2 files changed, 80 insertions, 0 deletions

diff --git a/src/pyramid/security.py b/src/pyramid/security.py
index bfd505a98..671cd3569 100644
--- a/src/pyramid/security.py
+++ b/src/pyramid/security.py
@@ -540,3 +540,34 @@ class ACLHelper:
             allowed.update(allowed_here)
 
         return allowed
+
+
+class SessionAuthenticationHelper:
+    """ A helper for use with a :term:`security policy` which stores user data
+    in the configured :term:`session`.
+
+    Constructor Arguments
+
+    ``prefix``
+
+       A prefix used when storing the authentication parameters in the
+       session. Defaults to 'auth.'. Optional.
+
+    """
+
+    def __init__(self, prefix='auth.'):
+        self.userid_key = prefix + 'userid'
+
+    def remember(self, request, userid, **kw):
+        """ Store a userid in the session."""
+        request.session[self.userid_key] = userid
+        return []
+
+    def forget(self, request):
+        """ Remove the stored userid from the session."""
+        if self.userid_key in request.session:
+            del request.session[self.userid_key]
+        return []
+
+    def identify(self, request):
+        return request.session.get(self.userid_key)
diff --git a/tests/test_security.py b/tests/test_security.py
index b91aa7682..73d8ba6fc 100644
--- a/tests/test_security.py
+++ b/tests/test_security.py
@@ -886,3 +886,52 @@ GUEST_PERMS = (VIEW, COMMENT)
 MEMBER_PERMS = GUEST_PERMS + (EDIT, CREATE, DELETE)
 MODERATOR_PERMS = MEMBER_PERMS + (MODERATE,)
 ADMINISTRATOR_PERMS = MODERATOR_PERMS + (ADMINISTER,)
+
+
+class TestSessionAuthenticationHelper(unittest.TestCase):
+    def _makeRequest(self, session=None):
+        from types import SimpleNamespace
+        if session is None:
+            session = dict()
+        return SimpleNamespace(session=session)
+
+    def _makeOne(self, prefix=''):
+        from pyramid.security import SessionAuthenticationHelper
+
+        return SessionAuthenticationHelper(prefix=prefix)
+
+    def test_identify(self):
+        request = self._makeRequest({'userid': 'fred'})
+        helper = self._makeOne()
+        self.assertEqual(helper.identify(request), 'fred')
+
+    def test_identify_with_prefix(self):
+        request = self._makeRequest({'foo.userid': 'fred'})
+        helper = self._makeOne(prefix='foo.')
+        self.assertEqual(helper.identify(request), 'fred')
+
+    def test_identify_none(self):
+        request = self._makeRequest()
+        helper = self._makeOne()
+        self.assertEqual(helper.identify(request), None)
+
+    def test_remember(self):
+        request = self._makeRequest()
+        helper = self._makeOne()
+        result = helper.remember(request, 'fred')
+        self.assertEqual(request.session.get('userid'), 'fred')
+        self.assertEqual(result, [])
+
+    def test_forget(self):
+        request = self._makeRequest({'userid': 'fred'})
+        helper = self._makeOne()
+        result = helper.forget(request)
+        self.assertEqual(request.session.get('userid'), None)
+        self.assertEqual(result, [])
+
+    def test_forget_no_identity(self):
+        request = self._makeRequest()
+        helper = self._makeOne()
+        result = helper.forget(request)
+        self.assertEqual(request.session.get('userid'), None)
+        self.assertEqual(result, [])