4 files changed, 66 insertions, 35 deletions

diff --git a/tests/test_config/test_init.py b/tests/test_config/test_init.py
index 6c33abe23..5ca33178a 100644
--- a/tests/test_config/test_init.py
+++ b/tests/test_config/test_init.py
@@ -205,6 +205,15 @@ class ConfiguratorTests(unittest.TestCase):
         result = config.registry.getUtility(IDebugLogger)
         self.assertEqual(logger, result)
 
+    def test_ctor_security_policy(self):
+        from pyramid.interfaces import ISecurityPolicy
+
+        policy = object()
+        config = self._makeOne(security_policy=policy)
+        config.commit()
+        result = config.registry.getUtility(ISecurityPolicy)
+        self.assertEqual(policy, result)
+
     def test_ctor_authentication_policy(self):
         from pyramid.interfaces import IAuthenticationPolicy
 
diff --git a/tests/test_config/test_security.py b/tests/test_config/test_security.py
index 5ebd78f8d..0ae199239 100644
--- a/tests/test_config/test_security.py
+++ b/tests/test_config/test_security.py
@@ -11,6 +11,28 @@ class ConfiguratorSecurityMethodsTests(unittest.TestCase):
         config = Configurator(*arg, **kw)
         return config
 
+    def test_set_security_policy(self):
+        from pyramid.interfaces import ISecurityPolicy
+
+        config = self._makeOne()
+        policy = object()
+        config.set_security_policy(policy)
+        config.commit()
+        self.assertEqual(config.registry.getUtility(ISecurityPolicy), policy)
+
+    def test_set_authentication_policy_with_security_policy(self):
+        from pyramid.interfaces import IAuthorizationPolicy
+        from pyramid.interfaces import ISecurityPolicy
+
+        config = self._makeOne()
+        security_policy = object()
+        authn_policy = object()
+        authz_policy = object()
+        config.registry.registerUtility(security_policy, ISecurityPolicy)
+        config.registry.registerUtility(authz_policy, IAuthorizationPolicy)
+        config.set_authentication_policy(authn_policy)
+        self.assertRaises(ConfigurationError, config.commit)
+
     def test_set_authentication_policy_no_authz_policy(self):
         config = self._makeOne()
         policy = object()
@@ -27,6 +49,8 @@ class ConfiguratorSecurityMethodsTests(unittest.TestCase):
     def test_set_authentication_policy_with_authz_policy(self):
         from pyramid.interfaces import IAuthenticationPolicy
         from pyramid.interfaces import IAuthorizationPolicy
+        from pyramid.interfaces import ISecurityPolicy
+        from pyramid.security import LegacySecurityPolicy
 
         config = self._makeOne()
         authn_policy = object()
@@ -37,10 +61,15 @@ class ConfiguratorSecurityMethodsTests(unittest.TestCase):
         self.assertEqual(
             config.registry.getUtility(IAuthenticationPolicy), authn_policy
         )
+        self.assertIsInstance(
+            config.registry.getUtility(ISecurityPolicy), LegacySecurityPolicy
+        )
 
     def test_set_authentication_policy_with_authz_policy_autocommit(self):
         from pyramid.interfaces import IAuthenticationPolicy
         from pyramid.interfaces import IAuthorizationPolicy
+        from pyramid.interfaces import ISecurityPolicy
+        from pyramid.security import LegacySecurityPolicy
 
         config = self._makeOne(autocommit=True)
         authn_policy = object()
@@ -51,6 +80,9 @@ class ConfiguratorSecurityMethodsTests(unittest.TestCase):
         self.assertEqual(
             config.registry.getUtility(IAuthenticationPolicy), authn_policy
         )
+        self.assertIsInstance(
+            config.registry.getUtility(ISecurityPolicy), LegacySecurityPolicy
+        )
 
     def test_set_authorization_policy_no_authn_policy(self):
         config = self._makeOne()
@@ -126,6 +158,7 @@ class ConfiguratorSecurityMethodsTests(unittest.TestCase):
             list(sorted(result.safe_methods)),
             ['GET', 'HEAD', 'OPTIONS', 'TRACE'],
         )
+        self.assertFalse(result.allow_no_origin)
         self.assertTrue(result.callback is None)
 
     def test_changing_set_default_csrf_options(self):
@@ -141,6 +174,7 @@ class ConfiguratorSecurityMethodsTests(unittest.TestCase):
             token='DUMMY',
             header=None,
             safe_methods=('PUT',),
+            allow_no_origin=True,
             callback=callback,
         )
         result = config.registry.getUtility(IDefaultCSRFOptions)
@@ -148,4 +182,5 @@ class ConfiguratorSecurityMethodsTests(unittest.TestCase):
         self.assertEqual(result.token, 'DUMMY')
         self.assertEqual(result.header, None)
         self.assertEqual(list(sorted(result.safe_methods)), ['PUT'])
+        self.assertTrue(result.allow_no_origin)
         self.assertTrue(result.callback is callback)
diff --git a/tests/test_config/test_testing.py b/tests/test_config/test_testing.py
index 0fb73d268..500aedeae 100644
--- a/tests/test_config/test_testing.py
+++ b/tests/test_config/test_testing.py
@@ -1,7 +1,7 @@
 import unittest
 from zope.interface import implementer
 
-from pyramid.security import AuthenticationAPIMixin, AuthorizationAPIMixin
+from pyramid.security import SecurityAPIMixin, AuthenticationAPIMixin
 from pyramid.util import text_
 from . import IDummy
 
@@ -17,28 +17,20 @@ class TestingConfiguratorMixinTests(unittest.TestCase):
         from pyramid.testing import DummySecurityPolicy
 
         config = self._makeOne(autocommit=True)
-        config.testing_securitypolicy(
-            'user', ('group1', 'group2'), permissive=False
-        )
-        from pyramid.interfaces import IAuthenticationPolicy
-        from pyramid.interfaces import IAuthorizationPolicy
+        config.testing_securitypolicy('user', permissive=False)
+        from pyramid.interfaces import ISecurityPolicy
 
-        ut = config.registry.getUtility(IAuthenticationPolicy)
-        self.assertTrue(isinstance(ut, DummySecurityPolicy))
-        ut = config.registry.getUtility(IAuthorizationPolicy)
-        self.assertEqual(ut.userid, 'user')
-        self.assertEqual(ut.groupids, ('group1', 'group2'))
-        self.assertEqual(ut.permissive, False)
+        policy = config.registry.getUtility(ISecurityPolicy)
+        self.assertTrue(isinstance(policy, DummySecurityPolicy))
+        self.assertEqual(policy.identity, 'user')
+        self.assertEqual(policy.permissive, False)
 
     def test_testing_securitypolicy_remember_result(self):
         from pyramid.security import remember
 
         config = self._makeOne(autocommit=True)
         pol = config.testing_securitypolicy(
-            'user',
-            ('group1', 'group2'),
-            permissive=False,
-            remember_result=True,
+            'user', permissive=False, remember_result=True
         )
         request = DummyRequest()
         request.registry = config.registry
@@ -51,7 +43,7 @@ class TestingConfiguratorMixinTests(unittest.TestCase):
 
         config = self._makeOne(autocommit=True)
         pol = config.testing_securitypolicy(
-            'user', ('group1', 'group2'), permissive=False, forget_result=True
+            'user', permissive=False, forget_result=True
         )
         request = DummyRequest()
         request.registry = config.registry
@@ -232,7 +224,7 @@ class DummyEvent:
     pass
 
 
-class DummyRequest(AuthenticationAPIMixin, AuthorizationAPIMixin):
+class DummyRequest(SecurityAPIMixin, AuthenticationAPIMixin):
     def __init__(self, environ=None):
         if environ is None:
             environ = {}
diff --git a/tests/test_config/test_views.py b/tests/test_config/test_views.py
index 685b81a0f..28b7a9fb1 100644
--- a/tests/test_config/test_views.py
+++ b/tests/test_config/test_views.py
@@ -2059,22 +2059,19 @@ class TestViewsConfigurationMixin(unittest.TestCase):
         outerself = self
 
         class DummyPolicy(object):
-            def effective_principals(self, r):
+            def identify(self, r):
                 outerself.assertEqual(r, request)
-                return ['abc']
+                return 123
 
-            def permits(self, context, principals, permission):
+            def permits(self, r, context, identity, permission):
+                outerself.assertEqual(r, request)
                 outerself.assertEqual(context, None)
-                outerself.assertEqual(principals, ['abc'])
+                outerself.assertEqual(identity, 123)
                 outerself.assertEqual(permission, 'view')
                 return True
 
         policy = DummyPolicy()
-        config = self._makeOne(
-            authorization_policy=policy,
-            authentication_policy=policy,
-            autocommit=True,
-        )
+        config = self._makeOne(security_policy=policy, autocommit=True)
         config.add_view(view=view1, permission='view', renderer=null_renderer)
         view = self._getViewCallable(config)
         request = self._makeRequest(config)
@@ -2087,22 +2084,20 @@ class TestViewsConfigurationMixin(unittest.TestCase):
         outerself = self
 
         class DummyPolicy(object):
-            def effective_principals(self, r):
+            def identify(self, r):
                 outerself.assertEqual(r, request)
-                return ['abc']
+                return 123
 
-            def permits(self, context, principals, permission):
+            def permits(self, r, context, identity, permission):
+                outerself.assertEqual(r, request)
                 outerself.assertEqual(context, None)
-                outerself.assertEqual(principals, ['abc'])
+                outerself.assertEqual(identity, 123)
                 outerself.assertEqual(permission, 'view')
                 return True
 
         policy = DummyPolicy()
         config = self._makeOne(
-            authorization_policy=policy,
-            authentication_policy=policy,
-            default_permission='view',
-            autocommit=True,
+            security_policy=policy, default_permission='view', autocommit=True
         )
         config.add_view(view=view1, renderer=null_renderer)
         view = self._getViewCallable(config)