use any existing portal which my application already goes to the trouble to create with it.  This is a bad thing.


More information about the Twisted-web mailing list