On 12:05 am, p.mayers@imperial.ac.uk wrote:
On Thu, 2007-07-19 at 19:15 -0400, Jean-Paul Calderone wrote:
How does one get the username for a given request? Bearing in mind
On Fri, 20 Jul 2007 00:03:33 +0100, Phil Mayers <p.mayers@imperial.ac.uk> wrote: that
a guard sessions username may have been gathered via an HTML form and not be present on subsequent requests.
What is a username? What if the HTML form presents a CAPTCHA image as a challenge instead of a username/password login?
The username is the avatarId, which is always a string and always present, is it not?
No, we use the term "avatarId" on purpose, to distinguish from other common ideas about "username". It doesn't necessarily match any significant input to your system, nor any particularly interesting data on the back-end. It will be a string, but it might end up just being the str() of an integer primary key in a database somewhere. The fact that this differing from the visibly obvious "username" is so rarely is unfortunately confusing, and treating it as a username is a convenience that many, many deployments can count on, but should not be a core assumption of Twisted Web or Nevow.
Anyway, never mind - I get the idea - the page is the avatar and should be acting on the users behalf. I don't *agree* with the idea, but I get it.
This is certainly a controversial idea, and one that is frequently criticised, often in this manner. Although I don't *agree* with the criticism, I don't object to it ;). Its design rationale should be better documented, and for that I apologize. However, although you may want a "user object" that is different than the page -- and in that case the top-level page should probably wrap that object -- the term "avatar" has a specific meaning. To be an avatar for HTTP, you must implement IResource. You can disagree about whether this is the most generally useful design, but it *is* the specific design to which the jargon term "avatar" refers in the context of cred. Trying to re-define it so that it doesn't mean that makes an already confusing topic even more difficult to discuss. So please don't.