Thanks for sucn a detailed explanation and sample codes!
Your code demonstrated header-based authentication, I've read some codes similar to this, but still got no idea about how to implement the form-based authentication with twisted.cred credentials and portal.
Any suggesstion for form-based authentication?
Regards
Wang Yan
<
Mashiat Sarker Shakkhar> 2016-03-06 11:11:26 wrote:
On 3/2/16 9:32 AM, snailcoder wrote:I'm trying to implement some login logic using twisted.cred module for a website. In short, there's a login page with username/password forms. Once the user input the right username/password, the browser will redirect to another page which includes the user's profile.Does anyone have any ideas about how to implement this logic with twisted.cred checkers, credentials and portal? Any suggestion is appreciated :-)
Hi
Before I answer your question, allow me to give you a word of advice. Twisted is a low-level library. While you can build a web application directly on top of Twisted, I would not recommend it. You need higher-level abstractions to write manageable code. I recommend that you find a framework that builds on top of Twisted.
As for your question, you will find many examples of Twisted authentication if you Google a bit. You should probably start by reading this page: https://twistedmatrix.com/documents/current/core/howto/cred.html. Below you will find a simple (and not very secure) example. It uses HTTP Basic authentication. It owes its verbosity to the low-level nature of Twisted.
from twisted.cred import portal, checkers, credentials, error as credError
from twisted.internet import defer, reactor
from twisted.web import guard, http, resource, server
from zope.interface import implements
class HttpPasswordRealm(object):
implements(portal.IRealm)
def __init__(self, resource):
self.resource = resource
def requestAvatar(self, avatarId, mind, *interfaces):
if resource.IResource in interfaces:
return (resource.IResource, self.resource, lambda: None)
raise NotImplementedError()
class MyPasswordChecker(object):
implements(checkers.ICredentialsChecker)
credentialInterfaces = (credentials.IUsernamePassword, )
MY_INSECURE_CREDS = {'name': 'pa$$w0rd'}
@defer.inlineCallbacks
def requestAvatarId(self, creds):
pw = self.MY_INSECURE_CREDS.get(creds.username) or b''
pw_match = yield creds.checkPassword(pw)
if pw_match is True:
defer.returnValue(creds.username)
else:
raise credError.UnauthorizedLogin('Incorrect username or password')
class MyPortal(resource.Resource):
isLeaf = True
def render_GET(self, request):
return 'Top secret content'
checker = MyPasswordChecker()
realm = HttpPasswordRealm(MyPortal())
p = portal.Portal(realm, [checker, ])
factory = guard.BasicCredentialFactory('My secret portal')
protected_resource = guard.HTTPAuthSessionWrapper(p, [factory, ])
site = server.Site(protected_resource)
site.protocol = http.HTTPChannel
reactor.listenTCP(8080, site)
reactor.run()
Do not go and copy-paste the above. Please do your research. To build the interaction you described, I will recommend using Klein (https://github.com/twisted/klein). Klein can give you your entire app as a Resource instance. This example does not manage sessions or lets you log out. It only describes how you can protect a Resource using Twisted.cred. Good luck.
Regards
Shakkhar
_______________________________________________ Twisted-Python mailing list [email protected] http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
