On Mon, 28 Nov 2005 18:18:28 -0800, Kevin Turner <[EMAIL PROTECTED]> wrote:
On Sun, 2005-11-27 at 21:31 +0000, Phil Mayers wrote:
it seems the "credentials" *are* the HTTP
request object (which in fact is true, given how the HTTP spec is worded
I think?).
This is what I tried up doing; including the request in the Credentials.
This works a bit, but it really isn't compatible with t.web.guard.
Mostly because my Checker ends up doing things to the request, but Guard
really had plans to do *other* things with that request once
Portal.login returned, so it ends up in a bit of a wreck. Maybe it
would work better if I used a livepage channel instead of a dumb
request.
It would be better if some specific interface were published via wrapping the
request, so that the authentication code could be clearly recognizable. I
don't think it makes sense to think of the request itself as the authentication
interface or the credentials, especially as any interesting HTTP-based
authentication scheme (even simple challenge/response digest auth) spans
multiple requests.
_______________________________________________
Twisted-web mailing list
[email protected]
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-web
