Security: Change "principal" argument in security.remember() to "userid".

Make the change througout the authentication policies, etc. as well.

6 files changed, 28 insertions, 28 deletions

diff --git a/docs/narr/security.rst b/docs/narr/security.rst
index 57d7ac38f..16718cfa4 100644
--- a/docs/narr/security.rst
+++ b/docs/narr/security.rst
@@ -104,9 +104,9 @@ For example:
 
 The above configuration enables a policy which compares the value of an "auth
 ticket" cookie passed in the request's environment which contains a reference
-to a single :term:`principal` against the principals present in any
-:term:`ACL` found in the resource tree when attempting to call some
-:term:`view`.
+to a single :term:`userid` and matches that userid's principals against the
+principals present in any :term:`ACL` found in the resource tree when
+attempting to call some :term:`view`.
 
 While it is possible to mix and match different authentication and
 authorization policies, it is an error to configure a Pyramid application
@@ -616,11 +616,11 @@ that implements the following interface:
            as ``pyramid.security.Everyone`` and
            ``pyramid.security.Authenticated``. """
 
-       def remember(self, request, principal, **kw):
+       def remember(self, request, userid, **kw):
            """ Return a set of headers suitable for 'remembering' the
-           principal named ``principal`` when set in a response.  An
-           individual authentication policy and its consumers can decide
-           on the composition and meaning of **kw. """
+           userid named ``userid`` when set in a response.  An
+           individual authentication policy and its consumers can
+           decide on the composition and meaning of **kw. """
        
        def forget(self, request):
            """ Return a set of headers suitable for 'forgetting' the
diff --git a/pyramid/authentication.py b/pyramid/authentication.py
index b84981bbc..f4c211ffa 100644
--- a/pyramid/authentication.py
+++ b/pyramid/authentication.py
@@ -335,11 +335,11 @@ class RepozeWho1AuthenticationPolicy(CallbackAuthenticationPolicy):
         effective_principals.extend(groups)
         return effective_principals
 
-    def remember(self, request, principal, **kw):
-        """ Store the ``principal`` as ``repoze.who.userid``.
+    def remember(self, request, userid, **kw):
+        """ Store the ``userid`` as ``repoze.who.userid``.
         
         The identity to authenticated to :mod:`repoze.who`
-        will contain the given principal as ``userid``, and
+        will contain the given userid as ``userid``, and
         provide all keyword arguments as additional identity
         keys. Useful keys could be ``max_age`` or ``userdata``.
         """
@@ -348,7 +348,7 @@ class RepozeWho1AuthenticationPolicy(CallbackAuthenticationPolicy):
             return []
         environ = request.environ
         identity = kw
-        identity['repoze.who.userid'] = principal
+        identity['repoze.who.userid'] = userid
         return identifier.remember(environ, identity)
 
     def forget(self, request):
@@ -404,7 +404,7 @@ class RemoteUserAuthenticationPolicy(CallbackAuthenticationPolicy):
         """ The ``REMOTE_USER`` value found within the ``environ``."""
         return request.environ.get(self.environ_key)
 
-    def remember(self, request, principal, **kw):
+    def remember(self, request, userid, **kw):
         """ A no-op. The ``REMOTE_USER`` does not provide a protocol for
         remembering the user. This will be application-specific and can
         be done somewhere else or in a subclass."""
@@ -652,7 +652,7 @@ class AuthTktAuthenticationPolicy(CallbackAuthenticationPolicy):
         if result:
             return result['userid']
 
-    def remember(self, request, principal, **kw):
+    def remember(self, request, userid, **kw):
         """ Accepts the following kw args: ``max_age=<int-seconds>,
         ``tokens=<sequence-of-ascii-strings>``.
 
@@ -660,7 +660,7 @@ class AuthTktAuthenticationPolicy(CallbackAuthenticationPolicy):
         the response.
 
         """
-        return self.cookie.remember(request, principal, **kw)
+        return self.cookie.remember(request, userid, **kw)
 
     def forget(self, request):
         """ A list of headers which will delete appropriate cookies."""
@@ -1061,13 +1061,13 @@ class SessionAuthenticationPolicy(CallbackAuthenticationPolicy):
         self.userid_key = prefix + 'userid'
         self.debug = debug
 
-    def remember(self, request, principal, **kw):
-        """ Store a principal in the session."""
-        request.session[self.userid_key] = principal
+    def remember(self, request, userid, **kw):
+        """ Store a userid in the session."""
+        request.session[self.userid_key] = userid
         return []
 
     def forget(self, request):
-        """ Remove the stored principal from the session."""
+        """ Remove the stored userid from the session."""
         if self.userid_key in request.session:
             del request.session[self.userid_key]
         return []
@@ -1132,7 +1132,7 @@ class BasicAuthAuthenticationPolicy(CallbackAuthenticationPolicy):
         if credentials:
             return credentials[0]
 
-    def remember(self, request, principal, **kw):
+    def remember(self, request, userid, **kw):
         """ A no-op. Basic authentication does not provide a protocol for
         remembering the user. Credentials are sent on every request.
 
diff --git a/pyramid/interfaces.py b/pyramid/interfaces.py
index c5a70dbfd..bba818c8a 100644
--- a/pyramid/interfaces.py
+++ b/pyramid/interfaces.py
@@ -460,9 +460,9 @@ class IAuthenticationPolicy(Interface):
         user, including 'system' groups such as Everyone and
         Authenticated. """
 
-    def remember(request, principal, **kw):
+    def remember(request, userid, **kw):
         """ Return a set of headers suitable for 'remembering' the
-        principal named ``principal`` when set in a response.  An
+        userid named ``userid`` when set in a response.  An
         individual authentication policy and its consumers can decide
         on the composition and meaning of ``**kw.`` """
 
diff --git a/pyramid/security.py b/pyramid/security.py
index 041155563..3cef7ee5a 100644
--- a/pyramid/security.py
+++ b/pyramid/security.py
@@ -115,12 +115,12 @@ deprecated(
     '"effective_principals" attribute of the Pyramid request instead.'
     )
 
-def remember(request, principal, **kw):
+def remember(request, userid, **kw):
     """
     Returns a sequence of header tuples (e.g. ``[('Set-Cookie', 'foo=abc')]``)
     on this request's response.
     These headers are suitable for 'remembering' a set of credentials
-    implied by the data passed as ``principal`` and ``*kw`` using the
+    implied by the data passed as ``userid`` and ``*kw`` using the
     current :term:`authentication policy`.  Common usage might look
     like so within the body of a view function (``response`` is
     assumed to be a :term:`WebOb` -style :term:`response` object
@@ -142,7 +142,7 @@ def remember(request, principal, **kw):
     policy = _get_authentication_policy(request)
     if policy is None:
         return []
-    return policy.remember(request, principal, **kw)
+    return policy.remember(request, userid, **kw)
 
 def forget(request):
     """
diff --git a/pyramid/testing.py b/pyramid/testing.py
index 8cbd8b82b..f77889e72 100644
--- a/pyramid/testing.py
+++ b/pyramid/testing.py
@@ -79,8 +79,8 @@ class DummySecurityPolicy(object):
             effective_principals.extend(self.groupids)
         return effective_principals
 
-    def remember(self, request, principal, **kw):
-        self.remembered = principal
+    def remember(self, request, userid, **kw):
+        self.remembered = userid
         return self.remember_result
 
     def forget(self, request):
diff --git a/pyramid/tests/test_security.py b/pyramid/tests/test_security.py
index 6f08a100c..027f9cda0 100644
--- a/pyramid/tests/test_security.py
+++ b/pyramid/tests/test_security.py
@@ -462,8 +462,8 @@ class DummyAuthenticationPolicy:
     def authenticated_userid(self, request):
         return self.result
 
-    def remember(self, request, principal, **kw):
-        headers = [(_TEST_HEADER, principal)]
+    def remember(self, request, userid, **kw):
+        headers = [(_TEST_HEADER, userid)]
         self._header_remembered = headers[0]
         return headers