[Twisted-web] simple guard question
Jean-Paul Calderone
exarkun at divmod.com
Thu Jul 19 19:15:15 EDT 2007
On Fri, 20 Jul 2007 00:03:33 +0100, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>How does one get the username for a given request? Bearing in mind that
>a guard sessions username may have been gathered via an HTML form and
>not be present on subsequent requests.
>
What is a username? What if the HTML form presents a CAPTCHA image as a
challenge instead of a username/password login?
The IResource which is responding to a request (either by satisfying a
locateChild call or a renderHTTP call) _is_ the user. For requirements
beyond that (and they should be few and far between), you have to impose
a limit on exactly what kind of authentication your code will work with
and supply a realm which will create avatars (IResource providers) with
whatever additional information you need them to have (eg, an HTTP auth
username, or the username field of an HTML form, or the CN field of an
SSL certificate, or whatever).
Jean-Paul
More information about the Twisted-web
mailing list