Merge branch 'master' into 1.4-branch

10 files changed, 128 insertions, 26 deletions

diff --git a/CHANGES.txt b/CHANGES.txt
index 613be1b80..95375e5ba 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -24,6 +24,32 @@ Bug Fixes
   1.4 too (a registry is attached to a request passed to bootstrap or
   prepare).
 
+- When registering a view configuration that named a Chameleon ZPT renderer
+  with a macro name in it (e.g. ``renderer='some/template#somemacro.pt``) as
+  well as a view configuration without a macro name it it that pointed to the
+  same template (e.g. ``renderer='some/template.pt'), internal caching could
+  confuse the two, and your code might have rendered one instead of the
+  other.
+
+Features
+--------
+
+- The Configurator ``testing_securitypolicy`` method now returns the policy
+  object it creates.
+
+- The Configurator ``testing_securitypolicy`` method accepts two new
+  arguments: ``remember_result`` and ``forget_result``.  If supplied, these
+  values influence the result of the policy's ``remember`` and ``forget``
+  methods, respectively.
+
+- The DummySecurityPolicy created by ``testing_securitypolicy`` now sets a
+  ``forgotten`` value on the policy (the value ``True``) when its ``forget``
+  method is called.
+
+- The DummySecurityPolicy created by ``testing_securitypolicy`` now sets a
+  ``remembered`` value on the policy, which is the value of the ``principal``
+  argument it's called with when its ``remember`` method is called.
+
 1.4a2 (2012-09-27)
 ==================
 
diff --git a/pyramid/chameleon_zpt.py b/pyramid/chameleon_zpt.py
index 73203a7cb..d8a8ee1be 100644
--- a/pyramid/chameleon_zpt.py
+++ b/pyramid/chameleon_zpt.py
@@ -18,10 +18,12 @@ class ZPTTemplateRenderer(object):
 
     @reify # avoid looking up reload_templates before manager pushed
     def template(self):
-        tf = PageTemplateFile(self.path,
-                              auto_reload=self.lookup.auto_reload,
-                              debug=self.lookup.debug,
-                              translate=self.lookup.translate)
+        tf = PageTemplateFile(
+            self.path,
+            auto_reload=self.lookup.auto_reload,
+            debug=self.lookup.debug,
+            translate=self.lookup.translate
+            )
         if self.macro:
             # render only the portion of the template included in a
             # define-macro named the value of self.macro
diff --git a/pyramid/config/testing.py b/pyramid/config/testing.py
index f40cf25a7..abbbffc10 100644
--- a/pyramid/config/testing.py
+++ b/pyramid/config/testing.py
@@ -19,7 +19,8 @@ from pyramid.config.util import action_method
 class TestingConfiguratorMixin(object):
     # testing API
     def testing_securitypolicy(self, userid=None, groupids=(),
-                               permissive=True):
+                               permissive=True, remember_result=None,
+                               forget_result=None):
         """Unit/integration testing helper: Registers a pair of faux
         :app:`Pyramid` security policies: a :term:`authentication
         policy` and a :term:`authorization policy`.
@@ -31,6 +32,24 @@ class TestingConfiguratorMixin(object):
         nonpermissive :term:`authorization policy` is registered; this
         policy denies all access.
 
+        ``remember_result``, if provided, should be the result returned by
+        the ``remember`` method of the faux authentication policy.  If it is
+        not provided (or it is provided, and is ``None``), the default value
+        ``[]`` (the empty list) will be returned by ``remember``.
+
+        .. note::
+
+           ``remember_result`` is new as of Pyramid 1.4.
+
+        ``forget_result``, if provided, should be the result returned by
+        the ``forget`` method of the faux authentication policy.  If it is
+        not provided (or it is provided, and is ``None``), the default value
+        ``[]`` (the empty list) will be returned by ``forget``.
+
+        .. note::
+
+           ``forget_result`` is new as of Pyramid 1.4.
+
         The behavior of the registered :term:`authentication policy`
         depends on the values provided for the ``userid`` and
         ``groupids`` argument.  The authentication policy will return
@@ -47,9 +66,12 @@ class TestingConfiguratorMixin(object):
         :func:`pyramid.security.principals_allowed_by_permission`.
         """
         from pyramid.testing import DummySecurityPolicy
-        policy = DummySecurityPolicy(userid, groupids, permissive)
+        policy = DummySecurityPolicy(
+            userid, groupids, permissive, remember_result, forget_result
+            )
         self.registry.registerUtility(policy, IAuthorizationPolicy)
         self.registry.registerUtility(policy, IAuthenticationPolicy)
+        return policy
 
     def testing_resources(self, resources):
         """Unit/integration testing helper: registers a dictionary of
diff --git a/pyramid/renderers.py b/pyramid/renderers.py
index 1368e190e..57a61ebba 100644
--- a/pyramid/renderers.py
+++ b/pyramid/renderers.py
@@ -367,6 +367,12 @@ class JSONP(JSON):
 
 @implementer(IChameleonLookup)
 class ChameleonRendererLookup(object):
+    spec_re = re.compile(
+        r'(?P<asset>[\w_.:/-]+)'
+        r'(?:\#(?P<defname>[\w_]+))?'
+        r'(\.(?P<ext>.*))'
+        )
+
     def __init__(self, impl, registry):
         self.impl = impl
         self.registry = registry
@@ -417,6 +423,12 @@ class ChameleonRendererLookup(object):
             return False
         return settings.get('reload_templates', False)
 
+    def _crack_spec(self, spec):
+        asset, macro, ext = self.spec_re.match(spec).group(
+            'asset', 'defname', 'ext'
+            )
+        return asset, macro, ext
+    
     def __call__(self, info):
         spec = self.get_spec(info.name, info.package)
         registry = info.registry
@@ -436,27 +448,22 @@ class ChameleonRendererLookup(object):
             # spec is a package:relpath asset spec
             renderer = registry.queryUtility(ITemplateRenderer, name=spec)
             if renderer is None:
-                p = re.compile(
-                    r'(?P<asset>[\w_.:/-]+)'
-                    r'(?:\#(?P<defname>[\w_]+))?'
-                    r'(\.(?P<ext>.*))'
-                    )
-                asset, macro, ext = p.match(spec).group(
-                    'asset', 'defname', 'ext'
-                    )
-                spec = '%s.%s' % (asset, ext)
+                asset, macro, ext = self._crack_spec(spec)
+                spec_without_macro = '%s.%s' % (asset, ext)
                 try:
-                    package_name, filename = spec.split(':', 1)
+                    package_name, filename = spec_without_macro.split(':', 1)
                 except ValueError: # pragma: no cover
                     # somehow we were passed a relative pathname; this
                     # should die
                     package_name = caller_package(4).__name__
-                    filename = spec
+                    filename = spec_without_macro
                 abspath = pkg_resources.resource_filename(package_name,
                                                           filename)
                 if not pkg_resources.resource_exists(package_name, filename):
                     raise ValueError(
-                        'Missing template asset: %s (%s)' % (spec, abspath))
+                        'Missing template asset: %s (%s)' % (
+                            spec_without_macro, abspath)
+                        )
                 renderer = self.impl(abspath, self, macro=macro)
                 settings = info.settings
                 if not settings.get('reload_assets'):
diff --git a/pyramid/session.py b/pyramid/session.py
index 3b2834693..a5e6a8d3a 100644
--- a/pyramid/session.py
+++ b/pyramid/session.py
@@ -83,8 +83,9 @@ def signed_deserialize(serialized, secret, hmac=hmac):
 
 def check_csrf_token(request, token='csrf_token', raises=True):
     """ Check the CSRF token in the request's session against the value in
-    ``request.params.get(token)``.  If ``token`` is not supplied, the string
-    value ``csrf_token`` will be used as the token value.  If the value in
+    ``request.params.get(token)``.  If a ``token`` keyword is not supplied
+    to this function, the string ``csrf_token`` will be used to look up
+    the token within ``request.params``.  If the value in
     ``request.params.get(token)`` doesn't match the value supplied by
     ``request.session.get_csrf_token()``, and ``raises`` is ``True``, this
     function will raise an :exc:`pyramid.httpexceptions.HTTPBadRequest`
diff --git a/pyramid/testing.py b/pyramid/testing.py
index 9e8f2bff3..cecf13469 100644
--- a/pyramid/testing.py
+++ b/pyramid/testing.py
@@ -53,10 +53,17 @@ class DummyRootFactory(object):
 
 class DummySecurityPolicy(object):
     """ A standin for both an IAuthentication and IAuthorization policy """
-    def __init__(self, userid=None, groupids=(), permissive=True):
+    def __init__(self, userid=None, groupids=(), permissive=True,
+                 remember_result=None, forget_result=None):
         self.userid = userid
         self.groupids = groupids
         self.permissive = permissive
+        if remember_result is None:
+            remember_result = []
+        if forget_result is None:
+            forget_result = []
+        self.remember_result = remember_result
+        self.forget_result = forget_result
 
     def authenticated_userid(self, request):
         return self.userid
@@ -73,10 +80,12 @@ class DummySecurityPolicy(object):
         return effective_principals
 
     def remember(self, request, principal, **kw):
-        return []
+        self.remembered = principal
+        return self.remember_result
 
     def forget(self, request):
-        return []
+        self.forgotten = True
+        return self.forget_result
 
     def permits(self, context, principals, permission):
         return self.permissive
diff --git a/pyramid/tests/fixtures/withmacro.pt b/pyramid/tests/fixtures/withmacro.pt
index 8bca01e4d..6fa654645 100644
--- a/pyramid/tests/fixtures/withmacro.pt
+++ b/pyramid/tests/fixtures/withmacro.pt
@@ -1,4 +1,5 @@
 <html>
+Outside macro
 <metal:m define-macro="foo">
   Hello!
 </metal:m>
diff --git a/pyramid/tests/test_chameleon_zpt.py b/pyramid/tests/test_chameleon_zpt.py
index 37538e83e..5ac57f869 100644
--- a/pyramid/tests/test_chameleon_zpt.py
+++ b/pyramid/tests/test_chameleon_zpt.py
@@ -132,8 +132,13 @@ class ZPTTemplateRendererTests(Base, unittest.TestCase):
         result = instance.implementation()()
         self.assertEqual(result, '\n  Hello!\n')
         
-        
-        
+    def test_macro_notsupplied(self):
+        minimal = self._getTemplatePath('withmacro.pt')
+        lookup = DummyLookup()
+        instance = self._makeOne(minimal, lookup)
+        result = instance.implementation()()
+        self.assertEqual(result,
+                         '<html>\nOutside macro\n\n  Hello!\n\n</html>\n\n')
 
 class DummyLookup(object):
     auto_reload=True
diff --git a/pyramid/tests/test_config/test_testing.py b/pyramid/tests/test_config/test_testing.py
index 6c048b46d..1089f09fc 100644
--- a/pyramid/tests/test_config/test_testing.py
+++ b/pyramid/tests/test_config/test_testing.py
@@ -23,6 +23,30 @@ class TestingConfiguratorMixinTests(unittest.TestCase):
         self.assertEqual(ut.groupids, ('group1', 'group2'))
         self.assertEqual(ut.permissive, False)
 
+    def test_testing_securitypolicy_remember_result(self):
+        from pyramid.security import remember
+        config = self._makeOne(autocommit=True)
+        pol = config.testing_securitypolicy(
+            'user', ('group1', 'group2'),
+            permissive=False, remember_result=True)
+        request = DummyRequest()
+        request.registry = config.registry
+        val = remember(request, 'fred')
+        self.assertEqual(pol.remembered, 'fred')
+        self.assertEqual(val, True)
+
+    def test_testing_securitypolicy_forget_result(self):
+        from pyramid.security import forget
+        config = self._makeOne(autocommit=True)
+        pol = config.testing_securitypolicy(
+            'user', ('group1', 'group2'),
+            permissive=False, forget_result=True)
+        request = DummyRequest()
+        request.registry = config.registry
+        val = forget(request)
+        self.assertEqual(pol.forgotten, True)
+        self.assertEqual(val, True)
+
     def test_testing_resources(self):
         from pyramid.traversal import find_resource
         from pyramid.interfaces import ITraverser
diff --git a/pyramid/tests/test_renderers.py b/pyramid/tests/test_renderers.py
index af9188abc..cb6c364a7 100644
--- a/pyramid/tests/test_renderers.py
+++ b/pyramid/tests/test_renderers.py
@@ -295,6 +295,7 @@ class TestChameleonRendererLookup(unittest.TestCase):
         self.assertEqual(factory.kw, {'macro':None})
 
     def test___call__spec_withmacro(self):
+        from pyramid.interfaces import ITemplateRenderer
         import os
         from pyramid import tests
         module_name = tests.__name__
@@ -302,10 +303,11 @@ class TestChameleonRendererLookup(unittest.TestCase):
         renderer = {}
         factory = DummyFactory(renderer)
         spec = '%s:%s' % (module_name, relpath)
+        reg = self.config.registry
         info = DummyRendererInfo({
             'name':spec,
             'package':None,
-            'registry':self.config.registry,
+            'registry':reg,
             'settings':{},
             'type':'type',
             })
@@ -318,6 +320,9 @@ class TestChameleonRendererLookup(unittest.TestCase):
             'withmacro.pt')
         self.assertTrue(factory.path.startswith(path))
         self.assertEqual(factory.kw, {'macro':'foo'})
+        self.assertTrue(
+            reg.getUtility(ITemplateRenderer, name=spec) is renderer
+            )
 
     def test___call__reload_assets_true(self):
         import pyramid.tests