diff options
| author | Chris McDonough <chrism@plope.com> | 2013-10-28 17:19:35 -0400 |
|---|---|---|
| committer | Chris McDonough <chrism@plope.com> | 2013-10-28 17:19:35 -0400 |
| commit | 5431fdc645019c0b5eb0a60f41cd77aa3457ae07 (patch) | |
| tree | 7ee6d9c8af941c3ed31b713d20efbe86bc7cc454 | |
| parent | 2478de31b2e6d8d7667b9dd0c81f571130f3daf6 (diff) | |
| download | pyramid-5431fdc645019c0b5eb0a60f41cd77aa3457ae07.tar.gz pyramid-5431fdc645019c0b5eb0a60f41cd77aa3457ae07.tar.bz2 pyramid-5431fdc645019c0b5eb0a60f41cd77aa3457ae07.zip | |
add NB notes about recursive add_response_callback policies, use req instead of self for normalization with exception getting
| -rw-r--r-- | pyramid/security.py | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/pyramid/security.py b/pyramid/security.py index afca8cd9a..0d10b3998 100644 --- a/pyramid/security.py +++ b/pyramid/security.py @@ -413,7 +413,11 @@ class AuthenticationAPIMixin(object): # instructed exc = getattr(req, 'exception', None) if exc is None or on_exception: - headers = self._remember_userid(principal, **kw) + # NB: this call to _remember_userid should be exactly here + # because some policies actually add another response callback + # when their remember method is called, and we dont want them + # to do that if there's an exception in the default case. + headers = req._remember_userid(principal, **kw) response.headerlist.extend(headers) self.add_response_callback(callback) @@ -452,7 +456,11 @@ class AuthenticationAPIMixin(object): def callback(req, response): exc = getattr(req, 'exception', None) if exc is None or on_exception: - headers = self._forget_userid() + # NB: this call to _forget_userid should be exactly here + # because some policies actually add another response callback + # when their forget method is called, and we dont want them + # to do that if there's an exception in the default case. + headers = req._forget_userid() response.headerlist.extend(headers) self.add_response_callback(callback) |