[Twisted-Python] need an identity
I seem to have a problem... I need access to the identity for a client as their perspective is being created from within getPerspectiveRequest(). Although Service::getPerspectiveRequest is called by the identity instance for the client, when using the DBAuthorizer, there doesnt appear to be a way to access this identity object from within getPerspectiveRequest. The only way to lookup an identity is Authorizer::getIdentityRequest - which in this case will hit the database again to load the identity. I want the existing identity instance, not a new instance for the same identity. I know the Identity instance is out there, but I can't get at it! The DbAuthorizer does not keep an "identities" list around, so I cant look up the identity the same way you can in the DefaultAuthorizer. Is this a security issue? Is access to the identity information for a perspective not allowed? One solution would be for me would be for the identity to be passed into getPerspectiveRequest as another argument: def getPerspectiveRequest(self, name, identity): instead of the existing: def getPerspectiveRequest(self, name): This is may be too drastic an API change for just this one case... but it doesnt require changing much existing code... thoughts? ---- Sean Riley
On Thu, 11 Jul 2002 13:01:56 -0500, "Sean Riley" <sean@ninjaneering.com> wrote:
One solution would be for me would be for the identity to be passed into getPerspectiveRequest as another argument [...]
This is may be too drastic an API change for just this one case... but it doesnt require changing much existing code...
I think you're right here. This will become increasingly necessary as identities implement more authorization techniques, and particular services need to verify that the identities have been verified, say, without using a cleartext password. However, in the interests of preserving backwards compatibility, maybe have a getExtendedPerspectiveRequest() that had the additional argument[s] that you need. Is there anyone out there who is currently using this API who has a reason not to change their code? -- | <`'> | Glyph Lefkowitz: Traveling Sorcerer | | < _/ > | Lead Developer, the Twisted project | | < ___/ > | http://www.twistedmatrix.com |
On Thu, 11 Jul 2002 13:01:56 -0500, "Sean Riley" <sean@ninjaneering.com> wrote:
One solution would be for me would be for the identity to be passed into getPerspectiveRequest as another argument [...]
This is may be too drastic an API change for just this one case... but it doesnt require changing much existing code...
I think you're right here. This will become increasingly necessary as identities implement more authorization techniques, and particular services need to verify that the identities have been verified, say, without using a cleartext password. However, in the interests of preserving backwards compatibility, maybe have a getExtendedPerspectiveRequest() that had the additional argument[s] that you need. Is there anyone out there who is currently using this API who has a reason not to change their code? -- | <`'> | Glyph Lefkowitz: Traveling Sorcerer | | < _/ > | Lead Developer, the Twisted project | | < ___/ > | http://www.twistedmatrix.com |
participants (2)
-
Glyph Lefkowitz -
Sean Riley