Merge branch 'master' of github.com:Pylons/pyramid

1 files changed, 45 insertions, 48 deletions

diff --git a/docs/quick_tutorial/authentication.rst b/docs/quick_tutorial/authentication.rst
index 7fd8173d4..acff97f3b 100644
--- a/docs/quick_tutorial/authentication.rst
+++ b/docs/quick_tutorial/authentication.rst
@@ -1,29 +1,30 @@
+.. _qtut_authentication:
+
 ==============================
 20: Logins With Authentication
 ==============================
 
-Login views that authenticate a username/password against a list of
-users.
+Login views that authenticate a username and password against a list of users.
+
 
 Background
 ==========
 
-Most web applications have URLs that allow people to add/edit/delete
-content via a web browser. Time to add
-:ref:`security <security_chapter>`
-to the application. In this first step we introduce authentication.
-That is, logging in and logging out using Pyramid's rich facilities for
-pluggable user storages.
+Most web applications have URLs that allow people to add/edit/delete content
+via a web browser. Time to add :ref:`security <security_chapter>` to the
+application. In this first step we introduce authentication. That is, logging
+in and logging out, using Pyramid's rich facilities for pluggable user storage.
+
+In the next step we will introduce protection of resources with authorization
+security statements.
 
-In the next step we will introduce protection resources with
-authorization security statements.
 
 Objectives
 ==========
 
-- Introduce the Pyramid concepts of authentication
+- Introduce the Pyramid concepts of authentication.
 
-- Create login/logout views
+- Create login and logout views.
 
 Steps
 =====
@@ -33,25 +34,23 @@ Steps
    .. code-block:: bash
 
     $ cd ..; cp -r view_classes authentication; cd authentication
-    $ $VENV/bin/python setup.py develop
+    $ $VENV/bin/pip install -e .
 
 #. Put the security hash in the ``authentication/development.ini``
-   configuration file as ``tutorial.secret`` instead of putting it in
-   the code:
+   configuration file as ``tutorial.secret`` instead of putting it in the code:
 
    .. literalinclude:: authentication/development.ini
     :language: ini
     :linenos:
 
-#. Get authentication (and for now, authorization policies) and login
-   route into the :term:`configurator` in
-   ``authentication/tutorial/__init__.py``:
+#. Get authentication (and for now, authorization policies) and login route
+   into the :term:`configurator` in ``authentication/tutorial/__init__.py``:
 
    .. literalinclude:: authentication/tutorial/__init__.py
     :linenos:
 
-#. Create a ``authentication/tutorial/security.py`` module that can find
-   our user information by providing an *authentication policy callback*:
+#. Create an ``authentication/tutorial/security.py`` module that can find our
+   user information by providing an *authentication policy callback*:
 
    .. literalinclude:: authentication/tutorial/security.py
     :linenos:
@@ -67,7 +66,7 @@ Steps
     :language: html
     :linenos:
 
-#. Provide a login/logout box in ``authentication/tutorial/home.pt``
+#. Provide a login/logout box in ``authentication/tutorial/home.pt``:
 
    .. literalinclude:: authentication/tutorial/home.pt
     :language: html
@@ -93,39 +92,37 @@ Steps
 Analysis
 ========
 
-Unlike many web frameworks, Pyramid includes a built-in but optional
-security model for authentication and authorization. This security
-system is intended to be flexible and support many needs. In this
-security model, authentication (who are you) and authorization (what
-are you allowed to do) are not just pluggable, but de-coupled. To learn
-one step at a time, we provide a system that identifies users and lets
-them log out.
-
-In this example we chose to use the bundled
-:ref:`AuthTktAuthenticationPolicy <authentication_module>`
-policy. We enabled it in our configuration and provided a
-ticket-signing secret in our INI file.
-
-Our view class grew a login view. When you reached it via a GET,
-it returned a login form. When reached via POST, it processed the
-username and password against the "groupfinder" callable that we
-registered in the configuration.
-
-In our template, we fetched the ``logged_in`` value from the view
-class. We use this to calculate the logged-in user,
-if any. In the template we can then choose to show a login link to
-anonymous visitors or a logout link to logged-in users.
-
-Extra Credit
+Unlike many web frameworks, Pyramid includes a built-in but optional security
+model for authentication and authorization. This security system is intended to
+be flexible and support many needs. In this security model, authentication (who
+are you) and authorization (what are you allowed to do) are not just pluggable,
+but de-coupled. To learn one step at a time, we provide a system that
+identifies users and lets them log out.
+
+In this example we chose to use the bundled :ref:`AuthTktAuthenticationPolicy
+<authentication_module>` policy. We enabled it in our configuration and
+provided a ticket-signing secret in our INI file.
+
+Our view class grew a login view. When you reached it via a ``GET`` request, it
+returned a login form. When reached via ``POST``, it processed the submitted
+username and password against the "groupfinder" callable that we registered in
+the configuration.
+
+In our template, we fetched the ``logged_in`` value from the view class. We use
+this to calculate the logged-in user, if any. In the template we can then
+choose to show a login link to anonymous visitors or a logout link to logged-in
+users.
+
+
+Extra credit
 ============
 
 #. What is the difference between a user and a principal?
 
 #. Can I use a database behind my ``groupfinder`` to look up principals?
 
-#. Once I am logged in, does any user-centric information get jammed
-   onto each request? Use ``import pdb; pdb.set_trace()`` to answer
-   this.
+#. Once I am logged in, does any user-centric information get jammed onto each
+   request? Use ``import pdb; pdb.set_trace()`` to answer this.
 
 .. seealso:: See also :ref:`security_chapter`,
    :ref:`AuthTktAuthenticationPolicy <authentication_module>`.