diff options
Diffstat (limited to 'docs/tutorials/wiki2/src/authentication')
5 files changed, 31 insertions, 26 deletions
diff --git a/docs/tutorials/wiki2/src/authentication/tests/conftest.py b/docs/tutorials/wiki2/src/authentication/tests/conftest.py index 2db65f887..4ac4c60a8 100644 --- a/docs/tutorials/wiki2/src/authentication/tests/conftest.py +++ b/docs/tutorials/wiki2/src/authentication/tests/conftest.py @@ -4,10 +4,9 @@ import alembic.command import os from pyramid.paster import get_appsettings from pyramid.scripting import prepare -from pyramid.testing import DummyRequest +from pyramid.testing import DummyRequest, testConfig import pytest import transaction -from webob.cookies import Cookie import webtest from tutorial import main @@ -89,37 +88,45 @@ def app_request(app, tm, dbsession): drawbacks in tests as it's harder to mock data and is heavier. """ - env = prepare(registry=app.registry) - request = env['request'] - request.host = 'example.com' + with prepare(registry=app.registry) as env: + request = env['request'] + request.host = 'example.com' - # without this, request.dbsession will be joined to the same transaction - # manager but it will be using a different sqlalchemy.orm.Session using - # a separate database transaction - request.dbsession = dbsession - request.tm = tm + # without this, request.dbsession will be joined to the same transaction + # manager but it will be using a different sqlalchemy.orm.Session using + # a separate database transaction + request.dbsession = dbsession + request.tm = tm - yield request - env['closer']() + yield request @pytest.fixture -def dummy_request(app, tm, dbsession): +def dummy_request(tm, dbsession): """ A lightweight dummy request. - This request is ultra-lightweight and should be used only when the - request itself is not a large focus in the call-stack. - - It is way easier to mock and control side-effects using this object. + This request is ultra-lightweight and should be used only when the request + itself is not a large focus in the call-stack. It is much easier to mock + and control side-effects using this object, however: - It does not have request extensions applied. - Threadlocals are not properly pushed. """ request = DummyRequest() - request.registry = app.registry request.host = 'example.com' request.dbsession = dbsession request.tm = tm return request + +@pytest.fixture +def dummy_config(dummy_request): + """ + A dummy :class:`pyramid.config.Configurator` object. This allows for + mock configuration, including configuration for ``dummy_request``, as well + as pushing the appropriate threadlocals. + + """ + with testConfig(request=dummy_request) as config: + yield config diff --git a/docs/tutorials/wiki2/src/authentication/tutorial/security.py b/docs/tutorials/wiki2/src/authentication/tutorial/security.py index a4843f286..e0d8ed965 100644 --- a/docs/tutorials/wiki2/src/authentication/tutorial/security.py +++ b/docs/tutorials/wiki2/src/authentication/tutorial/security.py @@ -40,5 +40,3 @@ def includeme(config): config.set_default_csrf_options(require_csrf=True) config.set_security_policy(MySecurityPolicy(settings['auth.secret'])) - config.add_request_method( - lambda request: request.identity, 'user', property=True) diff --git a/docs/tutorials/wiki2/src/authentication/tutorial/templates/layout.jinja2 b/docs/tutorials/wiki2/src/authentication/tutorial/templates/layout.jinja2 index 64a1db0c5..55f4a85dc 100644 --- a/docs/tutorials/wiki2/src/authentication/tutorial/templates/layout.jinja2 +++ b/docs/tutorials/wiki2/src/authentication/tutorial/templates/layout.jinja2 @@ -33,13 +33,13 @@ </div> <div class="col-md-10"> <div class="content"> - {% if request.user is none %} + {% if not request.is_authenticated %} <p class="pull-right"> <a href="{{ request.route_url('login') }}">Login</a> </p> {% else %} <form class="pull-right" action="{{ request.route_url('logout') }}" method="post"> - {{request.user.name}} + {{request.identity.name}} <input type="hidden" name="csrf_token" value="{{ get_csrf_token() }}"> <button class="btn btn-link" type="submit">Logout</button> </form> diff --git a/docs/tutorials/wiki2/src/authentication/tutorial/views/auth.py b/docs/tutorials/wiki2/src/authentication/tutorial/views/auth.py index e1a564415..807ff3464 100644 --- a/docs/tutorials/wiki2/src/authentication/tutorial/views/auth.py +++ b/docs/tutorials/wiki2/src/authentication/tutorial/views/auth.py @@ -53,7 +53,7 @@ def logout(request): @forbidden_view_config(renderer='tutorial:templates/403.jinja2') def forbidden_view(exc, request): - if request.user is None: + if not request.is_authenticated: next_url = request.route_url('login', _query={'next': request.url}) return HTTPSeeOther(location=next_url) diff --git a/docs/tutorials/wiki2/src/authentication/tutorial/views/default.py b/docs/tutorials/wiki2/src/authentication/tutorial/views/default.py index 378ce0ae9..4fb715737 100644 --- a/docs/tutorials/wiki2/src/authentication/tutorial/views/default.py +++ b/docs/tutorials/wiki2/src/authentication/tutorial/views/default.py @@ -45,7 +45,7 @@ def view_page(request): def edit_page(request): pagename = request.matchdict['pagename'] page = request.dbsession.query(models.Page).filter_by(name=pagename).one() - user = request.user + user = request.identity if user is None or (user.role != 'editor' and page.creator != user): raise HTTPForbidden if request.method == 'POST': @@ -60,7 +60,7 @@ def edit_page(request): @view_config(route_name='add_page', renderer='tutorial:templates/edit.jinja2') def add_page(request): - user = request.user + user = request.identity if user is None or user.role not in ('editor', 'basic'): raise HTTPForbidden pagename = request.matchdict['pagename'] @@ -70,7 +70,7 @@ def add_page(request): if request.method == 'POST': body = request.params['body'] page = models.Page(name=pagename, data=body) - page.creator = request.user + page.creator = request.identity request.dbsession.add(page) next_url = request.route_url('view_page', pagename=pagename) return HTTPSeeOther(location=next_url) |