[Twisted-Python] PB checkers bug?
![](https://secure.gravatar.com/avatar/3c4988f83703127d279406fc6eea7079.jpg?s=120&d=mm&r=g)
Hi all, I didn't get a reply to my earlier post about inventing mad crazy checkers, so I decided to just use the IUsernamePassword interface, but I'm stuck, because it appears PB won't allow me to use only that interface. If I try, it dies like this: Traceback (most recent call last): Failure: twisted.cred.error.UnhandledCredentials: No checker for twisted.cred.credentials.IUsernameHashedPassword, twisted.spread.pb.IUsernameMD5Password, twisted.spread.interfaces.IJellyable To reproduce the error, all you have to do is tweak InMemoryUsernamePasswordDatabaseDontUse to only implement IUsernamePassword. I've prepared the code below for a client and a server to demonstrate the issue. Am I just missing something? If not, should the inability to use IUsernamePassword alone be filed as a bug? Anybody? Thanks, Steve ----------------- This is the server: #!/usr/bin/python from twisted.cred import checkers, credentials, portal from twisted.internet import reactor from twisted.spread import pb from zope import interface class MyRealm: __implements__ = portal.IRealm def requestAvatar(self, avatarId, mind, *interfaces): print "Success! We'll never get here. :-(" return pb.IPerspective, pb.Avatar(), lambda: reactor.stop() # So we use a simple checker... the_checker = \ checkers.InMemoryUsernamePasswordDatabaseDontUse(client1='abc') # ...and now let's perform the problematic modification: the_checker.credentialInterfaces = (credentials.IUsernamePassword,) the_realm = MyRealm() the_portal = portal.Portal(the_realm) the_portal.registerChecker(the_checker) the_factory = pb.PBServerFactory(the_portal) reactor.listenTCP(8800, the_factory) reactor.run() ----------------- This is the client: #!/usr/bin/python from twisted.spread import pb from twisted.internet import reactor from twisted.python import log from twisted.cred import credentials import sys log.startLogging(sys.stdout, 0) the_factory = pb.PBClientFactory() reactor.connectTCP('localhost', 8800, the_factory) d = the_factory.login(credentials.UsernamePassword('client1', 'abc')) d.addCallback(lambda x: log.msg('Success! Won\'t happen.')) d.addErrback(lambda x: log.msg('We died:', x)) reactor.run() -- Steve Freitas <sflist@ihonk.com>
![](https://secure.gravatar.com/avatar/7ed9784cbb1ba1ef75454034b3a8e6a1.jpg?s=120&d=mm&r=g)
On Wed, 27 Jul 2005 21:22:50 -0700, Steve Freitas <sflist@ihonk.com> wrote:
PBClientFactory's login method is a rotten lie. It /does not/ take an IUsernamePassword credentials objects, nor does it log in with the server using an IUsernamePassword credentials object. It takes an object with a username attribute and a password attribute, and logs in with an IUsernameHashedPassword. Your credentials checker /must/ support checking the latter interface. If you want to support some other authentication backend which is incapable of checking IUsernameHashedPassword credentials, you may need to implement an alternate login scheme for PB. This is not difficult, but consider carefully whether you actually need it or not (because writing crypto code is always risky). Jp
![](https://secure.gravatar.com/avatar/3c4988f83703127d279406fc6eea7079.jpg?s=120&d=mm&r=g)
Okay, good to know I'm not crazy. I'll file a bug with a patch to change the docstring. I'll just put up with a hashed login, as I'm getting impatient to move on with my project; it'll still allow me to throw a bunch of metadata into the username string, which gives me everything I need. Thanks, Steve On Thu, 2005-07-28 at 01:09 -0400, Jp Calderone wrote:
![](https://secure.gravatar.com/avatar/7ed9784cbb1ba1ef75454034b3a8e6a1.jpg?s=120&d=mm&r=g)
On Wed, 27 Jul 2005 21:22:50 -0700, Steve Freitas <sflist@ihonk.com> wrote:
PBClientFactory's login method is a rotten lie. It /does not/ take an IUsernamePassword credentials objects, nor does it log in with the server using an IUsernamePassword credentials object. It takes an object with a username attribute and a password attribute, and logs in with an IUsernameHashedPassword. Your credentials checker /must/ support checking the latter interface. If you want to support some other authentication backend which is incapable of checking IUsernameHashedPassword credentials, you may need to implement an alternate login scheme for PB. This is not difficult, but consider carefully whether you actually need it or not (because writing crypto code is always risky). Jp
![](https://secure.gravatar.com/avatar/3c4988f83703127d279406fc6eea7079.jpg?s=120&d=mm&r=g)
Okay, good to know I'm not crazy. I'll file a bug with a patch to change the docstring. I'll just put up with a hashed login, as I'm getting impatient to move on with my project; it'll still allow me to throw a bunch of metadata into the username string, which gives me everything I need. Thanks, Steve On Thu, 2005-07-28 at 01:09 -0400, Jp Calderone wrote:
participants (2)
-
Jp Calderone
-
Steve Freitas