[Twisted-web] simple guard question

Jean-Paul Calderone exarkun at divmod.com
Thu Jul 19 19:15:15 EDT 2007

On Fri, 20 Jul 2007 00:03:33 +0100, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>How does one get the username for a given request? Bearing in mind that
>a guard sessions username may have been gathered via an HTML form and
>not be present on subsequent requests.

What is a username?  What if the HTML form presents a CAPTCHA image as a
challenge instead of a username/password login?

The IResource which is responding to a request (either by satisfying a
locateChild call or a renderHTTP call) _is_ the user.  For requirements
beyond that (and they should be few and far between), you have to impose
a limit on exactly what kind of authentication your code will work with
and supply a realm which will create avatars (IResource providers) with
whatever additional information you need them to have (eg, an HTTP auth
username, or the username field of an HTML form, or the CN field of an
SSL certificate, or whatever).


More information about the Twisted-web mailing list