Merge pull request #3557 from mmerickel/security-docs

update docs to use security policy

2 files changed, 27 insertions, 15 deletions

diff --git a/docs/quick_tutorial/authentication/tutorial/__init__.py b/docs/quick_tutorial/authentication/tutorial/__init__.py
index efc09e760..ec8a66a23 100644
--- a/docs/quick_tutorial/authentication/tutorial/__init__.py
+++ b/docs/quick_tutorial/authentication/tutorial/__init__.py
@@ -1,25 +1,21 @@
-from pyramid.authentication import AuthTktAuthenticationPolicy
-from pyramid.authorization import ACLAuthorizationPolicy
 from pyramid.config import Configurator
 
-from .security import groupfinder
+from .security import SecurityPolicy
 
 
 def main(global_config, **settings):
     config = Configurator(settings=settings)
     config.include('pyramid_chameleon')
 
-    # Security policies
-    authn_policy = AuthTktAuthenticationPolicy(
-        settings['tutorial.secret'], callback=groupfinder,
-        hashalg='sha512')
-    authz_policy = ACLAuthorizationPolicy()
-    config.set_authentication_policy(authn_policy)
-    config.set_authorization_policy(authz_policy)
+    config.set_security_policy(
+        SecurityPolicy(
+            secret=settings['tutorial.secret'],
+        ),
+    )
 
     config.add_route('home', '/')
     config.add_route('hello', '/howdy')
     config.add_route('login', '/login')
     config.add_route('logout', '/logout')
     config.scan('.views')
-    return config.make_wsgi_app()
\ No newline at end of file
+    return config.make_wsgi_app()
diff --git a/docs/quick_tutorial/authentication/tutorial/security.py b/docs/quick_tutorial/authentication/tutorial/security.py
index e585e2642..8324000ed 100644
--- a/docs/quick_tutorial/authentication/tutorial/security.py
+++ b/docs/quick_tutorial/authentication/tutorial/security.py
@@ -1,4 +1,5 @@
 import bcrypt
+from pyramid.authentication import AuthTktCookieHelper
 
 
 def hash_password(pw):
@@ -12,9 +13,24 @@ def check_password(pw, hashed_pw):
 
 USERS = {'editor': hash_password('editor'),
          'viewer': hash_password('viewer')}
-GROUPS = {'editor': ['group:editors']}
 
 
-def groupfinder(userid, request):
-    if userid in USERS:
-        return GROUPS.get(userid, [])
\ No newline at end of file
+class SecurityPolicy:
+    def __init__(self, secret):
+        self.authtkt = AuthTktCookieHelper(secret=secret)
+
+    def authenticated_identity(self, request):
+        identity = self.authtkt.identify(request)
+        if identity is not None and identity['userid'] in USERS:
+            return identity
+
+    def authenticated_userid(self, request):
+        identity = self.authenticated_identity(request)
+        if identity is not None:
+            return identity['userid']
+
+    def remember(self, request, userid, **kw):
+        return self.authtkt.remember(request, userid, **kw)
+
+    def forget(self, request, **kw):
+        return self.authtkt.forget(request, **kw)