[Twisted-web] Get identity of previously-authenticated user

Phil Mayers p.mayers at imperial.ac.uk
Fri Apr 22 06:51:59 EDT 2011


On 04/22/2011 01:13 AM, Glyph Lefkowitz wrote:
>
> On Apr 21, 2011, at 11:12 AM, Mike Pelletier wrote:
>
>> The only opportunity I have to bind a user identity/object to a
>> request is by constructing and throwing away a new Resource tree for
>> each request in requestAvatar. I decided that was probably not what I
>> was meant to do. Instead, I have done something that turns out to
>> smell very bad to solve this problem. What was the correct solution?
>
> Resources can be extremely lightweight objects. If your actual resource
> tree is heavyweight (containing lots of data, shared caches, etc) you
> can trivially build an overlay resource tree that just remembers the
> user object and binds it to the underlying tree.
>
> So the main question is: why did you decide that this is not what you
> were meant to do?

For what it's worth: I decided exactly the same thing way back when, and 
also discovered that, no, you are supposed to do that.

I thought about why I'd decided that, and came to the conclusion it's 
just not intuitive - it "felt" wrong - but couldn't be more specific. 
Possibly it's because almost every other web framework I've ever seen, 
python or not, gives you a "user" object of some description on the request?

Perhaps a note in the web/guard docs suggesting this approach might tip 
people off.

(That said, I don't use Twisted for web stuff anymore, so it's not of 
much interest to me)



More information about the Twisted-web mailing list