10 files changed, 95 insertions, 63 deletions
diff --git a/docs/tutorials/bfgwiki/src/authorization/setup.py b/docs/tutorials/bfgwiki/src/authorization/setup.py
index 6d300b473..b289ca8b0 100644
--- a/docs/tutorials/bfgwiki/src/authorization/setup.py
+++ b/docs/tutorials/bfgwiki/src/authorization/setup.py
@@ -15,7 +15,6 @@ requires = [
     'ZODB3',
     'repoze.zodbconn',
     'repoze.tm',
-    'repoze.who',
     ]
 
 setup(name='tutorial',
diff --git a/docs/tutorials/bfgwiki/src/authorization/tutorial.ini b/docs/tutorials/bfgwiki/src/authorization/tutorial.ini
index d30aa2672..181682585 100644
--- a/docs/tutorials/bfgwiki/src/authorization/tutorial.ini
+++ b/docs/tutorials/bfgwiki/src/authorization/tutorial.ini
@@ -8,16 +8,11 @@ debug_authorization = false
 debug_notfound = false
 zodb_uri = file://%(here)s/Data.fs?connection_cache_size=20000
 
-[filter:who]
-use = egg:repoze.who#config
-config_file = %(here)s/who.ini
-
 [pipeline:main]
 pipeline =
     egg:repoze.zodbconn#closer
     egg:Paste#evalerror
     egg:repoze.tm#tm
-    who
     zodb
 
 [server:main]
diff --git a/docs/tutorials/bfgwiki/src/authorization/tutorial/configure.zcml b/docs/tutorials/bfgwiki/src/authorization/tutorial/configure.zcml
index b1501597d..df11c18b1 100644
--- a/docs/tutorials/bfgwiki/src/authorization/tutorial/configure.zcml
+++ b/docs/tutorials/bfgwiki/src/authorization/tutorial/configure.zcml
@@ -5,4 +5,7 @@
 
   <scan package="."/>
 
+   <utility provides="repoze.bfg.interfaces.IForbiddenResponseFactory"
+            component=".login.login"/>
+
 </configure>
diff --git a/docs/tutorials/bfgwiki/src/authorization/tutorial/login.py b/docs/tutorials/bfgwiki/src/authorization/tutorial/login.py
new file mode 100644
index 000000000..c4c595e81
--- /dev/null
+++ b/docs/tutorials/bfgwiki/src/authorization/tutorial/login.py
@@ -0,0 +1,43 @@
+from webob.exc import HTTPFound
+
+from repoze.bfg.chameleon_zpt import render_template_to_response
+from repoze.bfg.security import remember
+from repoze.bfg.security import forget
+from repoze.bfg.view import bfg_view
+from repoze.bfg.url import model_url
+
+from tutorial.models import Wiki
+from tutorial.run import USERS
+
+@bfg_view(for_=Wiki, name='login')
+def login(context, request):
+    referrer = request.environ.get('HTTP_REFERER', '/')
+    came_from = request.params.get('came_from', referrer)
+    message = ''
+    login = ''
+    password = ''
+    if 'form.submitted' in request.params:
+        login = request.params['login']
+        password = request.params['password']
+        if USERS.get(login) == password:
+            headers = remember(context, request, login)
+            return HTTPFound(location = came_from,
+                             headers = headers)
+        message = 'Failed login'
+
+    return render_template_to_response(
+        'templates/login.pt',
+        message = message,
+        url = request.application_url + '/login',
+        came_from = came_from,
+        login = login,
+        password = password,
+        request  =request,
+        )
+    
+@bfg_view(for_=Wiki, name='logout')
+def logout(context, request):
+    headers = forget(context, request)
+    return HTTPFound(location = model_url(context, request),
+                     headers = headers)
+    
diff --git a/docs/tutorials/bfgwiki/src/authorization/tutorial/run.py b/docs/tutorials/bfgwiki/src/authorization/tutorial/run.py
index 45920615f..a5d0cf39c 100644
--- a/docs/tutorials/bfgwiki/src/authorization/tutorial/run.py
+++ b/docs/tutorials/bfgwiki/src/authorization/tutorial/run.py
@@ -1,5 +1,5 @@
 from repoze.bfg.router import make_app
-from repoze.bfg.authentication import RepozeWho1AuthenticationPolicy
+from repoze.bfg.authentication import AuthTktAuthenticationPolicy
 from repoze.zodbconn.finder import PersistentApplicationFinder
 
 
@@ -15,8 +15,17 @@ def app(global_config, **kw):
     if zodb_uri is None:
         raise ValueError("No 'zodb_uri' in application configuration.")
 
-    authpolicy = RepozeWho1AuthenticationPolicy()
+    authpolicy = AuthTktAuthenticationPolicy('seekr!t', callback=groupfinder)
 
     get_root = PersistentApplicationFinder(zodb_uri, appmaker)
     return make_app(get_root, tutorial, authentication_policy=authpolicy,
                     options=kw)
+
+USERS = {'editor':'editor',
+          'viewer':'viewer'}
+GROUPS = {'editor':['group.editors']}
+
+def groupfinder(userid):
+    if userid in USERS:
+        return GROUPS.get(userid, [])
+
diff --git a/docs/tutorials/bfgwiki/src/authorization/tutorial/templates/login.pt b/docs/tutorials/bfgwiki/src/authorization/tutorial/templates/login.pt
new file mode 100644
index 000000000..a9e086461
--- /dev/null
+++ b/docs/tutorials/bfgwiki/src/authorization/tutorial/templates/login.pt
@@ -0,0 +1,32 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html
+    xmlns="http://www.w3.org/1999/xhtml"
+    xmlns:tal="http://xml.zope.org/namespaces/tal">
+
+<head>
+  <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
+  <title>bfg tutorial wiki (based on TurboGears 20-Minute Wiki)</title>
+  <link rel="stylesheet" type="text/css"
+        href="${request.application_url}/static/style.css" />
+</head>
+
+<body>
+
+<h1>Log In</h1>
+
+<div tal:replace="message"/>
+
+<div class="main_content">
+  <form action="${url}" method="post">
+    <input type="hidden" name="came_from" value="${came_from}"/>
+    <input type="text" name="login" value="${login}"/>
+    <br/>
+    <input type="password" name="password" value="${password}"/>
+    <br/>
+    <input type="submit" name="form.submitted" value="Log In"/>
+  </form>
+</div>  
+
+</body>
+</html>
diff --git a/docs/tutorials/bfgwiki/src/authorization/tutorial/templates/view.pt b/docs/tutorials/bfgwiki/src/authorization/tutorial/templates/view.pt
index cae6940c2..3c5cc2a33 100644
--- a/docs/tutorials/bfgwiki/src/authorization/tutorial/templates/view.pt
+++ b/docs/tutorials/bfgwiki/src/authorization/tutorial/templates/view.pt
@@ -17,7 +17,7 @@
 <div style="float:right; width: 10em;"> Viewing
 <span tal:replace="page.__name__">Page Name Goes Here</span> <br/>
 You can return to the <a href="${request.application_url}">FrontPage</a>.
-   <span tal:condition="logged_in"><a href="${request.application_url}/logout">Logout</a></span>
+<span tal:condition="logged_in"><a href="${request.application_url}/logout">Logout</a></span>
 </div>
 
 <div tal:replace="structure content">Page text goes here.</div>
diff --git a/docs/tutorials/bfgwiki/src/authorization/tutorial/views.py b/docs/tutorials/bfgwiki/src/authorization/tutorial/views.py
index 7beab58b0..1d3e57de3 100644
--- a/docs/tutorials/bfgwiki/src/authorization/tutorial/views.py
+++ b/docs/tutorials/bfgwiki/src/authorization/tutorial/views.py
@@ -4,6 +4,9 @@ import re
 from webob.exc import HTTPFound
 from repoze.bfg.url import model_url
 from repoze.bfg.chameleon_zpt import render_template_to_response
+
+from repoze.bfg.security import authenticated_userid
+
 from repoze.bfg.view import static
 from repoze.bfg.view import bfg_view
 
@@ -41,7 +44,7 @@ def view_page(context, request):
     content = wikiwords.sub(check, content)
     edit_url = model_url(context, request, 'edit_page')
 
-    logged_in = 'repoze.who.identity' in request.environ
+    logged_in = authenticated_userid(context, request)
 
     return render_template_to_response('templates/view.pt',
                                        request = request,
@@ -88,15 +91,4 @@ def edit_page(context, request):
                                        save_url = model_url(context, request,
                                                             'edit_page')
                                        )
-    
-    
-@bfg_view(for_=Wiki, name='logout')
-def logout(context, request):
-    identity = request.environ.get('repoze.who.identity')
-    headers = []
-    if identity is not None:
-        auth_tkt = request.environ['repoze.who.plugins']['auth_tkt']
-        headers = auth_tkt.forget(request.environ, identity)
-    return HTTPFound(location = model_url(context, request),
-                     headers = headers)
-    
+
diff --git a/docs/tutorials/bfgwiki/src/authorization/who.ini b/docs/tutorials/bfgwiki/src/authorization/who.ini
deleted file mode 100644
index 73d820b3d..000000000
--- a/docs/tutorials/bfgwiki/src/authorization/who.ini
+++ /dev/null
@@ -1,40 +0,0 @@
-[plugin:form]
-# identification and challenge
-use = repoze.who.plugins.form:make_plugin
-login_form_qs = __do_login
-rememberer_name = auth_tkt
-
-[plugin:auth_tkt]
-# identification
-use = repoze.who.plugins.auth_tkt:make_plugin
-secret = s33kr1t
-cookie_name = oatmeal
-secure = False
-include_ip = False
-
-[plugin:htpasswd]
-# authentication
-use = repoze.who.plugins.htpasswd:make_plugin
-filename = %(here)s/wiki.passwd
-check_fn = repoze.who.plugins.htpasswd:plain_check
-
-[general]
-request_classifier = repoze.who.classifiers:default_request_classifier
-challenge_decider = repoze.who.classifiers:default_challenge_decider
-
-[identifiers]
-# plugin_name;classifier_name:.. or just plugin_name (good for any)
-plugins =
-      form;browser
-      auth_tkt
-
-[authenticators]
-# plugin_name;classifier_name.. or just plugin_name (good for any)
-plugins =
-      htpasswd
-
-[challengers]
-# plugin_name;classifier_name:.. or just plugin_name (good for any)
-plugins =
-      form
-
diff --git a/docs/tutorials/bfgwiki/src/authorization/wiki.passwd b/docs/tutorials/bfgwiki/src/authorization/wiki.passwd
deleted file mode 100644
index c9cd6fe83..000000000
--- a/docs/tutorials/bfgwiki/src/authorization/wiki.passwd
+++ /dev/null
@@ -1 +0,0 @@
-editor:editor