- When no authentication policy was configured, a call to

  ``pyramid.security.effective_principals`` would unconditionally return the
  empty list.  This was incorrect, it should have unconditionally returned
  ``[Everyone]``, and now does.

3 files changed, 8 insertions, 2 deletions

diff --git a/CHANGES.txt b/CHANGES.txt
index 859dc7b74..2393e28ec 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -18,6 +18,11 @@ Bug Fixes
   it can work on Windows. See https://github.com/Pylons/pyramid/issues/512
   for more information.
 
+- When no authentication policy was configured, a call to
+  ``pyramid.security.effective_principals`` would unconditionally return the
+  empty list.  This was incorrect, it should have unconditionally returned
+  ``[Everyone]``, and now does.
+
 1.3 (2012-03-21)
 ================
 
diff --git a/pyramid/security.py b/pyramid/security.py
index f29edd678..4b929241e 100644
--- a/pyramid/security.py
+++ b/pyramid/security.py
@@ -100,7 +100,7 @@ def effective_principals(request):
 
     policy = reg.queryUtility(IAuthenticationPolicy)
     if policy is None:
-        return []
+        return [Everyone]
     return policy.effective_principals(request)
 
 def principals_allowed_by_permission(context, permission):
diff --git a/pyramid/tests/test_security.py b/pyramid/tests/test_security.py
index 86149d554..ba9538b01 100644
--- a/pyramid/tests/test_security.py
+++ b/pyramid/tests/test_security.py
@@ -266,9 +266,10 @@ class TestEffectivePrincipals(unittest.TestCase):
         return effective_principals(request)
 
     def test_no_authentication_policy(self):
+        from pyramid.security import Everyone
         request = _makeRequest()
         result = self._callFUT(request)
-        self.assertEqual(result, [])
+        self.assertEqual(result, [Everyone])
 
     def test_with_authentication_policy(self):
         request = _makeRequest()