[Twisted-web] simple guard question

glyph at divmod.com glyph at divmod.com
Fri Jul 20 00:40:17 EDT 2007


On 12:05 am, p.mayers at imperial.ac.uk wrote:
>On Thu, 2007-07-19 at 19:15 -0400, Jean-Paul Calderone wrote:
>>On Fri, 20 Jul 2007 00:03:33 +0100, Phil Mayers 
>><p.mayers at imperial.ac.uk> wrote:
>> >How does one get the username for a given request? Bearing in mind 
>>that
>> >a guard sessions username may have been gathered via an HTML form and
>> >not be present on subsequent requests.
>> >
>>
>>What is a username?  What if the HTML form presents a CAPTCHA image as 
>>a
>>challenge instead of a username/password login?
>
>The username is the avatarId, which is always a string and always
>present, is it not?

No, we use the term "avatarId" on purpose, to distinguish from other 
common ideas about "username".  It doesn't necessarily match any 
significant input to your system, nor any particularly interesting data 
on the back-end.  It will be a string, but it might end up just being 
the str() of an integer primary key in a database somewhere.

The fact that this differing from the visibly obvious "username" is so 
rarely is unfortunately confusing, and treating it as a username is a 
convenience that many, many deployments can count on, but should not be 
a core assumption of Twisted Web or Nevow.
>Anyway, never mind - I get the idea - the page is the avatar and should
>be acting on the users behalf. I don't *agree* with the idea, but I get
>it.

This is certainly a controversial idea, and one that is frequently 
criticised, often in this manner.  Although I don't *agree* with the 
criticism, I don't object to it ;).  Its design rationale should be 
better documented, and for that I apologize.

However, although you may want a "user object" that is different than 
the page -- and in that case the top-level page should probably wrap 
that object -- the term "avatar" has a specific meaning.  To be an 
avatar for HTTP, you must implement IResource.

You can disagree about whether this is the most generally useful design, 
but it *is* the specific design to which the jargon term "avatar" refers 
in the context of cred.  Trying to re-define it so that it doesn't mean 
that makes an already confusing topic even more difficult to discuss. 
So please don't.



More information about the Twisted-web mailing list