6 files changed, 52 insertions, 50 deletions
diff --git a/docs/quick_tutorial/authentication/development.ini b/docs/quick_tutorial/authentication/development.ini
index 5d4580ff5..cae509542 100644
--- a/docs/quick_tutorial/authentication/development.ini
+++ b/docs/quick_tutorial/authentication/development.ini
@@ -6,37 +6,5 @@ pyramid.includes =
 tutorial.secret = 98zd
 
 [server:main]
-use = egg:pyramid#wsgiref
-host = 0.0.0.0
-port = 6543
-
-# Begin logging configuration
-
-[loggers]
-keys = root, tutorial
-
-[logger_tutorial]
-level = DEBUG
-handlers =
-qualname = tutorial
-
-[handlers]
-keys = console
-
-[formatters]
-keys = generic
-
-[logger_root]
-level = INFO
-handlers = console
-
-[handler_console]
-class = StreamHandler
-args = (sys.stderr,)
-level = NOTSET
-formatter = generic
-
-[formatter_generic]
-format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s
-
-# End logging configuration
+use = egg:waitress#main
+listen = localhost:6543
diff --git a/docs/quick_tutorial/authentication/setup.py b/docs/quick_tutorial/authentication/setup.py
index 2221b72e9..64366a2df 100644
--- a/docs/quick_tutorial/authentication/setup.py
+++ b/docs/quick_tutorial/authentication/setup.py
@@ -1,14 +1,32 @@
 from setuptools import setup
 
+# List of dependencies installed via `pip install -e .`
+# by virtue of the Setuptools `install_requires` value below.
 requires = [
+    'bcrypt',
     'pyramid',
-    'pyramid_chameleon'
+    'pyramid_chameleon',
+    'waitress',
 ]
 
-setup(name='tutorial',
-      install_requires=requires,
-      entry_points="""\
-      [paste.app_factory]
-      main = tutorial:main
-      """,
-)
-\ No newline at end of file
+# List of dependencies installed via `pip install -e ".[dev]"`
+# by virtue of the Setuptools `extras_require` value in the Python
+# dictionary below.
+dev_requires = [
+    'pyramid_debugtoolbar',
+    'pytest',
+    'webtest',
+]
+
+setup(
+    name='tutorial',
+    install_requires=requires,
+    extras_require={
+        'dev': dev_requires,
+    },
+    entry_points={
+        'paste.app_factory': [
+            'main = tutorial:main'
+        ],
+    },
+)
diff --git a/docs/quick_tutorial/authentication/tutorial/home.pt b/docs/quick_tutorial/authentication/tutorial/home.pt
index 6ecd0081b..ed911b673 100644
--- a/docs/quick_tutorial/authentication/tutorial/home.pt
+++ b/docs/quick_tutorial/authentication/tutorial/home.pt
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
-    <title>Quick Tour: ${name}</title>
+    <title>Quick Tutorial: ${name}</title>
 </head>
 <body>
 
@@ -15,4 +15,4 @@
 <h1>Hi ${name}</h1>
 <p>Visit <a href="${request.route_url('hello')}">hello</a></p>
 </body>
-</html>
-\ No newline at end of file
+</html>
diff --git a/docs/quick_tutorial/authentication/tutorial/login.pt b/docs/quick_tutorial/authentication/tutorial/login.pt
index 4451fc4f8..9e5bfe2ad 100644
--- a/docs/quick_tutorial/authentication/tutorial/login.pt
+++ b/docs/quick_tutorial/authentication/tutorial/login.pt
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
-    <title>Quick Tour: ${name}</title>
+    <title>Quick Tutorial: ${name}</title>
 </head>
 <body>
 <h1>Login</h1>
@@ -22,4 +22,4 @@
            value="Log In"/>
 </form>
 </body>
-</html>
-\ No newline at end of file
+</html>
diff --git a/docs/quick_tutorial/authentication/tutorial/security.py b/docs/quick_tutorial/authentication/tutorial/security.py
index ab90bab2c..e585e2642 100644
--- a/docs/quick_tutorial/authentication/tutorial/security.py
+++ b/docs/quick_tutorial/authentication/tutorial/security.py
@@ -1,5 +1,17 @@
-USERS = {'editor': 'editor',
-         'viewer': 'viewer'}
+import bcrypt
+
+
+def hash_password(pw):
+    pwhash = bcrypt.hashpw(pw.encode('utf8'), bcrypt.gensalt())
+    return pwhash.decode('utf8')
+
+def check_password(pw, hashed_pw):
+    expected_hash = hashed_pw.encode('utf8')
+    return bcrypt.checkpw(pw.encode('utf8'), expected_hash)
+
+
+USERS = {'editor': hash_password('editor'),
+         'viewer': hash_password('viewer')}
 GROUPS = {'editor': ['group:editors']}
 
 
diff --git a/docs/quick_tutorial/authentication/tutorial/views.py b/docs/quick_tutorial/authentication/tutorial/views.py
index ab46eb2dd..b2d9354ec 100644
--- a/docs/quick_tutorial/authentication/tutorial/views.py
+++ b/docs/quick_tutorial/authentication/tutorial/views.py
@@ -9,7 +9,10 @@ from pyramid.view import (
     view_defaults
     )
 
-from .security import USERS
+from .security import (
+    USERS,
+    check_password
+)
 
 
 @view_defaults(renderer='home.pt')
@@ -40,7 +43,8 @@ class TutorialViews:
         if 'form.submitted' in request.params:
             login = request.params['login']
             password = request.params['password']
-            if USERS.get(login) == password:
+            hashed_pw = USERS.get(login)
+            if hashed_pw and check_password(password, hashed_pw):
                 headers = remember(request, login)
                 return HTTPFound(location=came_from,
                                  headers=headers)