diff options
| -rw-r--r-- | CHANGES.txt | 14 | ||||
| -rw-r--r-- | docs/api/request.rst | 7 | ||||
| -rw-r--r-- | docs/quick_tutorial/authentication/tutorial/views.py | 15 | ||||
| -rw-r--r-- | docs/quick_tutorial/authorization/tutorial/views.py | 15 | ||||
| -rw-r--r-- | docs/tutorials/wiki/authorization.rst | 19 | ||||
| -rw-r--r-- | docs/tutorials/wiki/src/authorization/tutorial/views.py | 16 | ||||
| -rw-r--r-- | docs/tutorials/wiki/src/tests/tutorial/views.py | 16 | ||||
| -rw-r--r-- | docs/tutorials/wiki2/authorization.rst | 16 | ||||
| -rw-r--r-- | docs/tutorials/wiki2/src/authorization/tutorial/views.py | 22 | ||||
| -rw-r--r-- | docs/tutorials/wiki2/src/tests/tutorial/views.py | 23 | ||||
| -rw-r--r-- | pyramid/security.py | 139 | ||||
| -rw-r--r-- | pyramid/tests/test_config/test_testing.py | 32 | ||||
| -rw-r--r-- | pyramid/tests/test_security.py | 214 |
13 files changed, 183 insertions, 365 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 20b7726c4..9f780fe45 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -4,23 +4,13 @@ Unreleased Features -------- -- Authentication and authorization APIs have been added as as methods of the - request: ``request.has_permission``, ``request.forget_userid``, and - ``request.remember_userid``. +- An authorization API has been added as a method of the + request: ``request.has_permission``. ``request.has_permission`` is a method-based alternative to the ``pyramid.security.has_permission`` API and works exactly the same. The older API is now deprecated. - ``request.forget_userid`` and ``request.remember_userid`` are method-based - alternatives to ``pyramid.security.forget`` and - ``pyramid.security.remember``. These do not work exacly the same as their - function counterparts, however. These methods automatically set the headers - returned by the authentication policy on the response, whereas the older - function-based APIs returned a sequence of headers and required the caller to - set those headers. The older function-based API still works but is now - deprecated. - - Property API attributes have been added to the request for easier access to authentication data: ``request.authenticated_userid``, ``request.unauthenticated_userid``, and ``request.effective_principals``. diff --git a/docs/api/request.rst b/docs/api/request.rst index 661cdfc91..b7604020e 100644 --- a/docs/api/request.rst +++ b/docs/api/request.rst @@ -13,8 +13,7 @@ current_route_path, static_url, static_path, model_url, resource_url, set_property, effective_principals, authenticated_userid, - unauthenticated_userid, has_permission, forget_userid, - remember_userid + unauthenticated_userid, has_permission .. attribute:: context @@ -254,10 +253,6 @@ request provided by e.g. the ``pshell`` environment. For more information, see :ref:`subrequest_chapter`. - .. automethod:: remember_userid - - .. automethod:: forget_userid - .. automethod:: has_permission .. automethod:: add_response_callback diff --git a/docs/quick_tutorial/authentication/tutorial/views.py b/docs/quick_tutorial/authentication/tutorial/views.py index 240a23d3e..ab46eb2dd 100644 --- a/docs/quick_tutorial/authentication/tutorial/views.py +++ b/docs/quick_tutorial/authentication/tutorial/views.py @@ -1,4 +1,9 @@ from pyramid.httpexceptions import HTTPFound +from pyramid.security import ( + remember, + forget, + ) + from pyramid.view import ( view_config, view_defaults @@ -36,8 +41,9 @@ class TutorialViews: login = request.params['login'] password = request.params['password'] if USERS.get(login) == password: - request.remember_userid(login) - return HTTPFound(location=came_from) + headers = remember(request, login) + return HTTPFound(location=came_from, + headers=headers) message = 'Failed login' return dict( @@ -52,6 +58,7 @@ class TutorialViews: @view_config(route_name='logout') def logout(self): request = self.request - request.forget_userid() + headers = forget(request) url = request.route_url('home') - return HTTPFound(location=url) + return HTTPFound(location=url, + headers=headers) diff --git a/docs/quick_tutorial/authorization/tutorial/views.py b/docs/quick_tutorial/authorization/tutorial/views.py index 2ce2c37b4..43d14455a 100644 --- a/docs/quick_tutorial/authorization/tutorial/views.py +++ b/docs/quick_tutorial/authorization/tutorial/views.py @@ -1,4 +1,9 @@ from pyramid.httpexceptions import HTTPFound +from pyramid.security import ( + remember, + forget, + ) + from pyramid.view import ( view_config, view_defaults, @@ -38,8 +43,9 @@ class TutorialViews: login = request.params['login'] password = request.params['password'] if USERS.get(login) == password: - request.remember_userid(login) - return HTTPFound(location=came_from) + headers = remember(request, login) + return HTTPFound(location=came_from, + headers=headers) message = 'Failed login' return dict( @@ -54,6 +60,7 @@ class TutorialViews: @view_config(route_name='logout') def logout(self): request = self.request - request.forget_userid() + headers = forget(request) url = request.route_url('home') - return HTTPFound(location=url) + return HTTPFound(location=url, + headers=headers) diff --git a/docs/tutorials/wiki/authorization.rst b/docs/tutorials/wiki/authorization.rst index bba303d7f..62b1164e3 100644 --- a/docs/tutorials/wiki/authorization.rst +++ b/docs/tutorials/wiki/authorization.rst @@ -197,24 +197,24 @@ Add the following import statements to the head of ``tutorial/tutorial/views.py``: .. literalinclude:: src/authorization/tutorial/views.py - :lines: 6-11 + :lines: 6-13,15-17 :linenos: - :emphasize-lines: 3,6 + :emphasize-lines: 3,6-9,11 :language: python (Only the highlighted lines, with other necessary modifications, need to be added.) -:func:`~pyramid.view.forbidden_view_config` will be used +:meth:`~pyramid.view.forbidden_view_config` will be used to customize the default 403 Forbidden page. -:meth:`~pyramid.request.Request.remember_userid` and -:meth:`~pyramid.request.Request.forget_userid` help to create and +:meth:`~pyramid.security.remember` and +:meth:`~pyramid.security.forget` help to create and expire an auth ticket cookie. Now add the ``login`` and ``logout`` views: .. literalinclude:: src/authorization/tutorial/views.py - :lines: 76-102 + :lines: 82-120 :linenos: :language: python @@ -267,9 +267,8 @@ like this: (Only the highlighted line and a trailing comma on the preceding line need to be added.) -:attr:`~pyramid.request.Request.authenticated_userid` will return ``None`` -if the user is not authenticated, or a user id if the user is -authenticated. +The :meth:`pyramid.request.Request.authenticated_userid` will be ``None`` if +the user is not authenticated, or a user id if the user is authenticated. Add a "Logout" link when logged in ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -317,7 +316,7 @@ when we're done: .. literalinclude:: src/authorization/tutorial/views.py :linenos: - :emphasize-lines: 8,11,18,23,42,46,62,66,74,80,76-107 + :emphasize-lines: 8,11-15,17,24,29,48,52,68,72,80,82-120 :language: python (Only the highlighted lines need to be added.) diff --git a/docs/tutorials/wiki/src/authorization/tutorial/views.py b/docs/tutorials/wiki/src/authorization/tutorial/views.py index 57529ac8d..62e96e0e7 100644 --- a/docs/tutorials/wiki/src/authorization/tutorial/views.py +++ b/docs/tutorials/wiki/src/authorization/tutorial/views.py @@ -8,6 +8,12 @@ from pyramid.view import ( forbidden_view_config, ) +from pyramid.security import ( + remember, + forget, + ) + + from .security import USERS from .models import Page @@ -89,8 +95,9 @@ def login(request): login = request.params['login'] password = request.params['password'] if USERS.get(login) == password: - request.remember_userid(login) - return HTTPFound(location=came_from) + headers = remember(request, login) + return HTTPFound(location = came_from, + headers = headers) message = 'Failed login' return dict( @@ -103,5 +110,6 @@ def login(request): @view_config(context='.models.Wiki', name='logout') def logout(request): - request.forget_userid() - return HTTPFound(location=request.resource_url(request.context)) + headers = forget(request) + return HTTPFound(location = request.resource_url(request.context), + headers = headers) diff --git a/docs/tutorials/wiki/src/tests/tutorial/views.py b/docs/tutorials/wiki/src/tests/tutorial/views.py index 57529ac8d..62e96e0e7 100644 --- a/docs/tutorials/wiki/src/tests/tutorial/views.py +++ b/docs/tutorials/wiki/src/tests/tutorial/views.py @@ -8,6 +8,12 @@ from pyramid.view import ( forbidden_view_config, ) +from pyramid.security import ( + remember, + forget, + ) + + from .security import USERS from .models import Page @@ -89,8 +95,9 @@ def login(request): login = request.params['login'] password = request.params['password'] if USERS.get(login) == password: - request.remember_userid(login) - return HTTPFound(location=came_from) + headers = remember(request, login) + return HTTPFound(location = came_from, + headers = headers) message = 'Failed login' return dict( @@ -103,5 +110,6 @@ def login(request): @view_config(context='.models.Wiki', name='logout') def logout(request): - request.forget_userid() - return HTTPFound(location=request.resource_url(request.context)) + headers = forget(request) + return HTTPFound(location = request.resource_url(request.context), + headers = headers) diff --git a/docs/tutorials/wiki2/authorization.rst b/docs/tutorials/wiki2/authorization.rst index 830cb0277..1e5d0dcbf 100644 --- a/docs/tutorials/wiki2/authorization.rst +++ b/docs/tutorials/wiki2/authorization.rst @@ -221,23 +221,23 @@ Add the following import statements to the head of ``tutorial/tutorial/views.py``: .. literalinclude:: src/authorization/tutorial/views.py - :lines: 9-12,19 + :lines: 9-19 :linenos: - :emphasize-lines: 3,5 + :emphasize-lines: 3,6-9,11 :language: python (Only the highlighted lines need to be added.) -:func:`~pyramid.view.forbidden_view_config` will be used +:meth:`~pyramid.view.forbidden_view_config` will be used to customize the default 403 Forbidden page. -:meth:`~pyramid.request.Request.remember_userid` and -:meth:`~pyramid.request.Request.forget_userid` help to create and +:meth:`~pyramid.security.remember` and +:meth:`~pyramid.security.forget` help to create and expire an auth ticket cookie. Now add the ``login`` and ``logout`` views: .. literalinclude:: src/authorization/tutorial/views.py - :lines: 85-115 + :lines: 91-123 :linenos: :language: python @@ -289,7 +289,7 @@ like this: (Only the highlighted line needs to be added.) -The :attr:`~pyramid.request.Request.authenticated_userid` property will return +The :meth:`~pyramid.request.Request.authenticated_userid` property will be ``None`` if the user is not authenticated. Add a "Logout" link when logged in @@ -338,7 +338,7 @@ when we're done: .. literalinclude:: src/authorization/tutorial/views.py :linenos: - :emphasize-lines: 11,19,25,31,52,55,67,70,82,85-115 + :emphasize-lines: 11,14-19,25,31,37,58,61,73,76,88,91-117,119-123 :language: python (Only the highlighted lines need to be added.) diff --git a/docs/tutorials/wiki2/src/authorization/tutorial/views.py b/docs/tutorials/wiki2/src/authorization/tutorial/views.py index 110d738c2..e954d5a31 100644 --- a/docs/tutorials/wiki2/src/authorization/tutorial/views.py +++ b/docs/tutorials/wiki2/src/authorization/tutorial/views.py @@ -11,12 +11,18 @@ from pyramid.view import ( forbidden_view_config, ) +from pyramid.security import ( + remember, + forget, + ) + +from .security import USERS + from .models import ( DBSession, Page, ) -from .security import USERS # regular expression used to find WikiWords wikiwords = re.compile(r"\b([A-Z]\w+[A-Z]+\w+)") @@ -78,8 +84,8 @@ def edit_page(request): pagename=pagename)) return dict( page=page, - save_url = request.route_url('edit_page', pagename=pagename), - logged_in=request.authenticated_userid, + save_url=request.route_url('edit_page', pagename=pagename), + logged_in=request.authenticated_userid ) @view_config(route_name='login', renderer='templates/login.pt') @@ -97,8 +103,9 @@ def login(request): login = request.params['login'] password = request.params['password'] if USERS.get(login) == password: - request.remember_userid(login) - return HTTPFound(location = came_from) + headers = remember(request, login) + return HTTPFound(location = came_from, + headers = headers) message = 'Failed login' return dict( @@ -111,6 +118,7 @@ def login(request): @view_config(route_name='logout') def logout(request): - request.forget_userid() - return HTTPFound(location = request.route_url('view_wiki')) + headers = forget(request) + return HTTPFound(location = request.route_url('view_wiki'), + headers = headers) diff --git a/docs/tutorials/wiki2/src/tests/tutorial/views.py b/docs/tutorials/wiki2/src/tests/tutorial/views.py index 110d738c2..41bea4785 100644 --- a/docs/tutorials/wiki2/src/tests/tutorial/views.py +++ b/docs/tutorials/wiki2/src/tests/tutorial/views.py @@ -11,12 +11,18 @@ from pyramid.view import ( forbidden_view_config, ) +from pyramid.security import ( + remember, + forget, + ) + +from .security import USERS + from .models import ( DBSession, Page, ) -from .security import USERS # regular expression used to find WikiWords wikiwords = re.compile(r"\b([A-Z]\w+[A-Z]+\w+)") @@ -78,8 +84,8 @@ def edit_page(request): pagename=pagename)) return dict( page=page, - save_url = request.route_url('edit_page', pagename=pagename), - logged_in=request.authenticated_userid, + save_url=request.route_url('edit_page', pagename=pagename), + logged_in=request.authenticated_userid ) @view_config(route_name='login', renderer='templates/login.pt') @@ -97,8 +103,9 @@ def login(request): login = request.params['login'] password = request.params['password'] if USERS.get(login) == password: - request.remember_userid(login) - return HTTPFound(location = came_from) + headers = remember(request, login) + return HTTPFound(location = came_from, + headers = headers) message = 'Failed login' return dict( @@ -111,6 +118,6 @@ def login(request): @view_config(route_name='logout') def logout(request): - request.forget_userid() - return HTTPFound(location = request.route_url('view_wiki')) - + headers = forget(request) + return HTTPFound(location = request.route_url('view_wiki'), + headers = headers) diff --git a/pyramid/security.py b/pyramid/security.py index 7a65d22ce..58fa9332a 100644 --- a/pyramid/security.py +++ b/pyramid/security.py @@ -38,6 +38,10 @@ def _get_registry(request): reg = get_current_registry() # b/c return reg +def _get_authentication_policy(request): + registry = _get_registry(request) + return registry.queryUtility(IAuthenticationPolicy) + def has_permission(permission, context, request): """ A function that calls @@ -113,8 +117,8 @@ deprecated( def remember(request, principal, **kw): """ - Returns a sequence of header tuples (e.g. ``[('Set-Cookie', - 'foo=abc')]``) on this request's response. + Returns a sequence of header tuples (e.g. ``[('Set-Cookie', 'foo=abc')]``) + on this request's response. These headers are suitable for 'remembering' a set of credentials implied by the data passed as ``principal`` and ``*kw`` using the current :term:`authentication policy`. Common usage might look @@ -126,6 +130,7 @@ def remember(request, principal, **kw): from pyramid.security import remember headers = remember(request, 'chrism', password='123', max_age='86400') + response = request.response response.headerlist.extend(headers) return response @@ -133,23 +138,11 @@ def remember(request, principal, **kw): always return an empty sequence. If used, the composition and meaning of ``**kw`` must be agreed upon by the calling code and the effective authentication policy. - - .. deprecated:: 1.5 - Use :meth:`pyramid.request.Request.remember_userid` instead. - but be sure to read its docs first; the remember_userid method is not an - exact analog of the remember function, because it sets headers instead - of returning them. """ - return request._remember_userid(principal, **kw) - -deprecated( - 'remember', - 'As of Pyramid 1.5 the "pyramid.security.remember" API is ' - 'now deprecated. It will be removed in Pyramd 1.8. Use the ' - '"remember_userid" method of the Pyramid request instead, but be sure to ' - 'read the docs first; the remember_userid method is not an exact analog of ' - 'the remember function, because it sets headers instead of returning them.' - ) + policy = _get_authentication_policy(request) + if policy is None: + return [] + return policy.remember(request, principal, **kw) def forget(request): """ @@ -169,21 +162,12 @@ def forget(request): always return an empty sequence. .. deprecated:: 1.5 - Use :meth:`pyramid.request.Request.forget_userid` instead. - but be sure to read its docs first; the forget_userid method is not an - exact analog of the forget function, because it sets headers instead - of returning them. + Use :meth:`pyramid.request.Request.get_logout_headers` instead. """ - return request._forget_userid() - -deprecated( - 'forget', - 'As of Pyramid 1.5 the "pyramid.security.forget" API is ' - 'now deprecated. It will be removed in Pyramd 1.8. Use the ' - '"forget_user" method of the Pyramid request instead, but be sure to ' - 'read the docs first; the forget_userid method is not an exact analog of ' - 'the forget function, because it sets headers instead of returning them.' - ) + policy = _get_authentication_policy(request) + if policy is None: + return [] + return policy.forget(request) def principals_allowed_by_permission(context, permission): """ Provided a ``context`` (a resource object), and a ``permission`` @@ -371,97 +355,6 @@ class AuthenticationAPIMixin(object): return [Everyone] return policy.effective_principals(self) - # b/c - def _remember_userid(self, principal, **kw): - policy = self._get_authentication_policy() - if policy is None: - return [] - return policy.remember(self, principal, **kw) - - def remember_userid(self, principal, on_exception=False, **kw): - """ Using a response callback, sets authentication headers on the - response eventually returned by the view executed by this request - suitable for loggin a user in. These headers are used for - 'remembering' a set of credentials implied by the data passed as - ``principal`` and ``*kw`` using the current :term:`authentication - policy`. Common usage might look like so within the body of a view - function: - - .. code-block:: python - - request.remember_userid('chrism', password='123', max_age='86400') - - This method always returns ``None``; it is called only for its side - effects. - - If no :term:`authentication policy` is in use, this function will - do nothing. If used, the composition and - meaning of ``**kw`` must be agreed upon by the calling code and - the effective authentication policy. - - One special keyword value is understood by this method: - ``on_exception``. Usually if an exception occurs within the same - request after this method is called, the headers provided by the - authentication policy will not be set on the response. If - ``on_exception`` is passed, and as ``True``, then the headers will be - set on the response even if an exception is later raised. By default - this value is ``False``. - - .. versionadded:: 1.5 - - """ - def callback(req, response): - # do not set the headers on an exception unless explicitly - # instructed - exc = getattr(req, 'exception', None) - if exc is None or on_exception: - # NB: this call to _remember_userid should be exactly here - # because some policies actually add another response callback - # when their remember method is called, and we dont want them - # to do that if there's an exception in the default case. - headers = req._remember_userid(principal, **kw) - response.headerlist.extend(headers) - self.add_response_callback(callback) - - # b/c - def _forget_userid(self): - policy = self._get_authentication_policy() - if policy is None: - return [] - return policy.forget(self) - - def forget_userid(self, on_exception=False): - """ Using a response callback, sets authentication headers suitable for - logging a user out on the response returned by the view executed during - this request based on the current :term:`authentication policy`. - - If no :term:`authentication policy` is in use, this function will - be a noop. - - This method always returns ``None``; it is called only for its side - effects. - - One special keyword value is understood by this method: - ``on_exception``. Usually if an exception occurs within the same - request after this method is called, the headers provided by the - authentication policy will not be set on the response. If - ``on_exception`` is passed, and as ``True``, then the headers will be - set on the response even if an exception is later raised. By default - this value is ``False``. - - .. versionadded:: 1.5 - """ - def callback(req, response): - exc = getattr(req, 'exception', None) - if exc is None or on_exception: - # NB: this call to _forget_userid should be exactly here - # because some policies actually add another response callback - # when their forget method is called, and we dont want them - # to do that if there's an exception in the default case. - headers = req._forget_userid() - response.headerlist.extend(headers) - self.add_response_callback(callback) - class AuthorizationAPIMixin(object): def has_permission(self, permission, context=None): diff --git a/pyramid/tests/test_config/test_testing.py b/pyramid/tests/test_config/test_testing.py index d13cb9285..05561bfe9 100644 --- a/pyramid/tests/test_config/test_testing.py +++ b/pyramid/tests/test_config/test_testing.py @@ -25,31 +25,28 @@ class TestingConfiguratorMixinTests(unittest.TestCase): self.assertEqual(ut.permissive, False) def test_testing_securitypolicy_remember_result(self): + from pyramid.security import remember config = self._makeOne(autocommit=True) pol = config.testing_securitypolicy( 'user', ('group1', 'group2'), - permissive=False, - remember_result=[('X-Pyramid-Test', True)]) + permissive=False, remember_result=True) request = DummyRequest() request.registry = config.registry - request.remember_userid('fred') + val = remember(request, 'fred') self.assertEqual(pol.remembered, 'fred') - val = dict(request.response.headerlist).get('X-Pyramid-Test') self.assertEqual(val, True) def test_testing_securitypolicy_forget_result(self): + from pyramid.security import forget config = self._makeOne(autocommit=True) pol = config.testing_securitypolicy( 'user', ('group1', 'group2'), - permissive=False, - forget_result=[('X-Pyramid-Test', True)]) + permissive=False, forget_result=True) request = DummyRequest() request.registry = config.registry - request.response = DummyResponse() - request.forget_userid() + val = forget(request) self.assertEqual(pol.forgotten, True) - val = dict(request.response.headerlist).get('X-Pyramid-Test') - self.assertTrue(val) + self.assertEqual(val, True) def test_testing_resources(self): from pyramid.traversal import find_resource @@ -200,24 +197,9 @@ from zope.interface import implementer class DummyEvent: pass -class DummyResponse(object): - def __init__(self): - self.headers = [] - - @property - def headerlist(self): - return self.headers - class DummyRequest(AuthenticationAPIMixin, AuthorizationAPIMixin): - subpath = () - matchdict = None def __init__(self, environ=None): if environ is None: environ = {} self.environ = environ - self.params = {} - self.cookies = {} - self.response = DummyResponse() - def add_response_callback(self, callback): - callback(self, self.response) diff --git a/pyramid/tests/test_security.py b/pyramid/tests/test_security.py index 96f171324..6f08a100c 100644 --- a/pyramid/tests/test_security.py +++ b/pyramid/tests/test_security.py @@ -127,6 +127,69 @@ class TestPrincipalsAllowedByPermission(unittest.TestCase): result = self._callFUT(context, 'view') self.assertEqual(result, 'yo') +class TestRemember(unittest.TestCase): + def setUp(self): + testing.setUp() + + def tearDown(self): + testing.tearDown() + + def _callFUT(self, *arg): + from pyramid.security import remember + return remember(*arg) + + def test_no_authentication_policy(self): + request = _makeRequest() + result = self._callFUT(request, 'me') + self.assertEqual(result, []) + + def test_with_authentication_policy(self): + request = _makeRequest() + registry = request.registry + _registerAuthenticationPolicy(registry, 'yo') + result = self._callFUT(request, 'me') + self.assertEqual(result, [('X-Pyramid-Test', 'me')]) + + def test_with_authentication_policy_no_reg_on_request(self): + from pyramid.threadlocal import get_current_registry + registry = get_current_registry() + request = _makeRequest() + del request.registry + _registerAuthenticationPolicy(registry, 'yo') + result = self._callFUT(request, 'me') + self.assertEqual(result, [('X-Pyramid-Test', 'me')]) + +class TestForget(unittest.TestCase): + def setUp(self): + testing.setUp() + + def tearDown(self): + testing.tearDown() + + def _callFUT(self, *arg): + from pyramid.security import forget + return forget(*arg) + + def test_no_authentication_policy(self): + request = _makeRequest() + result = self._callFUT(request) + self.assertEqual(result, []) + + def test_with_authentication_policy(self): + request = _makeRequest() + _registerAuthenticationPolicy(request.registry, 'yo') + result = self._callFUT(request) + self.assertEqual(result, [('X-Pyramid-Test', 'logout')]) + + def test_with_authentication_policy_no_reg_on_request(self): + from pyramid.threadlocal import get_current_registry + registry = get_current_registry() + request = _makeRequest() + del request.registry + _registerAuthenticationPolicy(registry, 'yo') + result = self._callFUT(request) + self.assertEqual(result, [('X-Pyramid-Test', 'logout')]) + class TestViewExecutionPermitted(unittest.TestCase): def setUp(self): testing.setUp() @@ -312,149 +375,6 @@ class TestEffectivePrincipals(unittest.TestCase): _registerAuthenticationPolicy(registry, 'yo') self.assertEqual(request.effective_principals, 'yo') -class TestRememberUserId(unittest.TestCase): - principal = 'the4th' - - def setUp(self): - testing.setUp() - - def tearDown(self): - testing.tearDown() - - def assert_response_headers(self, request, expected_headers): - request._process_response_callbacks(request.response) - headers = request.response.headerlist - self.assertEqual(list(expected_headers), list(headers)) - - def test_backward_compat_delegates_to_mixin(self): - from zope.deprecation import __show__ - try: - __show__.off() - request = _makeFakeRequest() - from pyramid.security import remember - self.assertEqual( - remember(request, 'matt'), - [('X-Pyramid-Test', 'remember_userid')] - ) - finally: - __show__.on() - - def test_with_no_authentication_policy(self): - request = _makeRequest() - headers_before = request.response.headerlist - request.remember_userid(self.principal) - self.assert_response_headers(request, headers_before) - - def test_with_authentication_policy(self): - request = _makeRequest() - headers_before = request.response.headerlist - expected_headers = headers_before[:] + [(_TEST_HEADER, self.principal)] - _registerAuthenticationPolicy(request.registry, self.principal) - request.remember_userid(self.principal) - self.assert_response_headers(request, expected_headers) - - def test_with_authentication_policy_no_reg_on_request(self): - from pyramid.threadlocal import get_current_registry - registry = get_current_registry() - request = _makeRequest() - del request.registry - _registerAuthenticationPolicy(registry, self.principal) - headers_before = request.response.headerlist - request.remember_userid(self.principal) - expected_headers = headers_before[:] + [(_TEST_HEADER, self.principal)] - self.assert_response_headers(request, expected_headers) - - def test_request_has_exception_attr_no_on_exception_flag(self): - request = _makeRequest() - headers_before = request.response.headerlist - _registerAuthenticationPolicy(request.registry, self.principal) - request.exception = True - request.remember_userid(self.principal) - self.assert_response_headers(request, headers_before) - - def test_request_has_exception_attr_with_on_exception_flag(self): - request = _makeRequest() - headers_before = request.response.headerlist - _registerAuthenticationPolicy(request.registry, self.principal) - request.exception = True - request.remember_userid(self.principal, on_exception=True) - expected_headers = headers_before[:] + [(_TEST_HEADER, self.principal)] - self.assert_response_headers(request, expected_headers) - -class TestForgetUserId(unittest.TestCase): - principal = 'me-not' - - def setUp(self): - testing.setUp() - - def tearDown(self): - testing.tearDown() - - def assert_response_headers(self, request, expected_headers): - request._process_response_callbacks(request.response) - headers = request.response.headerlist - self.assertEqual(list(expected_headers), list(headers)) - - def _makeOne(self): - request = _makeRequest() - request.response.headers.add(_TEST_HEADER, self.principal) - return request - - def test_backward_compat_delegates_to_mixin(self): - from zope.deprecation import __show__ - try: - __show__.off() - request = _makeFakeRequest() - from pyramid.security import forget - self.assertEqual( - forget(request), - [('X-Pyramid-Test', 'forget_userid')], - ) - finally: - __show__.on() - - def test_with_no_authentication_policy(self): - request = self._makeOne() - headers_before = request.response.headerlist - request.forget_userid() - self.assert_response_headers(request, headers_before) - - def test_with_authentication_policy(self): - request = self._makeOne() - headers_before = request.response.headerlist - expected_headers = headers_before[:] + [(_TEST_HEADER, 'forget_userid')] - _registerAuthenticationPolicy(request.registry, self.principal) - request.forget_userid() - self.assert_response_headers(request, expected_headers) - - def test_with_authentication_policy_no_reg_on_request(self): - from pyramid.threadlocal import get_current_registry - registry = get_current_registry() - request = self._makeOne() - del request.registry - _registerAuthenticationPolicy(registry, self.principal) - headers_before = request.response.headerlist - request.forget_userid() - expected_headers = headers_before[:] + [(_TEST_HEADER, 'forget_userid')] - self.assert_response_headers(request, expected_headers) - - def test_request_has_exception_attr_no_on_exception_flag(self): - request = self._makeOne() - headers_before = request.response.headerlist - _registerAuthenticationPolicy(request.registry, self.principal) - request.exception = True - request.forget_userid() - self.assert_response_headers(request, headers_before) - - def test_request_has_exception_attr_with_on_exception_flag(self): - request = self._makeOne() - headers_before = request.response.headerlist - _registerAuthenticationPolicy(request.registry, self.principal) - request.exception = True - request.forget_userid(on_exception=True) - expected_headers = headers_before[:] + [(_TEST_HEADER, 'forget_userid')] - self.assert_response_headers(request, expected_headers) - class TestHasPermission(unittest.TestCase): def setUp(self): testing.setUp() @@ -548,7 +468,7 @@ class DummyAuthenticationPolicy: return headers def forget(self, request): - headers = [(_TEST_HEADER, 'forget_userid')] + headers = [(_TEST_HEADER, 'logout')] self._header_forgotten = headers[0] return headers @@ -595,11 +515,5 @@ def _makeFakeRequest(): def effective_principals(req): return 'effective_principals' - def _forget_userid(req): - return [('X-Pyramid-Test', 'forget_userid')] - - def _remember_userid(req, principal, **kw): - return [('X-Pyramid-Test', 'remember_userid')] - return FakeRequest({}) |