- Deprecate the ``authentication_policy`` and ``authorization_policy``

arguments to ``repoze.bfg.router.make_app``. Instead, developers should use the various authentication policy ZCML directives (``repozewho1authenticationpolicy``, ``remoteuserauthenticationpolicy`` and ``authtktauthenticationpolicy``) and the `aclauthorizationpolicy`` authorization policy directive as described in the changes to the "Security" narrative documentation chapter and the wiki tutorials.
author: Chris McDonough <chrism@agendaless.com> 2009-07-01 08:13:25 +0000
committer: Chris McDonough <chrism@agendaless.com> 2009-07-01 08:13:25 +0000
commit: 0688dad3e51361e3274650f39897100063f89459 (patch)
tree: 585ba59c6ddef0aef171116eb682a0a64220b756 /repoze
parent: dd7614a8e486735b7106331ca6b86229115de249 (diff)
download: pyramid-0688dad3e51361e3274650f39897100063f89459.tar.gz
pyramid-0688dad3e51361e3274650f39897100063f89459.tar.bz2
pyramid-0688dad3e51361e3274650f39897100063f89459.zip
2 files changed, 37 insertions, 11 deletions
diff --git a/repoze/bfg/router.py b/repoze/bfg/router.py
index 0a863f93a..4eb0fed81 100644
--- a/repoze/bfg/router.py
+++ b/repoze/bfg/router.py
@@ -239,7 +239,10 @@ def make_app(root_factory, package=None, filename='configure.zcml',
     authentication or authorization will be performed.  Instead, BFG
     will ignore any view permission assertions in your application and
     imperative security checks performed by your application will
-    always return ``True``.
+    always return ``True``.  This argument is deprecated in
+    :mod:`repoze.bfg` 1.0; use a ZCML directive such as
+    ``authtktauthenticationpolicy`` instead, as documented in the
+    Security chapter of the :mod:`repoze.bfg` documentation.
 
     ``authorization_policy`` is an object that implements the
     ``repoze.bfg.interfaces.IAuthorizationPoicy`` interface
@@ -249,7 +252,10 @@ def make_app(root_factory, package=None, filename='configure.zcml',
     authenticate that user.  If the ``authentication_policy`` argument
     is *not* ``None``, and the ``authorization_policy`` argument *is*
     ``None``, the authorization policy defaults to an authorization
-    implementation that uses ACLs.
+    implementation that uses ACLs.  This argument is deprecated in
+    :mod:`repoze.bfg` 1.0; use a ZCML directive such as
+    ``aclauthorizationpolicy`` instead, as documented in the Security
+    chapter of the :mod:`repoze.bfg` documentation.
 
     ``options``, if used, should be a dictionary containing runtime
     options (e.g. the key/value pairs in an app section of a
@@ -272,12 +278,6 @@ def make_app(root_factory, package=None, filename='configure.zcml',
     settings = Settings(get_options(options))
     registry.registerUtility(settings, ISettings)
 
-    if authentication_policy:
-        registry.registerUtility(authentication_policy, IAuthenticationPolicy)
-        if authorization_policy is None:
-            authorization_policy = ACLAuthorizationPolicy()
-        registry.registerUtility(authorization_policy, IAuthorizationPolicy)
-
     if root_factory is None:
         root_factory = DefaultRootFactory
 
@@ -287,6 +287,23 @@ def make_app(root_factory, package=None, filename='configure.zcml',
     mapper = RoutesRootFactory(root_factory)
     registry.registerUtility(mapper, IRoutesMapper)
 
+    if authentication_policy:
+        debug_logger.warn(
+            'The "authentication_policy" and "authorization_policy" '
+            'arguments to repoze.bfg.router.make_app have been deprecated '
+            'in repoze.bfg version 1.0.  Instead of using these arguments to '
+            'configure an authorization/authentication policy pair, use '
+            'a pair of ZCML directives (such as "authtktauthenticationpolicy" '
+            'and "aclauthorizationpolicy" documented within the Security '
+            'chapter in the BFG documentation.  If you need to use a custom '
+            'authentication or authorization policy, you should make a ZCML '
+            'directive for it and use that directive within your '
+            'application\'s ZCML')
+        registry.registerUtility(authentication_policy, IAuthenticationPolicy)
+        if authorization_policy is None:
+            authorization_policy = ACLAuthorizationPolicy()
+        registry.registerUtility(authorization_policy, IAuthorizationPolicy)
+
     populateRegistry(registry, filename, package)
 
     if mapper.has_routes():
diff --git a/repoze/bfg/tests/test_router.py b/repoze/bfg/tests/test_router.py
index 389920029..b0f75d899 100644
--- a/repoze/bfg/tests/test_router.py
+++ b/repoze/bfg/tests/test_router.py
@@ -780,8 +780,11 @@ class MakeAppTests(unittest.TestCase):
         from repoze.bfg.interfaces import IAuthorizationPolicy
         authzpolicy = DummyContext()
         from repoze.bfg.tests import routesapp
-        app = self._callFUT(None, routesapp, authorization_policy=authzpolicy)
+        logger = DummyLogger()
+        app = self._callFUT(None, routesapp, authorization_policy=authzpolicy,
+                            debug_logger=logger)
         self.failIf(app.registry.queryUtility(IAuthorizationPolicy))
+        self.assertEqual(logger.messages, [])
         
     def test_authentication_policy_no_authorization_policy(self):
         from repoze.bfg.interfaces import IAuthorizationPolicy
@@ -789,12 +792,15 @@ class MakeAppTests(unittest.TestCase):
         from repoze.bfg.authorization import ACLAuthorizationPolicy
         authnpolicy = DummyContext()
         from repoze.bfg.tests import routesapp
-        app = self._callFUT(None, routesapp, authentication_policy=authnpolicy)
+        logger = DummyLogger()
+        app = self._callFUT(None, routesapp, authentication_policy=authnpolicy,
+                            debug_logger=logger)
         self.assertEqual(app.registry.getUtility(IAuthenticationPolicy),
                          authnpolicy)
         self.assertEqual(
             app.registry.getUtility(IAuthorizationPolicy).__class__,
             ACLAuthorizationPolicy)
+        self.assertEqual(len(logger.messages), 1) # deprecation warning
                         
     def test_authentication_policy_and_authorization_policy(self):
         from repoze.bfg.interfaces import IAuthorizationPolicy
@@ -802,12 +808,15 @@ class MakeAppTests(unittest.TestCase):
         authnpolicy = DummyContext()
         authzpolicy = DummyContext()
         from repoze.bfg.tests import routesapp
+        logger = DummyLogger()
         app = self._callFUT(None, routesapp, authentication_policy=authnpolicy,
-                            authorization_policy = authzpolicy)
+                            authorization_policy = authzpolicy,
+                            debug_logger=logger)
         self.assertEqual(app.registry.getUtility(IAuthenticationPolicy),
                          authnpolicy)
         self.assertEqual(app.registry.getUtility(IAuthorizationPolicy),
                          authzpolicy)
+        self.assertEqual(len(logger.messages), 1) # deprecation warning
 
 class TestDefaultForbiddenView(unittest.TestCase):
     def _callFUT(self, context, request):
author	Chris McDonough <chrism@agendaless.com>	2009-07-01 08:13:25 +0000
committer	Chris McDonough <chrism@agendaless.com>	2009-07-01 08:13:25 +0000
commit	0688dad3e51361e3274650f39897100063f89459 (patch)
tree	585ba59c6ddef0aef171116eb682a0a64220b756 /repoze
parent	dd7614a8e486735b7106331ca6b86229115de249 (diff)
download	pyramid-0688dad3e51361e3274650f39897100063f89459.tar.gz pyramid-0688dad3e51361e3274650f39897100063f89459.tar.bz2 pyramid-0688dad3e51361e3274650f39897100063f89459.zip